Fix for bug #1456-- the 'bulletproofing' from CVE-2008-1420 inadvertantly

rejects a harmless/legal (if suboptimal) codebook arrangement that was apparently used in 1.0b1. svn path=/trunk/vorbis/; revision=15532

Fix for bug #1456-- the 'bulletproofing' from CVE-2008-1420 inadvertantly
rejects a harmless/legal (if suboptimal) codebook arrangement that was apparently used in 1.0b1. svn path=/trunk/vorbis/; revision=15532
9635ef1a · Monty · d3cd0c4a · 9635ef1a · 9635ef1a
Commit 9635ef1a authored Nov 25, 2008 by Monty
--- a/doc/xml/08-residue.xml
+++ b/doc/xml/08-residue.xml
@@ -220,7 +220,7 @@ codeword.  Note that the number of entries and dimensions in book
 <varname>[residue_classifications]</varname>, overdetermines to
 possible number of classification codewords.  If
 <varname>[residue_classifications]</varname>^<varname>[residue_classbook]</varname>.dimensions
-does not equal <varname>[residue_classbook]</varname>.entries, the
+exceeds <varname>[residue_classbook]</varname>.entries, the
 bitstream should be regarded to be undecodable. </para>

 <para>

--- a/lib/res0.c
+++ b/lib/res0.c
@@ -234,7 +234,6 @@ vorbis_info_residue *res0_unpack(vorbis_info *vi,oggpack_buffer *opb){
      if(partvals > entries) goto errout;
      dim--;
    }
-    if(partvals != entries) goto errout;
  }

  return(info);