ref: a1bb9c707faf6b70a5b42959909772228bbfd901
parent: eaeb0b7788c801baacdaa976a77abc715d00780d
author: Jean-Marc Valin <[email protected]>
date: Mon Apr 28 13:30:26 EDT 2008
Error detection in uint decoding (can no longer return an int that's out of range.
--- a/libcelt/entdec.c
+++ b/libcelt/entdec.c
@@ -4,9 +4,9 @@
#include <stddef.h>
#include "entdec.h"
+#include "os_support.h"
-
void ec_byte_readinit(ec_byte_buffer *_b,unsigned char *_buf,long _bytes){_b->buf=_b->ptr=_buf;
_b->storage=_bytes;
@@ -124,7 +124,13 @@
s=ec_decode(_this,ft);
ec_dec_update(_this,s,s+1,ft);
t=t<<EC_UNIT_BITS|s;
- return t<<ftb|ec_dec_bits(_this,ftb);
+ t = t<<ftb|ec_dec_bits(_this,ftb);
+ if (t>_ft)
+ {+ celt_notify("uint decode error");+ t = _ft;
+ }
+ return t;
} else {_ft++;
s=ec_decode(_this,(unsigned)_ft);
@@ -148,7 +154,13 @@
s=ec_decode(_this,ft);
ec_dec_update(_this,s,s+1,ft);
t=t<<EC_UNIT_BITS|s;
- return t<<ftb|ec_dec_bits64(_this,ftb);
+ t = t<<ftb|ec_dec_bits64(_this,ftb);
+ if (t>_ft)
+ {+ celt_notify("uint decode error");+ t = _ft;
+ }
+ return t;
} else {_ft++;
s=ec_decode(_this,(unsigned)_ft);