Bug#765324: libvorbis: Patch used in NMU 1.3.2-1.5
Petter Reinholdtsen
pere at hungry.com
Tue Oct 14 07:36:59 UTC 2014
Package: libvorbis-dev
Version: 1.3.2-1.5
Tags: patch
Severity: wishlist
Hi. This is the patch I used in the NMU I just uploaded to fix a few
crash bugs in libvorbis.
A new upstream version should be considered too, but I did not want to
do that much changes so soon before the freeze without maintainer
approval. Is there anyone left in the Debian Xiph team? No
maintainer upload of libvorbis since 2011 make me wonder.
--
Happy hacking
Petter Reinholdtsen
-------------- next part --------------
diff -Nru libvorbis-1.3.2/debian/changelog libvorbis-1.3.2/debian/changelog
--- libvorbis-1.3.2/debian/changelog 2014-10-14 09:35:23.000000000 +0200
+++ libvorbis-1.3.2/debian/changelog 2014-10-14 09:32:54.000000000 +0200
@@ -1,3 +1,16 @@
+libvorbis (1.3.2-1.5) unstable; urgency=low
+
+ * Non-maintainer upload to fix crash and hang bug.
+ * Switch to debian source format 3.0 (quilt).
+ * Add Homepage link in debian/control.
+ * Avoid floating point exception when dividing by zero when
+ bytespersample is zero (Closes: #635906). Patch from Daniel Exner.
+ * Fix hang with loading Ogg Theora files when seeking to PCM 0 by
+ backporting r19159 of upstream SVN, authored by Chris Montgomery
+ (Closes: #762571). Patch from Martin Stegh?fer.
+
+ -- Petter Reinholdtsen <pere at debian.org> Tue, 14 Oct 2014 09:32:30 +0200
+
libvorbis (1.3.2-1.4) unstable; urgency=low
* Non-maintainer upload.
diff -Nru libvorbis-1.3.2/debian/control libvorbis-1.3.2/debian/control
--- libvorbis-1.3.2/debian/control 2014-10-14 09:35:23.000000000 +0200
+++ libvorbis-1.3.2/debian/control 2014-10-14 08:58:58.000000000 +0200
@@ -6,6 +6,7 @@
Build-Depends: debhelper (>= 9~), dh-autoreconf, libogg-dev
Standards-Version: 3.9.1
Vcs-Bzr: http://bzr.debian.org/bzr/pkg-xiph/libvorbis
+Homepage: http://www.xiph.org/vorbis/
Package: libvorbis0a
Architecture: any
diff -Nru libvorbis-1.3.2/debian/patches/floor-cve-2012-0444.patch libvorbis-1.3.2/debian/patches/floor-cve-2012-0444.patch
--- libvorbis-1.3.2/debian/patches/floor-cve-2012-0444.patch 1970-01-01 01:00:00.000000000 +0100
+++ libvorbis-1.3.2/debian/patches/floor-cve-2012-0444.patch 2014-10-14 09:19:38.000000000 +0200
@@ -0,0 +1,17 @@
+Description: Fix cve-2012-0444: buffer overflow in floor1.c
+ Patch found in version 1.3.2-1.2.
+Author: Michael Gilbert <mgilbert at debian.org>
+Forwarded: no
+Reviewed-By: Petter Reinholdtsen <pere at hungry.com>
+Last-Update: 2014-10-14
+
+--- libvorbis-1.3.2.orig/lib/floor1.c
++++ libvorbis-1.3.2/lib/floor1.c
+@@ -167,6 +167,7 @@ static vorbis_info_floor *floor1_unpack
+
+ for(j=0,k=0;j<info->partitions;j++){
+ count+=info->class_dim[info->partitionclass[j]];
++ if(count>VIF_POSIT) goto err_out;
+ for(;k<count;k++){
+ int t=info->postlist[k+2]=oggpack_read(opb,rangebits);
+ if(t<0 || t>=(1<<rangebits))
diff -Nru libvorbis-1.3.2/debian/patches/hang.patch libvorbis-1.3.2/debian/patches/hang.patch
--- libvorbis-1.3.2/debian/patches/hang.patch 1970-01-01 01:00:00.000000000 +0100
+++ libvorbis-1.3.2/debian/patches/hang.patch 2014-10-14 09:27:36.000000000 +0200
@@ -0,0 +1,212 @@
+Description: Fix hang when loading Ogg Theora files in audacity
+ Fix hang with loading Ogg Theora files when seeking to PCM 0 by
+ backporting r19159 of upstream SVN, authored by Chris Montgomery.
+Author: Martin Stegh?fer <martin at steghoefer.eu>
+Bug-Debian: http://bugs.debian.org/762571
+Reviewed-By: Petter Reinholdtsen <pere at debian.org>
+Last-Update: 2014-10-14
+
+--- libvorbis-1.3.2.orig/lib/vorbisfile.c
++++ libvorbis-1.3.2/lib/vorbisfile.c
+@@ -1417,22 +1417,28 @@ int ov_pcm_seek_page(OggVorbis_File *vf,
+ if(pos>=total)break;
+ }
+
+- /* search within the logical bitstream for the page with the highest
+- pcm_pos preceding (or equal to) pos. There is a danger here;
+- missing pages or incorrect frame number information in the
+- bitstream could make our task impossible. Account for that (it
+- would be an error condition) */
++ /* Search within the logical bitstream for the page with the highest
++ pcm_pos preceding pos. If we're looking for a position on the
++ first page, bisection will halt without finding our position as
++ it's before the first explicit granulepos fencepost. That case is
++ handled separately below.
++
++ There is a danger here; missing pages or incorrect frame number
++ information in the bitstream could make our task impossible.
++ Account for that (it would be an error condition) */
++
++ /* new search algorithm originally by HB (Nicholas Vinen) */
+
+- /* new search algorithm by HB (Nicholas Vinen) */
+ {
+ ogg_int64_t end=vf->offsets[link+1];
+- ogg_int64_t begin=vf->offsets[link];
++ ogg_int64_t begin=vf->dataoffsets[link];
+ ogg_int64_t begintime = vf->pcmlengths[link*2];
+ ogg_int64_t endtime = vf->pcmlengths[link*2+1]+begintime;
+ ogg_int64_t target=pos-total+begintime;
+- ogg_int64_t best=begin;
++ ogg_int64_t best=-1;
+
+ ogg_page og;
++ /* bisection loop */
+ while(begin<end){
+ ogg_int64_t bisect;
+
+@@ -1447,51 +1453,82 @@ int ov_pcm_seek_page(OggVorbis_File *vf,
+ bisect=begin;
+ }
+
++ /* only seek if the file position isn't already there */
+ if(bisect!=vf->offset){
+ result=_seek_helper(vf,bisect);
+ if(result) goto seek_error;
+ }
+
++ /* read loop within the bisection loop */
+ while(begin<end){
+ result=_get_next_page(vf,&og,end-vf->offset);
+ if(result==OV_EREAD) goto seek_error;
+ if(result<0){
++ /* there is no next page! */
+ if(bisect<=begin+1)
+- end=begin; /* found it */
++ /* No bisection left to perform. We've either found the
++ best candidate already or failed. Exit loop. */
++ end=begin;
+ else{
++ /* We tried to load a fraction of the last page; back up a
++ bit and try to get the whole last page */
+ if(bisect==0) goto seek_error;
+ bisect-=CHUNKSIZE;
++
++ /* don't repeat/loop on a read we've already performed */
+ if(bisect<=begin)bisect=begin+1;
++
++ /* seek and cntinue bisection */
+ result=_seek_helper(vf,bisect);
+ if(result) goto seek_error;
+ }
+ }else{
+ ogg_int64_t granulepos;
+
++ /* got a page. analyze it */
++ /* only consider pages from primary vorbis stream */
+ if(ogg_page_serialno(&og)!=vf->serialnos[link])
+ continue;
+
++ /* only consider pages with the granulepos set */
+ granulepos=ogg_page_granulepos(&og);
+ if(granulepos==-1)continue;
+
+ if(granulepos<target){
++ /* this page is a successful candidate! Set state */
++
+ best=result; /* raw offset of packet with granulepos */
+ begin=vf->offset; /* raw offset of next page */
+ begintime=granulepos;
+
++ /* if we're before our target but within a short distance,
++ don't bisect; read forward */
+ if(target-begintime>44100)break;
+- bisect=begin; /* *not* begin + 1 */
++
++ bisect=begin; /* *not* begin + 1 as above */
+ }else{
+- if(bisect<=begin+1)
+- end=begin; /* found it */
+- else{
+- if(end==vf->offset){ /* we're pretty close - we'd be stuck in */
++
++ /* This is one of our pages, but the granpos is
