I reviewed opus version 1.0.1-0ubuntu1 as checked into Saucy. This should
not be considered a full security audit, but a quick gauge of code
quality.
- opus is a low-latency audio codec, it provides a library that can be
used by applications needing RFC 6716 support
- No cryptography
- Does not itself perform networking, input may be from a network
- Build-Depends on doxygen
- Does not daemonize
- May run as a system user if linked into an appropriate application
- No initscripts
- No dbus
- No setuid
- No privileged portions of code
- No udev rules
- No sudo fragments
- No cron jobs
- Good test suite run at build, malloc check and valgrind integration
available
- Clean build logs
Lintian warnings:
W: libopus0: possible-new-upstream-release-without-new-version
W: libopus-doc: possible-new-upstream-release-without-new-version
W: libopus-doc: embedded-javascript-library
usr/share/doc/libopus-doc/html/jquery.js
W: opus source: outdated-autotools-helper-file config.guess 2012-01-01
W: opus source: outdated-autotools-helper-file config.sub 2012-01-01
W: opus source: out-of-date-standards-version 3.9.3.1 (current is 3.9.4)
- No subprocesses spawned
- Extensive explicit memory management, most of it looked safe, some
aspects of relying upon codec state for size of data copies isn't
wonderful, as finding the amount of data being copied may be quite
difficult to discover when performing maintenance
- Encouraging assert() macros throughout much of the codebase
- Demo programs do file IO only on command-line argument files
- Logging looked safe
- Environment variables used only during test suites, not investigated
- No privileged portions of code
- No cryptography
- No networking
- No temporary file handling
- No webkit
- No qtjsbackend
- No policykit
While the coding style of this library was at times grating, it looked
well-programmed with good defensive checks throughout, and the test suite
looked extensive.
As a codec, it does depend heavily upon expert knowledge to fix
codec-level bugs, so we would be reliant upon upstream for many potential
fixes.
Some notes I took while reading the code, in the hopes that someone finds
them useful:
- opus_demo.c casts return value from malloc(3), disabling warnings
- ./celt/opus_custom_demo.c integer overflows and unchecked malloc(3)
returns:
in = (opus_int16*)malloc(frame_size*channels*sizeof(opus_int16));
out = (opus_int16*)malloc(frame_size*channels*sizeof(opus_int16));
- Casts in opus_fft_free() appear to defeat const-correctness, why?
Security team ACK for including in main.
Thanks
** Changed in: opus (Ubuntu Saucy)
Assignee: Seth Arnold (seth-arnold) => (unassigned)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1196967
Title:
[MIR] opus (b-d of jackd2)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/opus/+bug/1196967/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
