Bug#782831: libvorbis: use of non-initialized variable leads to SIGSEV in dhewm3

Tobias Frost tobi at debian.org
Sat Apr 18 12:31:00 UTC 2015 

Package: libvorbis-dev
Version: 1.3.4-2
Severity: normal

Dear Maintainer,

Please read for a background:  https://github.com/dhewm/dhewm3/issues/104

Short: dhewm3 calls ov_pcm_seek_page(), where an object of ogg_page (og) is created
on the heap, which seems should be initialized by the call to _get_next_page().
However the call to this function is not successful, returnin OV_EOF (-2) and
the result is that ogg_page is not initialized but still later used, even if the code
recognized that bisection fails (bisec==-1). However, it still accesses it in
the call to  ogg_page_serialno(&og) leading to a SEGV.

A special guard for this, first initializing og.header with NULL and checking for it later
makes the SIGSE'm unsure if this fix is "sane". With that disclaimer, here's the patch I used:

diff -Naur libvorbis-1.3.4/lib/vorbisfile.c libvorbis-1.3.4_/lib/vorbisfile.c  
--- libvorbis-1.3.4/lib/vorbisfile.c    2015-04-18 14:28:43.000000000 +0200
+++ libvorbis-1.3.4_/lib/vorbisfile.c   2015-04-18 14:04:34.262733024 +0200
@@ -1442,6 +1442,7 @@
     ogg_int64_t best=-1;
 
     ogg_page og;
+    og.header = 0;
     /* bisection loop */
     while(begin<end){
       ogg_int64_t bisect;
@@ -1550,6 +1551,11 @@
          bisection would 'fail' because our search target was before the
          first PCM granule position fencepost. */
 
+      if (!og.header) {
+         result = -1;
+         goto seek_error;
+      }
+
       if(begin == vf->dataoffsets[link] &&
          ogg_page_serialno(&og)==vf->serialnos[link]){
 


Please let me know how I can help...

--
tobi


-- System Information:
Debian Release: 8.0
  APT prefers testing-updates
  APT policy: (500, 'testing-updates'), (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.utf8, LC_CTYPE=de_DE.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages libvorbis-dev depends on:
ii  libogg-dev      1.3.2-1
ii  libvorbis0a     1.3.4-2
ii  libvorbisenc2   1.3.4-2
ii  libvorbisfile3  1.3.4-2

libvorbis-dev recommends no packages.

libvorbis-dev suggests no packages.

-- no debconf information

More information about the pkg-xiph-maint mailing list