++ post-target; it is not a bisection return
++ candidate. (The only way we'd use it is if it's the
++ first page in the stream; we handle that case later
++ outside the bisection) */
++ if(bisect<=begin+1){
++ /* No bisection left to perform. We've either found the
++ best candidate already or failed. Exit loop. */
++ end=begin;
++ }else{
++ if(end==vf->offset){
++ /* bisection read to the end; use the known page
++ boundary (result) to update bisection, back up a
++ little bit, and try again */
+ end=result;
+- bisect-=CHUNKSIZE; /* an endless loop otherwise. */
++ bisect-=CHUNKSIZE;
+ if(bisect<=begin)bisect=begin+1;
+ result=_seek_helper(vf,bisect);
+ if(result) goto seek_error;
+ }else{
++ /* Normal bisection */
+ end=bisect;
+ endtime=granulepos;
+ break;
+@@ -1502,9 +1539,46 @@ int ov_pcm_seek_page(OggVorbis_File *vf,
+ }
+ }
+
+- /* found our page. seek to it, update pcm offset. Easier case than
+- raw_seek, don't keep packets preceding granulepos. */
+- {
++ /* Out of bisection: did it 'fail?' */
++ if(best == -1){
++
++ /* Check the 'looking for data in first page' special case;
++ bisection would 'fail' because our search target was before the
++ first PCM granule position fencepost. */
++
++ if(begin == vf->dataoffsets[link] &&
++ ogg_page_serialno(&og)==vf->serialnos[link]){
++
++ /* Yes, this is the beginning-of-stream case. We already have
++ our page, right at the beginning of PCM data. Set state
++ and return. */
++
++ vf->offset=result;
++ vf->pcm_offset=total;
++
++ if(link!=vf->current_link){
++ /* Different link; dump entire decode machine */
++ _decode_clear(vf);
++
++ vf->current_link=link;
++ vf->current_serialno=vf->serialnos[link];
++ vf->ready_state=STREAMSET;
++
++ }else{
++ vorbis_synthesis_restart(&vf->vd);
++ }
++
++ ogg_stream_reset_serialno(&vf->os,vf->current_serialno);
++ ogg_stream_pagein(&vf->os,&og);
++
++ }else
++ goto seek_error;
++
++ }else{
++
++ /* Bisection found our page. seek to it, update pcm offset. Easier case than
++ raw_seek, don't keep packets preceding granulepos. */
++
+ ogg_page og;
+ ogg_packet op;
+
+@@ -1534,15 +1608,19 @@ int ov_pcm_seek_page(OggVorbis_File *vf,
+ while(1){
+ result=ogg_stream_packetpeek(&vf->os,&op);
+ if(result==0){
+- /* !!! the packet finishing this page originated on a
+- preceding page. Keep fetching previous pages until we
+- get one with a granulepos or without the 'continued' flag
+- set. Then just use raw_seek for simplicity. */
++ /* No packet returned; we exited the bisection with 'best'
++ pointing to a page with a granule position, so the packet
++ finishing this page ('best') originated on a preceding
++ page. Keep fetching previous pages until we get one with
++ a granulepos or without the 'continued' flag set. Then
++ just use raw_seek for simplicity. */
+
+ result=_seek_helper(vf,best);
+ if(result<0) goto seek_error;
+
+- while(1){
++ /* Do not rewind past the beginning of link data; if we do,
++ it's either a bug or a broken stream */
++ while(result>vf->dataoffsets[link]){
+ result=_get_prev_page(vf,&og);
+ if(result<0) goto seek_error;
+ if(ogg_page_serialno(&og)==vf->current_serialno &&
diff -Nru libvorbis-1.3.2/debian/patches/link-with-math-library.patch libvorbis-1.3.2/debian/patches/link-with-math-library.patch
--- libvorbis-1.3.2/debian/patches/link-with-math-library.patch 1970-01-01 01:00:00.000000000 +0100
+++ libvorbis-1.3.2/debian/patches/link-with-math-library.patch 2014-10-14 09:28:33.000000000 +0200
@@ -0,0 +1,18 @@
+Description: Fix build failure with ld --no-add-needed
+ Make sure to link tests with -lm to fix linker error.
