Bug#775959: [Fwd: Bug#775959: Patch for this issue]

2015-02-22 Thread Fabian Greffrath 
Hi Rogerio,

Am Samstag, den 21.02.2015, 20:37 -0200 schrieb Rogério Brito: 
> I just applied the patch. If you have more, please send them my way.

Oh, yes, I have. A lot has happened in the past weeks.

1) Fix a crash in the frontend if (bits_per_sample < 0):
http://anonscm.debian.org/cgit/pkg-multimedia/lame.git/commit/?id=2b84d36c2d864e6578d228ff1f30dc57309d6a2c

2) Fix a crash if the ratio between input and output sample rate is very
close to an integer:
http://anonscm.debian.org/cgit/pkg-multimedia/lame.git/commit/?id=bcf5295dd99c3e0a2eb2bd0717a239c459310093

3) Extend Maks' patch to also error out if (num_channels < 0):
http://anonscm.debian.org/cgit/pkg-multimedia/lame.git/commit/?id=1c7c62d3c5614443524b5ad170ba2713a14d4e09

These patches fix all the bugs triggered by fuzzed samples reported
against the lame package so far.

- Fabian

___
pkg-multimedia-maintainers mailing list
pkg-multimedia-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers

Bug#775959: [Fwd: Bug#775959: Patch for this issue]

2015-02-21 Thread Rogério Brito 
Hi there, Fabian and Maks.

On Jan 22 2015, Fabian Greffrath wrote:
> would you apply the attached patch, courtesy of Maks Naumov, to LAME
> upstream?

I just applied the patch. If you have more, please send them my way.


Thanks for letting me know,

-- 
Rogério Brito : rbrito@{ime.usp.br,gmail.com} : GPG key 4096R/BCFC
http://cynic.cc/blog/ : github.com/rbrito : profiles.google.com/rbrito
DebianQA: http://qa.debian.org/developer.php?login=rbrito%40ime.usp.br

___
pkg-multimedia-maintainers mailing list
pkg-multimedia-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers

Bug#775959: [Fwd: Bug#775959: Patch for this issue]

2015-01-22 Thread Fabian Greffrath 
Hi Rogerio,

would you apply the attached patch, courtesy of Maks Naumov, to LAME
upstream?

Thanks!

Cheers,

Fabian

Am Donnerstag, den 22.01.2015, 00:05 +0100 schrieb Jakub Wilk:
Package: lame
> Version: 3.99.5+repack1-5
> Usertags: afl
> 
> lame crashes while trying compress the attached WAV file, which 
> apparently has bogus sample rate:
> 
> $ lame crash.wav
> LAME 3.99.5 32bits (http://lame.sf.net)
> CPU features: MMX (ASM used), 3DNow! (ASM used), SSE (ASM used), SSE2
> Resampling:  input -2.14748e+06 kHz  output 8 kHz
> Using polyphase lowpass filter, transition band:  3000 Hz -  3097 Hz
> Encoding crash.wav to crash.mp3
> Encoding as 8 kHz single-ch MPEG-2.5 Layer III (16x)   8 kbps qval=3
> Frame  |  CPU time/estim | REAL time/estim | play/CPU |
ETA
>  0/   ( 0%)|0:00/ :  |0:00/ :  | x|
> :
>
00:00--
>kbps  % %
> 0.0   Segmentation fault
> 
> 
> This bug was found using American fuzzy lop:
> https://packages.debian.org/experimental/afl
> 
> Disclaimer: I don't have spare CPU cycles, so I fuzzed only till the 
> first crash (which took a few seconds). It's likely that extensive 
> fuzzing would uncover more interesting crashers. I'd encourage LAME 
> maintainers to perform fuzzing with AFL on their own. :-)
> 
> 
> -- System Information:
> Debian Release: 8.0
>   APT prefers unstable
>   APT policy: (990, 'unstable'), (500, 'experimental')
> Architecture: i386 (x86_64)
> Foreign Architectures: amd64
> 
> Kernel: Linux 3.2.0-4-amd64 (SMP w/2 CPU cores)
> Locale: LANG=C, LC_CTYPE=pl_PL.UTF-8 (charmap=UTF-8)
> Shell: /bin/sh linked to /bin/dash
> Init: sysvinit (via /sbin/init)
> 
> Versions of packages lame depends on:
> ii  libc62.19-13
> ii  libmp3lame0  3.99.5+repack1-5
> ii  libncurses5  5.9+20140913-1+b1
> ii  libtinfo55.9+20140913-1+b1
> 
> ___
> pkg-multimedia-maintainers mailing list
> pkg-multimedia-maintainers@lists.alioth.debian.org
>
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
> 

 Weitergeleitete Nachricht 
Von: Maks Naumov 
Reply-to: Maks Naumov , 775...@bugs.debian.org
An: 775...@bugs.debian.org
Betreff: Bug#775959: Patch for this issue
Datum: Thu, 22 Jan 2015 16:22:50 +0200

Need to check for input sample rate.

From 1ea4eac3e7d57dbad42fb067a32ac1600a0397a0 Mon Sep 17 00:00:00 2001
From: Maks Naumov 
Date: Thu, 22 Jan 2015 16:20:40 +0200
Subject: [PATCH] Add check for invalid input sample rate

Signed-off-by: Maks Naumov 
---
 libmp3lame/lame.c | 6 ++
 1 file changed, 6 insertions(+)

diff --git a/libmp3lame/lame.c b/libmp3lame/lame.c
index 5989160..51d689c 100644
--- a/libmp3lame/lame.c
+++ b/libmp3lame/lame.c
@@ -822,6 +822,12 @@ lame_init_params(lame_global_flags * gfp)
 }
 #endif
 
+if (gfp->samplerate_in < 0) {
+freegfc(gfc);
+gfp->internal_flags = NULL;
+return -1;
+}
+
 cfg->disable_reservoir = gfp->disable_reservoir;
 cfg->lowpassfreq = gfp->lowpassfreq;
 cfg->highpassfreq = gfp->highpassfreq;
-- 
1.9.4.msysgit.1

___
pkg-multimedia-maintainers mailing list
pkg-multimedia-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers