Merge branch 'security-aosp-qt-release' into int/10/fp2
* security-aosp-qt-release:
handle cases where order isn't a multiple of dimension
Change-Id: I510d8c9de2128978877335ab4999166b3f23e698
diff --git a/Tremolo/codebook.c b/Tremolo/codebook.c
index 8948cf3..d62aefa 100644
--- a/Tremolo/codebook.c
+++ b/Tremolo/codebook.c
@@ -847,6 +847,7 @@
#endif
/* returns 0 on OK or -1 on eof *************************************/
+/* decode vector / dim granularity gaurding is done in the upper layer */
long vorbis_book_decodevs_add(codebook *book,ogg_int32_t *a,
oggpack_buffer *b,int n,int point){
if(book->used_entries>0){
@@ -864,6 +865,7 @@
return 0;
}
+/* decode vector / dim granularity gaurding is done in the upper layer */
long vorbis_book_decodev_add(codebook *book,ogg_int32_t *a,
oggpack_buffer *b,int n,int point){
if(book->used_entries>0){
@@ -880,6 +882,9 @@
return 0;
}
+/* unlike the others, we guard against n not being an integer number
+ of <dim> internally rather than in the upper layer (called only by
+ floor0) */
long vorbis_book_decodev_set(codebook *book,ogg_int32_t *a,
oggpack_buffer *b,int n,int point){
if(book->used_entries>0){
diff --git a/Tremolo/floor0.c b/Tremolo/floor0.c
index b6ece29..812c720 100644
--- a/Tremolo/floor0.c
+++ b/Tremolo/floor0.c
@@ -419,10 +419,9 @@
}
ogg_int32_t last=0;
- for(j=0;j<info->order;j+=b->dim)
- if(vorbis_book_decodev_set(b,lsp+j,&vd->opb,b->dim,-24)==-1)goto eop;
+ if(vorbis_book_decodev_set(b,lsp,&vd->opb,info->order,-24)==-1)goto eop;
for(j=0;j<info->order;){
- for(k=0;k<b->dim;k++,j++)lsp[j]+=last;
+ for(k=0;k<b->dim && j<info->order;k++,j++)lsp[j]+=last;
last=lsp[j-1];
}