+Author: Matthias Klose <doko at ubuntu.com>
+Bug-Debian: http://bugs.debian.org/604797
+Reviewed-By: Petter Reinholdtsen <pere at debian.org>
+Last-Update: 2014-10-14
+
+--- libvorbis-1.3.2.orig/test/Makefile.am
++++ libvorbis-1.3.2/test/Makefile.am
+@@ -10,7 +10,7 @@ check: $(check_PROGRAMS)
+ ./test$(EXEEXT)
+
+ test_SOURCES = util.c util.h write_read.c write_read.h test.c
+-test_LDADD = ../lib/libvorbisenc.la ../lib/libvorbis.la @OGG_LIBS@
++test_LDADD = ../lib/libvorbisenc.la ../lib/libvorbis.la @OGG_LIBS@ -lm
+
+ debug:
+ $(MAKE) all CFLAGS="@DEBUG@"
diff -Nru libvorbis-1.3.2/debian/patches/series libvorbis-1.3.2/debian/patches/series
--- libvorbis-1.3.2/debian/patches/series 1970-01-01 01:00:00.000000000 +0100
+++ libvorbis-1.3.2/debian/patches/series 2014-10-14 09:28:40.000000000 +0200
@@ -0,0 +1,4 @@
+link-with-math-library.patch
+floor-cve-2012-0444.patch
+sigfpe.patch
+hang.patch
diff -Nru libvorbis-1.3.2/debian/patches/sigfpe.patch libvorbis-1.3.2/debian/patches/sigfpe.patch
--- libvorbis-1.3.2/debian/patches/sigfpe.patch 1970-01-01 01:00:00.000000000 +0100
+++ libvorbis-1.3.2/debian/patches/sigfpe.patch 2014-10-14 09:15:43.000000000 +0200
@@ -0,0 +1,20 @@
+Description: Avoid SIGFPE when bytespersample is zero
+Author: Daniel Exner <dex at dragonslave.de>
+Bug-Debian: http://bugs.debian.org/635906
+Origin: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=635906#15
+Forwarded: no
+Reviewed-By: Petter Reinholdtsen <pere at hungry.com>
+Last-Update: 2014-10-14
+
+--- libvorbis-1.3.2.orig/lib/vorbisfile.c
++++ libvorbis-1.3.2/lib/vorbisfile.c
+@@ -1902,7 +1980,8 @@ long ov_read_filter(OggVorbis_File *vf,c
+ long channels=ov_info(vf,-1)->channels;
+ long bytespersample=word * channels;
+ vorbis_fpu_control fpu;
+- if(samples>length/bytespersample)samples=length/bytespersample;
++ if(bytespersample && samples>length/bytespersample)
++ samples=length/bytespersample;
+
+ if(samples <= 0)
+ return OV_EINVAL;
diff -Nru libvorbis-1.3.2/debian/source/format libvorbis-1.3.2/debian/source/format
--- libvorbis-1.3.2/debian/source/format 2014-10-14 09:35:23.000000000 +0200
+++ libvorbis-1.3.2/debian/source/format 2014-10-14 09:09:44.000000000 +0200
@@ -1 +1 @@
-1.0
+3.0 (quilt)
diff -Nru libvorbis-1.3.2/lib/floor1.c libvorbis-1.3.2/lib/floor1.c
--- libvorbis-1.3.2/lib/floor1.c 2014-10-14 09:35:23.000000000 +0200
+++ libvorbis-1.3.2/lib/floor1.c 2010-10-23 06:31:21.000000000 +0200
@@ -167,7 +167,6 @@
for(j=0,k=0;j<info->partitions;j++){
count+=info->class_dim[info->partitionclass[j]];
- if(count>VIF_POSIT) goto err_out;
for(;k<count;k++){
int t=info->postlist[k+2]=oggpack_read(opb,rangebits);
if(t<0 || t>=(1<<rangebits))
diff -Nru libvorbis-1.3.2/test/Makefile.am libvorbis-1.3.2/test/Makefile.am
--- libvorbis-1.3.2/test/Makefile.am 2014-10-14 09:35:23.000000000 +0200
+++ libvorbis-1.3.2/test/Makefile.am 2010-03-25 07:28:59.000000000 +0100
@@ -10,7 +10,7 @@
./test$(EXEEXT)
test_SOURCES = util.c util.h write_read.c write_read.h test.c
-test_LDADD = ../lib/libvorbisenc.la ../lib/libvorbis.la @OGG_LIBS@ -lm
+test_LDADD = ../lib/libvorbisenc.la ../lib/libvorbis.la @OGG_LIBS@
debug:
$(MAKE) all CFLAGS="@DEBUG@"
diff -Nru libvorbis-1.3.2/test/Makefile.in libvorbis-1.3.2/test/Makefile.in
--- libvorbis-1.3.2/test/Makefile.in 2014-10-14 09:35:23.000000000 +0200
+++ libvorbis-1.3.2/test/Makefile.in 2010-11-01 21:29:11.000000000 +0100
@@ -205,7 +205,7 @@
AUTOMAKE_OPTIONS = foreign
INCLUDES = -I$(top_srcdir)/include @OGG_CFLAGS@
test_SOURCES = util.c util.h write_read.c write_read.h test.c
-test_LDADD = ../lib/libvorbisenc.la ../lib/libvorbis.la @OGG_LIBS@ -lm
+test_LDADD = ../lib/libvorbisenc.la ../lib/libvorbis.la @OGG_LIBS@
all: all-am
.SUFFIXES:
More information about the pkg-xiph-maint
mailing list