Bug#774516: vorbis-tools: null pointer dereference

Martin Steghöfer martin at steghoefer.eu
Sun Jan 4 16:28:09 UTC 2015


Forgot to CC the bug report itself. Here comes the message:


Martin Steghöfer wrote:
> reassign 774516 libvorbisfile3
> tags 774516 confirmed
> thanks
>
>
> Hi Jakub,
>
> Thank you for the bug report!
>
>
> Jakub Wilk wrote:
>> Both oggdec and ogg123 crash on the attached file, trying to 
>> dereference null pointer:
>>
>> [...]
>
> Confirmed, I can reproduce this.
>
>> #0 0xf7f925a8 in vorbis_packet_blocksize (vi=0x804d2f0, 
>> op=0xffff910c) at synthesis.c:168
>> #1  0xf7fb6b4d in _initial_pcmoffset (vf=0xffff92cc, vi=0x804d2f0) at 
>> vorbisfile.c:440
>> #2  0xf7fb8ec0 in _open_seekable2 (vf=0xffff92cc) at vorbisfile.c:625
>> #3  0xf7fb9117 in _ov_open2 (vf=0xffff92cc) at vorbisfile.c:941
>> #4  ov_open_callbacks (f=0x804d020, vf=0xffff92cc, initial=0x0, 
>> ibytes=0, callbacks=...) at vorbisfile.c:997
>> #5  0x0804977a in decode_file (in=0x804d020, out=0xffff9098, 
>> out at entry=0x804d188, infile=0xffffd88d "crash.ogg", outfile=0x804d008 
>> "crash.wav") at oggdec.c:265
>> #6  0x08048d5f in main (argc=2, argv=0xffffd6b4) at oggdec.c:455
>
> Judging from this stacktrace and from the fact that your file crashes 
> audacity, too, I'd say we're dealing with a problem in the decoder 
> library. Reassigning to package libvorbis.
>
> I am going to look into this and/or forward it to upstream.
>
>> This bug was found using American fuzzy lop:
>> https://packages.debian.org/experimental/afl
>
> Huh! Didn't know about this tool (although I've heard about the 
> general concept of fuzzing to discover bugs). I will have to give it a 
> spin...
>
> Cheers,
> Martin
>
>



More information about the pkg-xiph-maint mailing list