[vorbis-tools] 01/01: Fix oggdec crash/hang: Don't ignore stream errors
Martin Steghöfer
martin.steghoefer-guest at moszumanska.debian.org
Sun Jan 25 20:36:50 UTC 2015
This is an automated email from the git hooks/post-receive script.
martin.steghoefer-guest pushed a commit to branch master
in repository vorbis-tools.
commit 5d3a99670c85458c12fc87d29db4bc8ff01b65bc
Author: Martin Steghöfer <martin at steghoefer.eu>
Date: Fri Dec 12 18:25:44 2014 +0100
Fix oggdec crash/hang: Don't ignore stream errors
Closes: #772978
---
...dec-crash-hang-Don-t-ignore-stream-errors.patch | 52 ++++++++++++++++++++++
debian/patches/series | 1 +
2 files changed, 53 insertions(+)
diff --git a/debian/patches/0013-Fix-oggdec-crash-hang-Don-t-ignore-stream-errors.patch b/debian/patches/0013-Fix-oggdec-crash-hang-Don-t-ignore-stream-errors.patch
new file mode 100644
index 0000000..2d29a75
--- /dev/null
+++ b/debian/patches/0013-Fix-oggdec-crash-hang-Don-t-ignore-stream-errors.patch
@@ -0,0 +1,52 @@
+From: =?utf-8?q?Martin_Stegh=C3=B6fer?= <martin at steghoefer.eu>
+Date: Fri, 12 Dec 2014 18:21:08 +0100
+Subject: Fix oggdec crash/hang: Don't ignore stream errors
+
+oggdec treats all negative return values coming from ov_read
+as OV_HOLE errors and therefore as recoverable. So even in the
+case of fatal errors it keeps on calling ov_read, which may
+either crash (libvorbis' data structures may be uninitialized)
+or simply not progress and therefore trap oggdec in an
+infinite loop.
+
+Fix this by distinguishing between recoverable and
+non-recoverable errors. In the case of fatal errors, exit
+gracefully with an error message. The error string is
+"borrowed" from ogg123 and therefore already translated into
+several languages.
+
+Bug-Debian: https://bugs.debian.org/772978
+Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/vorbis-tools/+bug/629135
+Forwarded: https://trac.xiph.org/ticket/2148
+---
+ oggdec/oggdec.c | 15 +++++++++++----
+ 1 file changed, 11 insertions(+), 4 deletions(-)
+
+diff --git a/oggdec/oggdec.c b/oggdec/oggdec.c
+index a99f95d..16f87ac 100644
+--- a/oggdec/oggdec.c
++++ b/oggdec/oggdec.c
+@@ -310,12 +310,19 @@ static int decode_file(FILE *in, FILE *out, char *infile, char *outfile)
+ }
+ }
+
+- if(ret < 0 ) {
+- if( !quiet ) {
+- fprintf(stderr, _("WARNING: hole in data (%d)\n"), ret);
+- }
++ if(ret == OV_HOLE) {
++ if(!quiet) {
++ fprintf(stderr, _("WARNING: hole in data (%d)\n"), ret);
++ }
+ continue;
+ }
++ else if(ret < 0) {
++ if(!quiet) {
++ fprintf(stderr, _("=== Vorbis library reported a stream error.\n"));
++ }
++ ov_clear(&vf);
++ return 1;
++ }
+
+ if(channels > 2 && !raw) {
+ /* Then permute! */
diff --git a/debian/patches/series b/debian/patches/series
index b31bf12..ee6b34a 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -10,3 +10,4 @@
0010-Truncate-long-status-lines-on-small-terminals.patch
0011-Fix-ogg123-speex-stereo-Initialize-stereo-info-data-.patch
0012-Fix-ogg123-speex-playback-Initialize-channel-matrix.patch
+0013-Fix-oggdec-crash-hang-Don-t-ignore-stream-errors.patch
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-xiph/vorbis-tools.git
More information about the pkg-xiph-commits
mailing list