$NetBSD: patch-CVE-2012-0444,v 1.1.2.2 2012/02/18 23:17:50 tron Exp $

changeset #18151

--- lib/floor1.c.orig	2010-10-23 04:31:21.000000000 +0000
+++ lib/floor1.c
@@ -167,6 +167,7 @@ static vorbis_info_floor *floor1_unpack 
 
   for(j=0,k=0;j<info->partitions;j++){
     count+=info->class_dim[info->partitionclass[j]];
+    if(count>VIF_POSIT) goto err_out;
     for(;k<count;k++){
       int t=info->postlist[k+2]=oggpack_read(opb,rangebits);
       if(t<0 || t>=(1<<rangebits))
