1. 16 Jun, 2017 2 commits
  2. 04 Oct, 2016 1 commit
  3. 13 Oct, 2015 1 commit
    • Ralph Giles's avatar
      Allocate comment temporaries on the heap. · c75b3b12
      Ralph Giles authored
      Use malloc/free instead of the more convenient alloca for
      comment data. Album art can easily be larger than the local
      stack limit and crash the process.
      Thanks to Robert Kausch for the suggestion.
  4. 18 Jun, 2015 1 commit
  5. 21 May, 2015 1 commit
    • Ralph Giles's avatar
      Fix automake warning. · 375ba1c4
      Ralph Giles authored
      Newer versions prefer AM_CPPFLAGS to INCLUDES.
      Tell libtool about our m4 directory.
  6. 03 Mar, 2015 1 commit
  7. 02 Mar, 2015 3 commits
  8. 27 Feb, 2015 1 commit
  9. 26 Feb, 2015 1 commit
    • Monty's avatar
      Trac 2139 indirectly brought to light the case of a stream that uses a · 65417f3a
      Monty authored
      single-entry codebook, but does not code a codeword of length 1 equal
      to zero.  Such a stream could cause a stream to read garbage.
      There is no apparent chance of garbage memory writes as this happen
      entirely after decode setup, however there is playback DoS potential.
      This commit special cases single-entry codebook setup so that decode
      is well-defined for streams with single-entry codebooks, and adds some
      comments to make it more clear how the case is handled.
      svn path=/trunk/vorbis/; revision=19444
  10. 21 Jan, 2015 2 commits
  11. 12 Jan, 2015 2 commits
  12. 07 Jan, 2015 1 commit
    • Timothy B. Terriberry's avatar
      Reject multiple headers of the same type. · c761e218
      Timothy B. Terriberry authored
      A common application pattern is to call vorbis_synthesis_headerin()
       and count how many times it succeeds.
      If you feed it multiple valid comment headers, they will all
       succeed, meaning you can be fooled into think you have a valid
       Vorbis file despite never seeing a setup header.
      This patch makes libvorbis reject multiple headers of the same type,
       preventing this from occurring.
      svn path=/trunk/vorbis/; revision=19426
  13. 05 Jan, 2015 3 commits
  14. 04 Jan, 2015 1 commit
    • Timothy B. Terriberry's avatar
      Fix crash on corrupt input file (invalid mode index) · bd9e4426
      Timothy B. Terriberry authored
      vorbis_packet_blocksize() crashes with a NULL pointer dereference,
      if the "mode" index read from the packet is too large. Check this
      immediately after reading the value and before accessing the mode
      parameters. This crash potentially affects all users of libvorbisfile
      and anyone else who calls vorbis_packet_blocksize() manually.
      Patch by Martin Steghöfer <martin@steghoefer.eu>
      Fixes #2140
      Bug-Debian: https://bugs.debian.org/774516
      svn path=/trunk/vorbis/; revision=19419
  15. 24 Jun, 2014 1 commit
    • Monty's avatar
      Correct two more corner case problems with #1486: · 1a96516c
      Monty authored
      1) single-page streams will have no bisection; handle the special case explicitly
      2) if the bisection fails without ever successfully grabbing a page, the first-page-special-case check is unprotected and will look at uninitialized memory.
      svn path=/trunk/vorbis/; revision=19171
  16. 18 Jun, 2014 3 commits
    • Monty's avatar
      Update vorbisfile source copyright · e2af029c
      Monty authored
      svn path=/trunk/vorbis/; revision=19166
    • Monty's avatar
      Additional fix to last-page handling, this time in initial bisection; · fba64f65
      Monty authored
      the code had gotten too cavalier about directly munging the vf->offset
      file pointer as well as using it as an implicit argument to
      _get_prev_page and _get_prev_page_serial.  The fact it was being used
      as an argument and a side effect caused a necessary seek to get missed
      when the last page of a link was non-vorbis.
      Fix: Clean up the overloading, and be explicit about where we're
      beginning prev_page reads.
      svn path=/trunk/vorbis/; revision=19165
    • Monty's avatar
      Correct two errors in patch for Trac #1486: · 6537cf8f
      Monty authored
      1) vf->offset should not have been overridden in new front-of-stream case
      2) missing status output in seeking_example.c
      svn path=/trunk/vorbis/; revision=19164
  17. 11 Jun, 2014 1 commit
    • Monty's avatar
      Attempted fix to Trac #1486 · 4b2cb0ae
      Monty authored
      beginning-of-stream seek targets were no longer well defined in
      ov_pcm_seek_page() (and thus ov_pcm_seek()) since extending to
      multiplexed streams.  Beginning of stream is a special case due to the
      seek target preceding the first explicit granule position.  
      Although seeking to PCM 0 triggered the bug, early seeks in general
      were not ebing handld well; rather than continuing to overload the
      bisection, handle the early-seek case outside the loop.
      svn path=/trunk/vorbis/; revision=19159
  18. 22 Jan, 2014 2 commits
  19. 03 Dec, 2013 1 commit
  20. 02 Dec, 2013 1 commit
  21. 12 Nov, 2013 1 commit
  22. 13 Jul, 2013 1 commit
  23. 03 Feb, 2012 3 commits
    • Monty's avatar
      commit version bump for 1.3.3 release · e34b315b
      Monty authored
      svn path=/trunk/vorbis/; revision=18186
    • Monty's avatar
      Minor build correction to r18183 · 1769a310
      Monty authored
      svn path=/trunk/vorbis/; revision=18184
    • Monty's avatar
      Port r17546 from Tremor; although pieces had made it over to libvorbis, a comprehensive · 4936fd27
      Monty authored
      port and verification was called for.  This patch provided some additional floor0 
        floor0 code could potentially use a book where the number of vals it
        needed to decode was not an integer number of dims wide.  This caused
        it to overflow the output vector as the termination condition was in
        the outer loop of vorbis_book_decodev_set.
        None of the various vorbis_book_decodeXXXX calls internally guard
        against this case either, but in every other use the calling code does
        properly guard (and avoids putting more checks in the tight inner
        decode loop).
        For floor0, move the checks into the inner loop as there's little
        penalty for doing so.
      [an equivalent change was already in libvorbis, but I've 
      harmonized the code with tremor]
        For floor0, move the checks into the inner loop as there's little
        penalty for doing so.  Add commentary indicating where guarding is
        done for each call variant.
      svn path=/trunk/vorbis/; revision=18183
  24. 01 Feb, 2012 1 commit
  25. 20 Jan, 2012 1 commit
  26. 04 Nov, 2011 1 commit
  27. 02 Sep, 2011 2 commits