Bug#774516: vorbis-tools: null pointer dereference
Jakub Wilk
jwilk at debian.org
Sat Jan 3 20:24:32 UTC 2015
Package: vorbis-tools
Version: 1.4.0-6
Usertags: afl
Both oggdec and ogg123 crash on the attached file, trying to dereference
null pointer:
$ oggdec crash.ogg
oggdec from vorbis-tools 1.4.0
Segmentation fault
$ ogg123 crash.ogg
Audio Device: Advanced Linux Sound Architecture (ALSA) output
Segmentation fault
Backtrace:
#0 0xf7f925a8 in vorbis_packet_blocksize (vi=0x804d2f0, op=0xffff910c) at synthesis.c:168
#1 0xf7fb6b4d in _initial_pcmoffset (vf=0xffff92cc, vi=0x804d2f0) at vorbisfile.c:440
#2 0xf7fb8ec0 in _open_seekable2 (vf=0xffff92cc) at vorbisfile.c:625
#3 0xf7fb9117 in _ov_open2 (vf=0xffff92cc) at vorbisfile.c:941
#4 ov_open_callbacks (f=0x804d020, vf=0xffff92cc, initial=0x0, ibytes=0, callbacks=...) at vorbisfile.c:997
#5 0x0804977a in decode_file (in=0x804d020, out=0xffff9098, out at entry=0x804d188, infile=0xffffd88d "crash.ogg", outfile=0x804d008 "crash.wav") at oggdec.c:265
#6 0x08048d5f in main (argc=2, argv=0xffffd6b4) at oggdec.c:455
This bug was found using American fuzzy lop:
https://packages.debian.org/experimental/afl
-- System Information:
Debian Release: 8.0
APT prefers unstable
APT policy: (990, 'unstable'), (500, 'experimental')
Architecture: i386 (x86_64)
Foreign Architectures: amd64
Kernel: Linux 3.2.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=pl_PL.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)
Versions of packages vorbis-tools depends on:
ii libao4 1.1.0-3
ii libc6 2.19-13
ii libcurl3-gnutls 7.38.0-3
ii libflac8 1.3.0-3
ii libogg0 1.3.2-1
ii libspeex1 1.2~rc1.2-1
ii libvorbis0a 1.3.4-2
ii libvorbisenc2 1.3.4-2
ii libvorbisfile3 1.3.4-2
--
Jakub Wilk
More information about the pkg-xiph-maint
mailing list