Merge branch 'security-aosp-qt-release' into int/10/fp2 * security-aosp-qt-release: handle cases where order isn't a multiple of dimension Change-Id: I510d8c9de2128978877335ab4999166b3f23e698

commit: 90e8508fc427ac2a3034c2a057dc4ae4065a1a83 [log] [tgz]
author: Maarten Derks <maarten@fairphone.com> Mon Dec 13 15:30:44 2021 +0100
committer: Maarten Derks <maarten@fairphone.com> Mon Dec 13 15:30:44 2021 +0100
tree: f66afccebdfd5a84e70c7672476febf01247453e
parent: eb0f31caf925c33d34e61d8566dcb515de3affa7 [diff]
parent: 1b4986351d77a74442f25ae7a19768d13a31a913 [diff]
diff --git a/Tremolo/treminfo.c b/Tremolo/treminfo.c
index 4f72728..09cb874 100644
--- a/Tremolo/treminfo.c
+++ b/Tremolo/treminfo.c

@@ -233,6 +233,7 @@
   for(i=0;i<vc->comments;i++){
     int len=oggpack_read(opb,32);
     if(len<0)goto err_out;
+    if(len>1000000)goto err_out; /* disallow fields larger than 10 MB */
 	vc->comment_lengths[i]=len;
     vc->user_comments[i]=(char *)_ogg_calloc(len+1,1);
     if(!vc->user_comments[i])goto err_out;
commit	90e8508fc427ac2a3034c2a057dc4ae4065a1a83	[log] [tgz]
author	Maarten Derks <maarten@fairphone.com>	Mon Dec 13 15:30:44 2021 +0100
committer	Maarten Derks <maarten@fairphone.com>	Mon Dec 13 15:30:44 2021 +0100
tree	f66afccebdfd5a84e70c7672476febf01247453e
parent	eb0f31caf925c33d34e61d8566dcb515de3affa7 [diff]
parent	1b4986351d77a74442f25ae7a19768d13a31a913 [diff]