Bug#769479: marked as done (unblock: libvorbis/1.3.4-2 (fix invalid memory access))

Thu, 13 Nov 2014 14:15:51 -0800 

Your message dated Thu, 13 Nov 2014 22:10:47 +0000
with message-id <[email protected]>
and subject line Re: Bug#769479: unblock: libvorbis/1.3.4-2 (fix invalid memory 
access)
has caused the Debian Bug report #769479,
regarding unblock: libvorbis/1.3.4-2 (fix invalid memory access)
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
769479: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=769479
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: release.debian.org
User: [email protected]
Usertags: unblock
Severity: normal
Please unblock package libvorbis. The version 1.3.4-2, currently in unstable, fixes bug #716613, which is about an access to invalid memory by the encoding library of libvorbis. The bug has the potential to crash applications that use libvorbis with a segfault, if the application doesn't have additional sanity checks in place that go beyond checking libvorbis' return values. 

The changlog entry for 1.3.4-2:

   [ Martin Steghöfer ]
   * Add sampling rate sanity check to avoid invalid memory access.
     (Closes: #716613  
<https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=716613>)
Please find attached a debdiff between the version in testing (1.3.4-1) and the version to unblock (1.3.4-2). 

Thanks!
Martin


unblock libvorbis/1.3.4-2

-- System Information:
Debian Release: 7.6
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-4-amd64 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash


diff -Nru libvorbis-1.3.4/debian/changelog libvorbis-1.3.4/debian/changelog
--- libvorbis-1.3.4/debian/changelog    2014-10-24 20:15:54.000000000 +0200
+++ libvorbis-1.3.4/debian/changelog    2014-11-04 12:09:32.000000000 +0100
@@ -1,3 +1,11 @@
+libvorbis (1.3.4-2) unstable; urgency=low
+
+  [ Martin Steghöfer ]
+  * Add sampling rate sanity check to avoid invalid memory access.
+    (Closes: #716613)
+
+ -- Petter Reinholdtsen <[email protected]>  Mon, 03 Nov 2014 09:08:25 +0100
+
 libvorbis (1.3.4-1) unstable; urgency=medium
 
   [ Martin Steghöfer ]
diff -Nru 
libvorbis-1.3.4/debian/patches/0004-Add-sampling-rate-sanity-check-to-avoid-invalid-memo.patch
 
libvorbis-1.3.4/debian/patches/0004-Add-sampling-rate-sanity-check-to-avoid-invalid-memo.patch
--- 
libvorbis-1.3.4/debian/patches/0004-Add-sampling-rate-sanity-check-to-avoid-invalid-memo.patch
      1970-01-01 01:00:00.000000000 +0100
+++ 
libvorbis-1.3.4/debian/patches/0004-Add-sampling-rate-sanity-check-to-avoid-invalid-memo.patch
      2014-11-04 12:09:32.000000000 +0100
@@ -0,0 +1,38 @@
+From: =?utf-8?q?Martin_Stegh=C3=B6fer?= <[email protected]>
+Date: Mon, 27 Oct 2014 22:06:15 +0100
+Subject: Add sampling rate sanity check to avoid invalid memory access.
+
+Bug-Debian: https://bugs.debian.org/716613
+
+Input files with sampling rate 0 are useless and can make
+libvorbis access invalid memory because the logic in
+_vp_psy_init (and probably other functions) isn't prepared for
+it. A sanity check lets the library refuse those inputs
+gracefully in the initialization functions before they can
+do harm.
+---
+ lib/vorbisenc.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/lib/vorbisenc.c b/lib/vorbisenc.c
+index f0f7c08..afd1bff 100644
+--- a/lib/vorbisenc.c
++++ b/lib/vorbisenc.c
+@@ -903,6 +903,8 @@ int vorbis_encode_setup_vbr(vorbis_info *vi,
+                             long  channels,
+                             long  rate,
+                             float quality){
++  if(rate <= 0) return OV_EINVAL;
++
+   codec_setup_info *ci=vi->codec_setup;
+   highlevel_encode_setup *hi=&ci->hi;
+ 
+@@ -948,6 +950,8 @@ int vorbis_encode_setup_managed(vorbis_info *vi,
+                                 long nominal_bitrate,
+                                 long min_bitrate){
+ 
++  if(rate <= 0) return OV_EINVAL;
++
+   codec_setup_info *ci=vi->codec_setup;
+   highlevel_encode_setup *hi=&ci->hi;
+   double tnominal=nominal_bitrate;
diff -Nru libvorbis-1.3.4/debian/patches/series 
libvorbis-1.3.4/debian/patches/series
--- libvorbis-1.3.4/debian/patches/series       2014-10-24 20:15:54.000000000 
+0200
+++ libvorbis-1.3.4/debian/patches/series       2014-11-04 12:09:32.000000000 
+0100
@@ -1,3 +1,4 @@
 0001-Fix-build-failure-with-DSO-link-changes.patch
 0002-Avoid-SIGFPE-when-bytespersample-is-zero.patch
 0003-Fix-hang-when-loading-Ogg-Theora-files-in-audacity.patch
+0004-Add-sampling-rate-sanity-check-to-avoid-invalid-memo.patch

--- End Message ---
--- Begin Message --- 
On Thu, 2014-11-13 at 22:54 +0100, Martin Steghöfer wrote:
> Please unblock package libvorbis. The version 1.3.4-2, currently in 
> unstable, fixes bug #716613, which is about an access to invalid memory 
> by the encoding library of libvorbis. The bug has the potential to crash 
> applications that use libvorbis with a segfault, if the application 
> doesn't have additional sanity checks in place that go beyond checking 
> libvorbis' return values.

Unblocked.

Regards,

Adam

--- End Message ---

Reply via email to