# HG changeset patch
# User Darren Salt <linux@youmustbejoking.demon.co.uk>
# Date 1218114232 -3600
# Node ID 967a8e515380c0c9b9858125a054082145002d00
# Parent  7370eb843ea2b3bbf89936101228b9dd837c7f0b
Fix crashes with fuzzed Ogg files. (CVE-2008-3231)

diff --git a/ChangeLog b/ChangeLog
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,4 +1,6 @@ xine-lib (1.1.15) 2008-??-??
 xine-lib (1.1.15) 2008-??-??
+  * Security fixes:
+    - Fix crashes with corrupted Ogg files. (CVE-2008-3231)
   * Use external ffmpeg by default.
   * V4L: Don't segfault if asked for an input that doesn't exist
   * Recognise AMR audio (normally found in 3GP files).
diff --git a/src/demuxers/demux_ogg.c b/src/demuxers/demux_ogg.c
--- a/src/demuxers/demux_ogg.c
+++ b/src/demuxers/demux_ogg.c
@@ -1357,7 +1357,7 @@ static void send_header (demux_ogg_t *th
   this->ignore_keyframes = 0;
 
   while (!done) {
-    if (!read_ogg_packet(this)) {
+    if (!read_ogg_packet(this) || !this->og.header || !this->og.body) {
       return;
     }
     /* now we've got at least one new page */
@@ -1478,6 +1478,12 @@ static int demux_ogg_send_chunk (demux_p
   llprintf(DEBUG_PACKETS, "send package...\n");
 
   if (!read_ogg_packet(this)) {
+    this->status = DEMUX_FINISHED;
+    lprintf ("EOF\n");
+    return this->status;
+  }
+
+  if (!this->og.header || !this->og.body) {
     this->status = DEMUX_FINISHED;
     lprintf ("EOF\n");
     return this->status;