[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#769479: marked as done (unblock: libvorbis/1.3.4-2 (fix invalid memory access))

Your message dated Thu, 13 Nov 2014 22:10:47 +0000
with message-id <1415916647.29689.2.camel@adam-barratt.org.uk>
and subject line Re: Bug#769479: unblock: libvorbis/1.3.4-2 (fix invalid memory access)
has caused the Debian Bug report #769479,
regarding unblock: libvorbis/1.3.4-2 (fix invalid memory access)
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
769479: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=769479
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: release.debian.org
User: release.debian.org@packages.debian.org
Usertags: unblock
Severity: normal
Please unblock package libvorbis. The version 1.3.4-2, currently in unstable, fixes bug #716613, which is about an access to invalid memory by the encoding library of libvorbis. The bug has the potential to crash applications that use libvorbis with a segfault, if the application doesn't have additional sanity checks in place that go beyond checking libvorbis' return values. 

The changlog entry for 1.3.4-2:

   [ Martin Steghöfer ]
   * Add sampling rate sanity check to avoid invalid memory access.
     (Closes: #716613  <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=716613>)
Please find attached a debdiff between the version in testing (1.3.4-1) and the version to unblock (1.3.4-2). 

Thanks!
Martin


unblock libvorbis/1.3.4-2

-- System Information:
Debian Release: 7.6
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-4-amd64 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash


diff -Nru libvorbis-1.3.4/debian/changelog libvorbis-1.3.4/debian/changelog
--- libvorbis-1.3.4/debian/changelog	2014-10-24 20:15:54.000000000 +0200
+++ libvorbis-1.3.4/debian/changelog	2014-11-04 12:09:32.000000000 +0100
@@ -1,3 +1,11 @@
+libvorbis (1.3.4-2) unstable; urgency=low
+
+  [ Martin Steghöfer ]
+  * Add sampling rate sanity check to avoid invalid memory access.
+    (Closes: #716613)
+
+ -- Petter Reinholdtsen <pere@debian.org>  Mon, 03 Nov 2014 09:08:25 +0100
+
 libvorbis (1.3.4-1) unstable; urgency=medium
 
   [ Martin Steghöfer ]
diff -Nru libvorbis-1.3.4/debian/patches/0004-Add-sampling-rate-sanity-check-to-avoid-invalid-memo.patch libvorbis-1.3.4/debian/patches/0004-Add-sampling-rate-sanity-check-to-avoid-invalid-memo.patch
--- libvorbis-1.3.4/debian/patches/0004-Add-sampling-rate-sanity-check-to-avoid-invalid-memo.patch	1970-01-01 01:00:00.000000000 +0100
+++ libvorbis-1.3.4/debian/patches/0004-Add-sampling-rate-sanity-check-to-avoid-invalid-memo.patch	2014-11-04 12:09:32.000000000 +0100
@@ -0,0 +1,38 @@
+From: =?utf-8?q?Martin_Stegh=C3=B6fer?= <martin@steghoefer.eu>
+Date: Mon, 27 Oct 2014 22:06:15 +0100
+Subject: Add sampling rate sanity check to avoid invalid memory access.
+
+Bug-Debian: https://bugs.debian.org/716613
+
+Input files with sampling rate 0 are useless and can make
+libvorbis access invalid memory because the logic in
+_vp_psy_init (and probably other functions) isn't prepared for
+it. A sanity check lets the library refuse those inputs
+gracefully in the initialization functions before they can
+do harm.
+---
+ lib/vorbisenc.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/lib/vorbisenc.c b/lib/vorbisenc.c
+index f0f7c08..afd1bff 100644
+--- a/lib/vorbisenc.c
++++ b/lib/vorbisenc.c
+@@ -903,6 +903,8 @@ int vorbis_encode_setup_vbr(vorbis_info *vi,
+                             long  channels,
+                             long  rate,
+                             float quality){
++  if(rate <= 0) return OV_EINVAL;
++
+   codec_setup_info *ci=vi->codec_setup;
+   highlevel_encode_setup *hi=&ci->hi;
+ 
+@@ -948,6 +950,8 @@ int vorbis_encode_setup_managed(vorbis_info *vi,
+                                 long nominal_bitrate,
+                                 long min_bitrate){
+ 
++  if(rate <= 0) return OV_EINVAL;
++
+   codec_setup_info *ci=vi->codec_setup;
+   highlevel_encode_setup *hi=&ci->hi;
+   double tnominal=nominal_bitrate;
diff -Nru libvorbis-1.3.4/debian/patches/series libvorbis-1.3.4/debian/patches/series
--- libvorbis-1.3.4/debian/patches/series	2014-10-24 20:15:54.000000000 +0200
+++ libvorbis-1.3.4/debian/patches/series	2014-11-04 12:09:32.000000000 +0100
@@ -1,3 +1,4 @@
 0001-Fix-build-failure-with-DSO-link-changes.patch
 0002-Avoid-SIGFPE-when-bytespersample-is-zero.patch
 0003-Fix-hang-when-loading-Ogg-Theora-files-in-audacity.patch
+0004-Add-sampling-rate-sanity-check-to-avoid-invalid-memo.patch

--- End Message ---
--- Begin Message --- 
On Thu, 2014-11-13 at 22:54 +0100, Martin Steghöfer wrote:
> Please unblock package libvorbis. The version 1.3.4-2, currently in 
> unstable, fixes bug #716613, which is about an access to invalid memory 
> by the encoding library of libvorbis. The bug has the potential to crash 
> applications that use libvorbis with a segfault, if the application 
> doesn't have additional sanity checks in place that go beyond checking 
> libvorbis' return values.

Unblocked.

Regards,

Adam

--- End Message ---
Reply to: