Bug#802393: libvorbisfile3: ov_raw_total() ignores the size of the last page

[Martin Steghöfer]

Package: libvorbisfile3
Version: 1.3.4-3
Severity: normal
Tags: confirmed


The maintainers of the package "libogg-vorbis-decoder-perl" discovered 
that the return value of "ov_raw_total()" with i==-1 changed after the 
upgrade from libvorbisfile3 1.3.4-2 to 1.3.4-3, which breaks their test 
case. See #801610 for further information.

Indeed, their test case seems to be correct and the new libvorbisfile3 
version returns an incorrect value. The problem was introduced by 
backported upstream fixes for #782831. Those fixes are also present 
(without modification) in the recent 1.3.5 upstream release and testing 
confirmed that 1.3.5 has the same problem. So the bug is not 
Debian-specific and the fix should therefore be coordinated with the 
upstream developers.

My analysis showed that the returned value is the difference between the 
offset of the last page and the offset of the first page of the logical 
bitstream. However, in order to comply with the specification, it should 
be the difference between the first byte *after* the last page and the 
offset of the first page. So the returned value is missing the size of 
the last page.

The problem can be fixed by simply changing the line

   if(_bisect_forward_serialno(vf,0,dataoffset,end,endgran,endserial, 
vf->serialnos+2,vf->serialnos[1],0)<0)return(OV_EREAD);

in vorbisfile.c to

if(_bisect_forward_serialno(vf,0,dataoffset,vf->end,endgran,endserial, 
vf->serialnos+2,vf->serialnos[1],0)<0)return(OV_EREAD);

However, since I find the bisection code relatively confusing, I'm not 
entirely sure that this won't break anything else (especially for the 
case of having multiple links). So I am going to propose this fix to 
upstream and wait for feedback before submitting a patch to the Debian 
package.