[libvorbis] 01/01: Fix crash on corrupt input file (invalid mode index).

Martin Steghöfer martin.steghoefer-guest at moszumanska.debian.org
Sun Jan 4 22:21:32 UTC 2015 

This is an automated email from the git hooks/post-receive script.

martin.steghoefer-guest pushed a commit to branch master
in repository libvorbis.

commit 4e82bc545ffbbe3a198b5b92457dd42fef24dabd
Author: Martin Steghöfer <martin at steghoefer.eu>
Date:   Sun Jan 4 17:44:26 2015 +0100

    Fix crash on corrupt input file (invalid mode index).
    
    Closes: #774516
---
 ...-on-corrupt-input-file-invalid-mode-index.patch | 28 ++++++++++++++++++++++
 debian/patches/series                              |  1 +
 2 files changed, 29 insertions(+)

diff --git a/debian/patches/0005-Fix-crash-on-corrupt-input-file-invalid-mode-index.patch b/debian/patches/0005-Fix-crash-on-corrupt-input-file-invalid-mode-index.patch
new file mode 100644
index 0000000..341122d
--- /dev/null
+++ b/debian/patches/0005-Fix-crash-on-corrupt-input-file-invalid-mode-index.patch
@@ -0,0 +1,28 @@
+From: =?utf-8?q?Martin_Stegh=C3=B6fer?= <martin at steghoefer.eu>
+Date: Sun, 4 Jan 2015 17:44:09 +0100
+Subject: Fix crash on corrupt input file (invalid mode index)
+
+Bug-Debian: https://bugs.debian.org/774516
+Forwarded: https://trac.xiph.org/ticket/2140#comment:1
+
+The library crashes with a NULL pointer dereference, if the "mode"
+value read from the ogg file is invalid (referring to a mode whose
+parameters haven't been set). Check this immediately after reading
+the value and before accessing the mode parameters.
+---
+ lib/synthesis.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lib/synthesis.c b/lib/synthesis.c
+index 1af211d..1177818 100644
+--- a/lib/synthesis.c
++++ b/lib/synthesis.c
+@@ -164,7 +164,7 @@ long vorbis_packet_blocksize(vorbis_info *vi,ogg_packet *op){
+     /* read our mode and pre/post windowsize */
+     mode=oggpack_read(&opb,modebits);
+   }
+-  if(mode==-1)return(OV_EBADPACKET);
++  if(mode==-1 || !ci->mode_param[mode])return(OV_EBADPACKET);
+   return(ci->blocksizes[ci->mode_param[mode]->blockflag]);
+ }
+ 
diff --git a/debian/patches/series b/debian/patches/series
index 48be911..05d7c0e 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -2,3 +2,4 @@
 0002-Avoid-SIGFPE-when-bytespersample-is-zero.patch
 0003-Fix-hang-when-loading-Ogg-Theora-files-in-audacity.patch
 0004-Add-sampling-rate-sanity-check-to-avoid-invalid-memo.patch
+0005-Fix-crash-on-corrupt-input-file-invalid-mode-index.patch

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-xiph/libvorbis.git

More information about the pkg-xiph-commits mailing list