Update of /cvsroot/ffmpeg/ffmpeg/libavcodec
In directory mail:/var2/tmp/cvs-serv5017

Modified Files:
	vorbis.c 
Log Message:
Vorbis specs requires blocksize_1 >= blocksize_0, error if it's false.
Predict buffer size from blocksize_1 and number of channels and make 
sure this does not exceed AVCODEC_MAX_AUDIO_FRAME_SIZE

Patch by Uoti Urpala >>> uoti |.| urpala |@| pp1 |.| inet |.| fi <<<


Index: vorbis.c
===================================================================
RCS file: /cvsroot/ffmpeg/ffmpeg/libavcodec/vorbis.c,v
retrieving revision 1.19
retrieving revision 1.20
diff -u -d -r1.19 -r1.20
--- vorbis.c	25 Feb 2006 22:41:06 -0000	1.19
+++ vorbis.c	23 Apr 2006 21:11:31 -0000	1.20
@@ -872,10 +872,17 @@
     bl1=get_bits(gb, 4);
     vc->blocksize_0=(1<<bl0);
     vc->blocksize_1=(1<<bl1);
-    if (bl0>13 || bl0<6 || bl1>13 || bl1<6) {
+    if (bl0>13 || bl0<6 || bl1>13 || bl1<6 || bl1<bl0) {
         av_log(vc->avccontext, AV_LOG_ERROR, " Vorbis id header packet corrupt (illegal blocksize). \n");
         return 3;
     }
+    // output format int16
+    if (vc->blocksize_1/2 * vc->audio_channels * 2 >
+                                             AVCODEC_MAX_AUDIO_FRAME_SIZE) {
+        av_log(vc->avccontext, AV_LOG_ERROR, "Vorbis channel count makes "
+               "output packets too large.\n");
+        return 4;
+    }
     vc->swin=vwin[bl0-6];
     vc->lwin=vwin[bl1-6];