Forgot to CC the bug report itself. Here comes the message:
Martin Steghöfer wrote:
reassign 774516 libvorbisfile3
tags 774516 confirmed
thanks
Hi Jakub,
Thank you for the bug report!
Jakub Wilk wrote:
Both oggdec and ogg123 crash on the attached file, trying to
dereference null pointer:
[...]
Confirmed, I can reproduce this.
#0 0xf7f925a8 in vorbis_packet_blocksize (vi=0x804d2f0,
op=0xffff910c) at synthesis.c:168
#1 0xf7fb6b4d in _initial_pcmoffset (vf=0xffff92cc, vi=0x804d2f0) at
vorbisfile.c:440
#2 0xf7fb8ec0 in _open_seekable2 (vf=0xffff92cc) at vorbisfile.c:625
#3 0xf7fb9117 in _ov_open2 (vf=0xffff92cc) at vorbisfile.c:941
#4 ov_open_callbacks (f=0x804d020, vf=0xffff92cc, initial=0x0,
ibytes=0, callbacks=...) at vorbisfile.c:997
#5 0x0804977a in decode_file (in=0x804d020, out=0xffff9098,
out@entry=0x804d188, infile=0xffffd88d "crash.ogg", outfile=0x804d008
"crash.wav") at oggdec.c:265
#6 0x08048d5f in main (argc=2, argv=0xffffd6b4) at oggdec.c:455
Judging from this stacktrace and from the fact that your file crashes
audacity, too, I'd say we're dealing with a problem in the decoder
library. Reassigning to package libvorbis.
I am going to look into this and/or forward it to upstream.
This bug was found using American fuzzy lop:
https://packages.debian.org/experimental/afl
Huh! Didn't know about this tool (although I've heard about the
general concept of fuzzing to discover bugs). I will have to give it a
spin...
Cheers,
Martin
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
