From 0bd8b61bfe37369792a5d33885640146cab2c1e1 Mon Sep 17 00:00:00 2001
From: xiphmont <xiphmont@0101bb08-14d6-0310-b084-bc0e0c8e3800>
Date: Thu, 25 Jun 2009 03:39:41 +0000
Subject: [PATCH 1/2] First half of fix for Mozilla BZ #500254

Residue code was not checking that its partition books were books with
specified/populated value mappings.  Fuzzer twiddled the book table suck that a valid codebook was being swapped out for a codebook with no value mapping.



git-svn-id: http://svn.xiph.org/trunk/vorbis@16181 0101bb08-14d6-0310-b084-bc0e0c8e3800
---
 lib/res0.c |    4 +++-
 1 files changed, 3 insertions(+), 1 deletions(-)

diff --git a/lib/res0.c b/lib/res0.c
index b4a7469..48caa27 100644
--- a/lib/res0.c
+++ b/lib/res0.c
@@ -220,8 +220,10 @@ vorbis_info_residue *res0_unpack(vorbis_info *vi,oggpack_buffer *opb){
     info->booklist[j]=oggpack_read(opb,8);
 
   if(info->groupbook>=ci->books)goto errout;
-  for(j=0;j<acc;j++)
+  for(j=0;j<acc;j++){
     if(info->booklist[j]>=ci->books)goto errout;
+    if(ci->book_param[info->booklist[j]]->maptype==0)goto errout;
+  }
 
   /* verify the phrasebook is not specifying an impossible or
      inconsistent partitioning scheme. */
-- 
1.6.3.3