Bug#782831: marked as done (libvorbis: use of non-initialized variable leads to SIGSEV in dhewm3)

Tue, 22 Sep 2015 05:52:03 -0700 

Your message dated Tue, 22 Sep 2015 12:49:48 +0000
with message-id <[email protected]>
and subject line Bug#782831: fixed in libvorbis 1.3.4-3
has caused the Debian Bug report #782831,
regarding libvorbis: use of non-initialized variable leads to SIGSEV in dhewm3
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
782831: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=782831
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: libvorbis-dev
Version: 1.3.4-2
Severity: normal

Dear Maintainer,

Please read for a background:  https://github.com/dhewm/dhewm3/issues/104

Short: dhewm3 calls ov_pcm_seek_page(), where an object of ogg_page (og) is 
created
on the heap, which seems should be initialized by the call to _get_next_page().
However the call to this function is not successful, returnin OV_EOF (-2) and
the result is that ogg_page is not initialized but still later used, even if 
the code
recognized that bisection fails (bisec==-1). However, it still accesses it in
the call to  ogg_page_serialno(&og) leading to a SEGV.

A special guard for this, first initializing og.header with NULL and checking 
for it later
makes the SIGSE'm unsure if this fix is "sane". With that disclaimer, here's 
the patch I used:

diff -Naur libvorbis-1.3.4/lib/vorbisfile.c libvorbis-1.3.4_/lib/vorbisfile.c  
--- libvorbis-1.3.4/lib/vorbisfile.c    2015-04-18 14:28:43.000000000 +0200
+++ libvorbis-1.3.4_/lib/vorbisfile.c   2015-04-18 14:04:34.262733024 +0200
@@ -1442,6 +1442,7 @@
     ogg_int64_t best=-1;
 
     ogg_page og;
+    og.header = 0;
     /* bisection loop */
     while(begin<end){
       ogg_int64_t bisect;
@@ -1550,6 +1551,11 @@
          bisection would 'fail' because our search target was before the
          first PCM granule position fencepost. */
 
+      if (!og.header) {
+         result = -1;
+         goto seek_error;
+      }
+
       if(begin == vf->dataoffsets[link] &&
          ogg_page_serialno(&og)==vf->serialnos[link]){
 


Please let me know how I can help...

--
tobi


-- System Information:
Debian Release: 8.0
  APT prefers testing-updates
  APT policy: (500, 'testing-updates'), (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.utf8, LC_CTYPE=de_DE.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages libvorbis-dev depends on:
ii  libogg-dev      1.3.2-1
ii  libvorbis0a     1.3.4-2
ii  libvorbisenc2   1.3.4-2
ii  libvorbisfile3  1.3.4-2

libvorbis-dev recommends no packages.

libvorbis-dev suggests no packages.

-- no debconf information

--- End Message ---
--- Begin Message --- 
Source: libvorbis
Source-Version: 1.3.4-3

We believe that the bug you reported is fixed in the latest version of
libvorbis, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Petter Reinholdtsen <[email protected]> (supplier of updated libvorbis package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 22 Sep 2015 14:30:24 +0200
Source: libvorbis
Binary: libvorbis0a libvorbisenc2 libvorbisfile3 libvorbis-dev libvorbis-dbg
Architecture: source
Version: 1.3.4-3
Distribution: unstable
Urgency: low
Maintainer: Debian Xiph.org Maintainers <[email protected]>
Changed-By: Petter Reinholdtsen <[email protected]>
Description:
 libvorbis-dbg - debug files for Vorbis General Audio Compression Codec
 libvorbis-dev - development files for Vorbis General Audio Compression Codec
 libvorbis0a - decoder library for Vorbis General Audio Compression Codec
 libvorbisenc2 - encoder library for Vorbis General Audio Compression Codec
 libvorbisfile3 - high-level API for Vorbis General Audio Compression Codec
Closes: 774516 782831
Changes:
 libvorbis (1.3.4-3) unstable; urgency=low
 .
   [ Martin Steghöfer ]
   * Fix crash on corrupt input file (invalid mode index). (Closes: #774516)
   * Take into account error codes returned from
     "vorbis_packet_blocksize" in "_initial_pcmoffset" (follow-up
     problem related to #774516).  Thanks to Timothy B. Terriberry
   * Fix segmentation fault on two subsequent seeks to 0. (Closes: #782831)
 .
   [ Petter Reinholdtsen ]
   * Add debian/gbp.conf to enforce the user of pristine-tar.
Checksums-Sha1:
 93e59c70a89c685d48e75f4fc6376df635789d53 2395 libvorbis_1.3.4-3.dsc
 058c505b71d17ef8af3fb13cef91b82db772397f 14640 libvorbis_1.3.4-3.debian.tar.xz
Checksums-Sha256:
 34a977cf3ff7ad95171d08d2a057ad07d7b1a048c6ff6030cb6da82009e9be99 2395 
libvorbis_1.3.4-3.dsc
 5f6e1cd62f001fa9a3f5ed1e9fb601e32d8addf244e3f01d27ab85b13e74509e 14640 
libvorbis_1.3.4-3.debian.tar.xz
Files:
 5faba14886b486b01d283aed47a16381 2395 libs optional libvorbis_1.3.4-3.dsc
 d6664163c34443784b26f3c11f1084be 14640 libs optional 
libvorbis_1.3.4-3.debian.tar.xz

-----BEGIN PGP SIGNATURE-----
Comment: Debian powered!

iQJ8BAEBCgBmBQJWAUzfXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRGM0REMDlGOERBODdEMURGNTA0NkM5OUIw
NjEyRjQ5NDRFQ0RDRDVBAAoJEAYS9JROzc1a5qwQALYft9m8omYS4cbkLMwGZcL3
dZrVni1XeSh8ZXMenzyiYptyVUu5zfolgV8IH4yZ1Xm1Hseu6T8OUEOk7ps920+t
p42PRZglgJ+njLQgkomQ4h05w0NrzyenESpQ/WeuE0C7ByFRxwqJsWKDRInsR0cZ
f9eFbrfMcLZpKeNJpEHlX60NsrmLkXTPhrv3/uSzLVCHWXWRq8ErfnFg0co7bYwO
p9qQ9wRd4NZ96Yg0oA7C/DylbsrBln/NXjwDaWKe5LTOCFE1rA9vVN/CvNLziyyr
h/03sRUXs7rQM2NS7eErpnOF9VJbEOQ7qihh7cBSYx3dZ8ZorextoYag+jIR0Bm7
iC0Zjd5eaBqYcT0wutnIZA9OLtBFLplCGWVEWR+zoqZcm14hDALx3LupQc1JQXDh
UblmWy84dD/EYheIbxem96jotxSqtxC6oueZsrwsIJwnaYO6Gon0PFFPnqlTY025
11xlK+wM0G4y0+RZKbc0t5ehEA48kRUr9OzmijTqEi+9/WsNIq293QIeRLmL8zT8
zCdZigK/1HmwBjwws+pY2q1sQbwkQL5HRxJfWy3UIsa1+vF9jvjoNcpk74BW6Azh
dc4IpIYBJb4HWjw0MAwXSxeqWT9b87X4aTA4uegtUAJsiixpYKXU2jAUxcInOjXN
+JBNhhLb4STEl+n/xarK
=NFhp
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to