[libvorbis] 01/01: Add sampling rate sanity check to avoid invalid memory access.

Martin Steghöfer martin.steghoefer-guest at moszumanska.debian.org
Mon Oct 27 21:21:54 UTC 2014 

This is an automated email from the git hooks/post-receive script.

martin.steghoefer-guest pushed a commit to branch master
in repository libvorbis.

commit 4e240ce1406657b53420fe0d96f9b75652c7e0ec
Author: Martin Steghöfer <martin at steghoefer.eu>
Date:   Mon Oct 27 22:16:28 2014 +0100

    Add sampling rate sanity check to avoid invalid memory access.
    
    Closes: #716613
---
 ...g-rate-sanity-check-to-avoid-invalid-memo.patch | 38 ++++++++++++++++++++++
 debian/patches/series                              |  1 +
 2 files changed, 39 insertions(+)

diff --git a/debian/patches/0004-Add-sampling-rate-sanity-check-to-avoid-invalid-memo.patch b/debian/patches/0004-Add-sampling-rate-sanity-check-to-avoid-invalid-memo.patch
new file mode 100644
index 0000000..8c1598a
--- /dev/null
+++ b/debian/patches/0004-Add-sampling-rate-sanity-check-to-avoid-invalid-memo.patch
@@ -0,0 +1,38 @@
+From: =?utf-8?q?Martin_Stegh=C3=B6fer?= <martin at steghoefer.eu>
+Date: Mon, 27 Oct 2014 22:06:15 +0100
+Subject: Add sampling rate sanity check to avoid invalid memory access.
+
+Bug-Debian: https://bugs.debian.org/716613
+
+Input files with sampling rate 0 are useless and can make
+libvorbis access invalid memory because the logic in
+_vp_psy_init (and probably other functions) isn't prepared for
+it. A sanity check lets the library refuse those inputs
+gracefully in the initialization functions before they can
+do harm.
+---
+ lib/vorbisenc.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/lib/vorbisenc.c b/lib/vorbisenc.c
+index f0f7c08..afd1bff 100644
+--- a/lib/vorbisenc.c
++++ b/lib/vorbisenc.c
+@@ -903,6 +903,8 @@ int vorbis_encode_setup_vbr(vorbis_info *vi,
+                             long  channels,
+                             long  rate,
+                             float quality){
++  if(rate <= 0) return OV_EINVAL;
++
+   codec_setup_info *ci=vi->codec_setup;
+   highlevel_encode_setup *hi=&ci->hi;
+ 
+@@ -948,6 +950,8 @@ int vorbis_encode_setup_managed(vorbis_info *vi,
+                                 long nominal_bitrate,
+                                 long min_bitrate){
+ 
++  if(rate <= 0) return OV_EINVAL;
++
+   codec_setup_info *ci=vi->codec_setup;
+   highlevel_encode_setup *hi=&ci->hi;
+   double tnominal=nominal_bitrate;
diff --git a/debian/patches/series b/debian/patches/series
index c3937eb..48be911 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,3 +1,4 @@
 0001-Fix-build-failure-with-DSO-link-changes.patch
 0002-Avoid-SIGFPE-when-bytespersample-is-zero.patch
 0003-Fix-hang-when-loading-Ogg-Theora-files-in-audacity.patch
+0004-Add-sampling-rate-sanity-check-to-avoid-invalid-memo.patch

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-xiph/libvorbis.git

More information about the pkg-xiph-commits mailing list