1. 11 Dec, 2017 2 commits
    • Guido Günther's avatar
      CVE-2017-14632: vorbis_analysis_header_out: Don't clear opb if not initialized · c1c2831f
      Guido Günther authored
      If the number of channels is not within the allowed range
      we call oggback_writeclear altough it's not initialized yet.
      
      This fixes
      
          =23371== Invalid free() / delete / delete[] / realloc()
          ==23371==    at 0x4C2CE1B: free (vg_replace_malloc.c:530)
          ==23371==    by 0x829CA31: oggpack_writeclear (in /usr/lib/x86_64-linux-gnu/libogg.so.0.8.2)
          ==23371==    by 0x84B96EE: vorbis_analysis_headerout (info.c:652)
          ==23371==    by 0x9FBCBCC: ??? (in /usr/lib/x86_64-linux-gnu/sox/libsox_fmt_vorbis.so)
          ==23371==    by 0x4E524F1: ??? (in /usr/lib/x86_64-linux-gnu/libsox.so.2.0.1)
          ==23371==    by 0x4E52CCA: sox_open_write (in /usr/lib/x86_64-linux-gnu/libsox.so.2.0.1)
          ==23371==    by 0x10D82A: open_output_file (sox.c:1556)
          ==23371==    by 0x10D82A: process (sox.c:1753)
          ==23371==    by 0x10D82A: main (sox.c:3012)
          ==23371==  Address 0x68768c8 is 488 bytes inside a block of size 880 alloc'd
          ==23371==    at 0x4C2BB1F: malloc (vg_replace_malloc.c:298)
          ==23371==    by 0x4C2DE9F: realloc (vg_replace_malloc.c:785)
          ==23371==    by 0x4E545C2: lsx_realloc (in /usr/lib/x86_64-linux-gnu/libsox.so.2.0.1)
          ==23371==    by 0x9FBC9A0: ??? (in /usr/lib/x86_64-linux-gnu/sox/libsox_fmt_vorbis.so)
          ==23371==    by 0x4E524F1: ??? (in /usr/lib/x86_64-linux-gnu/libsox.so.2.0.1)
          ==23371==    by 0x4E52CCA: sox_open_write (in /usr/lib/x86_64-linux-gnu/libsox.so.2.0.1)
          ==23371==    by 0x10D82A: open_output_file (sox.c:1556)
          ==23371==    by 0x10D82A: process (sox.c:1753)
          ==23371==    by 0x10D82A: main (sox.c:3012)
      
      as seen when using the testcase from CVE-2017-11333 with
      008d23b782be09c8d75ba8190b1794abd66c7121 applied. However the error was
      there before.
      c1c2831f
    • Guido Günther's avatar
      CVE-2017-14633: Don't allow for more than 256 channels · a79ec216
      Guido Günther authored
      Otherwise
      
       for(i=0;i<vi->channels;i++){
            /* the encoder setup assumes that all the modes used by any
               specific bitrate tweaking use the same floor */
            int submap=info->chmuxlist[i];
      
      overreads later in mapping0_forward since chmuxlist is a fixed array of
      256 elements max.
      a79ec216
  2. 11 Nov, 2017 1 commit
  3. 10 Nov, 2017 1 commit
  4. 25 Sep, 2017 1 commit
    • Ralph Giles's avatar
      Add build flags for YouCompleteMe. · 8ef0f805
      Ralph Giles authored
      Add a .ycm_extra.conf.py script to return the same CFLAGS
      we pass for `make debug`. These are passed to libclang
      so symbol lookup works correctly.
      
      Note this doesn't pick up changes to the build config,
      including non-default locations for the ogg headers,
      but it's better than nothing.
      8ef0f805
  5. 25 Jul, 2017 1 commit
  6. 24 Jul, 2017 1 commit
  7. 23 Jul, 2017 1 commit
  8. 22 Jul, 2017 3 commits
  9. 16 Jun, 2017 2 commits
  10. 05 Oct, 2016 13 commits
  11. 04 Oct, 2016 1 commit
  12. 08 Sep, 2016 1 commit
    • Ralph Giles's avatar
      Initial appveyor config to test the Windows build. · 39efc81a
      Ralph Giles authored
      This makes the minimal changes necessary to build
      the dynamic solution Win32|Debug target with VS2015
      and against the static solution from the ogg master
      branch.
      
      The other targets can be added after updating the
      project files for VS2015.
      39efc81a
  13. 22 Jul, 2016 1 commit
  14. 14 May, 2016 1 commit
  15. 28 Mar, 2016 8 commits
  16. 18 Jan, 2016 1 commit
  17. 13 Oct, 2015 1 commit
    • Ralph Giles's avatar
      Allocate comment temporaries on the heap. · c75b3b12
      Ralph Giles authored
      Use malloc/free instead of the more convenient alloca for
      comment data. Album art can easily be larger than the local
      stack limit and crash the process.
      
      Thanks to Robert Kausch for the suggestion.
      c75b3b12