Bug#774516: vorbis-tools: null pointer dereference
martin at steghoefer.eu
Sun Jan 4 16:28:09 UTC 2015
Forgot to CC the bug report itself. Here comes the message:
Martin Steghöfer wrote:
> reassign 774516 libvorbisfile3
> tags 774516 confirmed
> Hi Jakub,
> Thank you for the bug report!
> Jakub Wilk wrote:
>> Both oggdec and ogg123 crash on the attached file, trying to
>> dereference null pointer:
> Confirmed, I can reproduce this.
>> #0 0xf7f925a8 in vorbis_packet_blocksize (vi=0x804d2f0,
>> op=0xffff910c) at synthesis.c:168
>> #1 0xf7fb6b4d in _initial_pcmoffset (vf=0xffff92cc, vi=0x804d2f0) at
>> #2 0xf7fb8ec0 in _open_seekable2 (vf=0xffff92cc) at vorbisfile.c:625
>> #3 0xf7fb9117 in _ov_open2 (vf=0xffff92cc) at vorbisfile.c:941
>> #4 ov_open_callbacks (f=0x804d020, vf=0xffff92cc, initial=0x0,
>> ibytes=0, callbacks=...) at vorbisfile.c:997
>> #5 0x0804977a in decode_file (in=0x804d020, out=0xffff9098,
>> out at entry=0x804d188, infile=0xffffd88d "crash.ogg", outfile=0x804d008
>> "crash.wav") at oggdec.c:265
>> #6 0x08048d5f in main (argc=2, argv=0xffffd6b4) at oggdec.c:455
> Judging from this stacktrace and from the fact that your file crashes
> audacity, too, I'd say we're dealing with a problem in the decoder
> library. Reassigning to package libvorbis.
> I am going to look into this and/or forward it to upstream.
>> This bug was found using American fuzzy lop:
> Huh! Didn't know about this tool (although I've heard about the
> general concept of fuzzing to discover bugs). I will have to give it a
More information about the pkg-xiph-maint