From f286e93fef4a74c5efbb024d7634d4fa6a9eb127 Mon Sep 17 00:00:00 2001 From: stmSi Date: Fri, 13 Jan 2023 13:39:03 +0630 Subject: Fix OGG page_data out of bound crash --- modules/ogg/ogg_packet_sequence.cpp | 2 ++ 1 file changed, 2 insertions(+) diff --git a/modules/ogg/ogg_packet_sequence.cpp b/modules/ogg/ogg_packet_sequence.cpp index 0acaaf5fc9..d473f3b4a0 100644 --- a/modules/ogg/ogg_packet_sequence.cpp +++ b/modules/ogg/ogg_packet_sequence.cpp @@ -136,6 +136,8 @@ bool OggPacketSequencePlayback::next_ogg_packet(ogg_packet **p_packet) const { ERR_FAIL_COND_V(data_version != ogg_packet_sequence->data_version, false); ERR_FAIL_COND_V(ogg_packet_sequence->page_data.is_empty(), false); ERR_FAIL_COND_V(ogg_packet_sequence->page_granule_positions.is_empty(), false); + ERR_FAIL_COND_V(page_cursor >= ogg_packet_sequence->page_data.size(), false); + // Move on to the next page if need be. This happens first to help simplify seek logic. while (packet_cursor >= ogg_packet_sequence->page_data[page_cursor].size()) { packet_cursor = 0; -- cgit v1.2.3