Commit 4b2abd18 authored by Monty's avatar Monty
Browse files

Handle the case of single-entry codebooks; this had been broken accidentally...

Handle the case of single-entry codebooks; this had been broken accidentally in earlier security fixes.  Resolves GNOME 582942, thanks for the additional file to add to regression testing.


svn path=/trunk/vorbis/; revision=16073
parent e85fb58c
......@@ -266,7 +266,10 @@ eliminated, it's clear that the tree is unfinished:
Similarly, in the original codebook, it's clear that the tree is fully
populated and a ninth codeword is impossible. Both underspecified and
overspecified trees are an error condition rendering the stream
undecodable.
undecodable. Take special care that a codebook with a single used
entry is handled properly; it consists of a single codework of zero
bits and 'reading' a value out of such a codebook always returns the
single used value and sinks zero bits.
Codebook entries marked 'unused' are simply skipped in the assigning
process. They have no codeword and do not appear in the decision
......
/* start css.sty */
.cmex-10{font-size:90%;}
.cmsy-10{font-size:90%;}
.cmr-10x-x-109{}
.cmssbx-10x-x-109{ font-family: sans-serif; font-weight: bold;}
.cmssbx-10x-x-109{ font-family: sans-serif; font-weight: bold;}
.cmssbx-10x-x-207{font-size:188%; font-family: sans-serif; font-weight: bold;}
.cmssbx-10x-x-207{ font-family: sans-serif; font-weight: bold;}
.cmr-12x-x-120{font-size:130%;}
.cmtt-10x-x-109{font-family: monospace;}
.cmtt-10x-x-109{font-family: monospace;}
.cmtt-10x-x-109{font-family: monospace;}
.cmtt-10x-x-109{font-family: monospace;}
.cmbx-10x-x-109{ font-weight: bold;}
.cmti-10x-x-109{ font-style: italic;}
.cmr-8{font-size:72%;}
.cmr-6{font-size:54%;}
.cmmi-10x-x-109{font-style: italic;}
.cmmi-8{font-size:72%;font-style: italic;}
.cmsy-10x-x-109{}
.cmsy-6{font-size:54%;}
.cmtt-10{font-size:90%;font-family: monospace;}
.cmtt-10{font-family: monospace;}
.cmtt-10{font-family: monospace;}
.cmtt-10{font-family: monospace;}
.cmtt-8{font-size:72%;font-family: monospace;}
.cmex-10{font-size:83%;}
.cmssbx-10x-x-120{ font-family: sans-serif; font-weight: bold;}
.cmssbx-10x-x-120{ font-family: sans-serif; font-weight: bold;}
.cmssbx-10x-x-248{font-size:206%; font-family: sans-serif; font-weight: bold;}
.cmssbx-10x-x-248{ font-family: sans-serif; font-weight: bold;}
.cmr-17{font-size:141%;}
.cmmi-12{font-style: italic;}
.cmtt-12{font-family: monospace;}
.cmtt-12{font-family: monospace;}
.cmtt-12{font-family: monospace;}
.cmbx-12{ font-weight: bold;}
.cmti-12{ font-style: italic;}
.cmr-8{font-size:66%;}
.cmr-6{font-size:50%;}
.cmmi-8{font-size:66%;font-style: italic;}
.cmsy-8{font-size:66%;}
.cmsy-6{font-size:50%;}
.cmtt-8{font-size:66%;font-family: monospace;}
.cmtt-8{font-family: monospace;}
.cmtt-8{font-family: monospace;}
.cmtt-8{font-family: monospace;}
.cmtt-8x-x-75{font-size:54%;font-family: monospace;}
.cmtt-8x-x-75{font-family: monospace;}
.cmtt-8x-x-75{font-size:50%;font-family: monospace;}
.cmtt-8x-x-75{font-family: monospace;}
.cmtt-8x-x-75{font-family: monospace;}
p.noindent { text-indent: 0em }
......@@ -135,7 +126,6 @@ div.author{white-space: nowrap;}
div.abstract {width:100%;}
span.footnote-mark sup.textsuperscript, span.footnote-mark a sup.textsuperscript{ font-size:80%; }
.figure img.graphics {margin-left:10%;}
div.verbatiminput {font-family: monospace; white-space: nowrap; }
P.fancyvrb {white-space: nowrap; margin:0em;}
/* end css.sty */
This diff is collapsed.
This diff is collapsed.
......@@ -125,12 +125,18 @@ ogg_uint32_t *_make_words(long *l,long n,long sparsecount){
if(sparsecount==0)count++;
}
/* sanity check the huffman tree; an underpopulated tree must be rejected. */
for(i=1;i<33;i++)
if(marker[i] & (0xffffffffUL>>(32-i))){
_ogg_free(r);
return(NULL);
}
/* sanity check the huffman tree; an underpopulated tree must be
rejected. The only exception is the one-node pseudo-nil tree,
which appears to be underpopulated because the tree doesn't
really exist; there's only one possible 'codeword' or zero bits,
but the above tree-gen code doesn't mark that. */
if(sparsecount != 1){
for(i=1;i<33;i++)
if(marker[i] & (0xffffffffUL>>(32-i))){
_ogg_free(r);
return(NULL);
}
}
/* bitreverse the words because our bitwise packer/unpacker is LSb
endian */
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment