GitLab

It was reported to Ubuntu's (629135) and Debian's (772978) bug tracking systems that trying to decode a given (broken) ogg/vorbis input file, oggdec crashes or goes into an infinite loop (depending on the libvorbis version), while showing "hole in data" warnings.

I've looked into this and realized that libvorbis doesn't actually return the OV_HOLE "hole in data" error code (which would be recoverable), but a different (fatal) decoding error. However, oggdec treats all negative return values coming from ov_read as OV_HOLE errors and therefore as recoverable. So it keeps on calling ov_read, which may either crash (libvorbis' data structures may be uninitialized) or simply not progress and therefore capture oggdec in an infinite loop.

I suggest to fix it by applying the attached patch, which makes oggdec exit with an error message on fatal decoding errors. The error string is "borrowed" from ogg123 and therefore already translated into several languages.