| 1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253 |
- From: =?utf-8?q?Martin_Stegh=C3=B6fer?= <martin@steghoefer.eu>
- Date: Fri, 12 Dec 2014 18:21:08 +0100
- Subject: Fix oggdec crash/hang: Don't ignore stream errors
- oggdec treats all negative return values coming from ov_read
- as OV_HOLE errors and therefore as recoverable. So even in the
- case of fatal errors it keeps on calling ov_read, which may
- either crash (libvorbis' data structures may be uninitialized)
- or simply not progress and therefore trap oggdec in an
- infinite loop.
- Fix this by distinguishing between recoverable and
- non-recoverable errors. In the case of fatal errors, exit
- gracefully with an error message. The error string is
- "borrowed" from ogg123 and therefore already translated into
- several languages.
- Bug-Debian: https://bugs.debian.org/772978
- Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/vorbis-tools/+bug/629135
- Forwarded: https://trac.xiph.org/ticket/2148
- ---
- oggdec/oggdec.c | 15 +++++++++++----
- 1 file changed, 11 insertions(+), 4 deletions(-)
- diff --git a/oggdec/oggdec.c b/oggdec/oggdec.c
- index a99f95d..16f87ac 100644
- --- a/oggdec/oggdec.c
- +++ b/oggdec/oggdec.c
- @@ -310,12 +310,19 @@ static int decode_file(FILE *in, FILE *out, char *infile, char *outfile)
- }
- }
-
- - if(ret < 0 ) {
- - if( !quiet ) {
- - fprintf(stderr, _("WARNING: hole in data (%d)\n"), ret);
- - }
- + if(ret == OV_HOLE) {
- + if(!quiet) {
- + fprintf(stderr, _("WARNING: hole in data (%d)\n"), ret);
- + }
- continue;
- }
- + else if(ret < 0) {
- + if(!quiet) {
- + fprintf(stderr, _("=== Vorbis library reported a stream error.\n"));
- + }
- + ov_clear(&vf);
- + return 1;
- + }
-
- if(channels > 2 && !raw) {
- /* Then permute! */
|
