ref: 7fd590e2a81b9545678fecd1448e1cabee6351e6
parent: fe7df6281cbd2142871607dd163bc4b7537bafb7
author: Gregory Maxwell <greg@xiph.org>
date: Thu Nov 17 08:31:19 EST 2011
Fix oggdec stack corruption with large frames. Thanks to Justin Ruggles <justin.ruggles@gmail.com> for the report.
--- a/src/Makefile
+++ b/src/Makefile
@@ -1,5 +1,5 @@
CC=gcc
-CFLAGS=-DHAVE_SYS_SOUNDCARD_H -O2 -g -c -Wall -DHAVE_GETOPT_H -DEXPORT= -DRANDOM_PREFIX=opustools -DOUTSIDE_SPEEX -DFLOATING_POINT
+CFLAGS=-DHAVE_SYS_SOUNDCARD_H -O2 -g -fstack-protector-all -c -Wall -DHAVE_GETOPT_H -DEXPORT= -DRANDOM_PREFIX=opustools -DOUTSIDE_SPEEX -DFLOATING_POINT
INCLUDES=-I../../opus/include
all: opusenc opusdec
--- a/src/opusdec.c
+++ b/src/opusdec.c
@@ -88,7 +88,8 @@
#define MAXI(_a,_b) ((_a)>(_b)?(_a):(_b))
#define CLAMPI(_a,_b,_c) (MAXI(_a,MINI(_b,_c)))
-#define MAX_FRAME_SIZE (2*960*3)
+/* 120ms at 48000 */
+#define MAX_FRAME_SIZE (960*6)
#define readint(buf, base) (((buf[base+3]<<24)&0xff000000)| \
((buf[base+2]<<16)&0xff0000)| \
@@ -444,8 +445,8 @@
{int i,tmp_skip;
unsigned out_len;
- short out[2048];
- float buf[2048];
+ short out[MAX_FRAME_SIZE*2];
+ float buf[MAX_FRAME_SIZE*2];
float *output;
do {@@ -492,7 +493,7 @@
int option_index = 0;
char *inFile, *outFile;
FILE *fin, *fout=NULL;
- float output[MAX_FRAME_SIZE];
+ float output[MAX_FRAME_SIZE*2];
int frame_size=0;
OpusMSDecoder *st=NULL;
int packet_count=0;