Bug#769479: unblock: libvorbis/1.3.4-2 (fix invalid memory access)
Package: release.debian.org
User: release.debian.org@packages.debian.org
Usertags: unblock
Severity: normal
Please unblock package libvorbis. The version 1.3.4-2, currently in
unstable, fixes bug #716613, which is about an access to invalid memory
by the encoding library of libvorbis. The bug has the potential to crash
applications that use libvorbis with a segfault, if the application
doesn't have additional sanity checks in place that go beyond checking
libvorbis' return values.
The changlog entry for 1.3.4-2:
[ Martin Steghöfer ]
* Add sampling rate sanity check to avoid invalid memory access.
(Closes: #716613 <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=716613>)
Please find attached a debdiff between the version in testing (1.3.4-1)
and the version to unblock (1.3.4-2).
Thanks!
Martin
unblock libvorbis/1.3.4-2
-- System Information:
Debian Release: 7.6
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-4-amd64 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
diff -Nru libvorbis-1.3.4/debian/changelog libvorbis-1.3.4/debian/changelog
--- libvorbis-1.3.4/debian/changelog 2014-10-24 20:15:54.000000000 +0200
+++ libvorbis-1.3.4/debian/changelog 2014-11-04 12:09:32.000000000 +0100
@@ -1,3 +1,11 @@
+libvorbis (1.3.4-2) unstable; urgency=low
+
+ [ Martin Steghöfer ]
+ * Add sampling rate sanity check to avoid invalid memory access.
+ (Closes: #716613)
+
+ -- Petter Reinholdtsen <pere@debian.org> Mon, 03 Nov 2014 09:08:25 +0100
+
libvorbis (1.3.4-1) unstable; urgency=medium
[ Martin Steghöfer ]
diff -Nru libvorbis-1.3.4/debian/patches/0004-Add-sampling-rate-sanity-check-to-avoid-invalid-memo.patch libvorbis-1.3.4/debian/patches/0004-Add-sampling-rate-sanity-check-to-avoid-invalid-memo.patch
--- libvorbis-1.3.4/debian/patches/0004-Add-sampling-rate-sanity-check-to-avoid-invalid-memo.patch 1970-01-01 01:00:00.000000000 +0100
+++ libvorbis-1.3.4/debian/patches/0004-Add-sampling-rate-sanity-check-to-avoid-invalid-memo.patch 2014-11-04 12:09:32.000000000 +0100
@@ -0,0 +1,38 @@
+From: =?utf-8?q?Martin_Stegh=C3=B6fer?= <martin@steghoefer.eu>
+Date: Mon, 27 Oct 2014 22:06:15 +0100
+Subject: Add sampling rate sanity check to avoid invalid memory access.
+
+Bug-Debian: https://bugs.debian.org/716613
+
+Input files with sampling rate 0 are useless and can make
+libvorbis access invalid memory because the logic in
+_vp_psy_init (and probably other functions) isn't prepared for
+it. A sanity check lets the library refuse those inputs
+gracefully in the initialization functions before they can
+do harm.
+---
+ lib/vorbisenc.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/lib/vorbisenc.c b/lib/vorbisenc.c
+index f0f7c08..afd1bff 100644
+--- a/lib/vorbisenc.c
++++ b/lib/vorbisenc.c
+@@ -903,6 +903,8 @@ int vorbis_encode_setup_vbr(vorbis_info *vi,
+ long channels,
+ long rate,
+ float quality){
++ if(rate <= 0) return OV_EINVAL;
++
+ codec_setup_info *ci=vi->codec_setup;
+ highlevel_encode_setup *hi=&ci->hi;
+
+@@ -948,6 +950,8 @@ int vorbis_encode_setup_managed(vorbis_info *vi,
+ long nominal_bitrate,
+ long min_bitrate){
+
++ if(rate <= 0) return OV_EINVAL;
++
+ codec_setup_info *ci=vi->codec_setup;
+ highlevel_encode_setup *hi=&ci->hi;
+ double tnominal=nominal_bitrate;
diff -Nru libvorbis-1.3.4/debian/patches/series libvorbis-1.3.4/debian/patches/series
--- libvorbis-1.3.4/debian/patches/series 2014-10-24 20:15:54.000000000 +0200
+++ libvorbis-1.3.4/debian/patches/series 2014-11-04 12:09:32.000000000 +0100
@@ -1,3 +1,4 @@
0001-Fix-build-failure-with-DSO-link-changes.patch
0002-Avoid-SIGFPE-when-bytespersample-is-zero.patch
0003-Fix-hang-when-loading-Ogg-Theora-files-in-audacity.patch
+0004-Add-sampling-rate-sanity-check-to-avoid-invalid-memo.patch
Reply to: