summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Port r19426 from libvorbis.HEADmasterTim Terriberry2018-03-191-1/+12
| | | | Reject multiple headers of the same type.
* Prevent out-of-bounds write in codebook decoding.Thomas Daede2018-03-151-9/+9
| | | | | Codebooks that are not an exact divisor of the partition size are now truncated to fit within the partition.
* Port r19419 to Tremor.Tim Terriberry2015-01-051-1/+1
| | | | | | | Fix crash on corrupt input file (invalid mode index) git-svn-id: https://svn.xiph.org/trunk/Tremor@19420 0101bb08-14d6-0310-b084-bc0e0c8e3800
* Commit suggested fix for #2021 Backport additional #1486 -n -r 19164 set ↵Monty2014-06-244-5/+20
| | | | | | keyword property on source files git-svn-id: https://svn.xiph.org/trunk/Tremor@19172 0101bb08-14d6-0310-b084-bc0e0c8e3800
* Backport #1486 fixes from libvorbis to Tremor (trunk)Monty2014-06-243-76/+146
| | | | git-svn-id: https://svn.xiph.org/trunk/Tremor@19170 0101bb08-14d6-0310-b084-bc0e0c8e3800
* Update pkgconfig files to reduce overlinking.Tim Terriberry2014-06-241-2/+2
| | | | | | | | Patch from Brad Smith. Reviewed by Ron Lee. Fixes #1943. git-svn-id: https://svn.xiph.org/trunk/Tremor@18906 0101bb08-14d6-0310-b084-bc0e0c8e3800
* Might as well commit version bump as wellMonty2012-01-201-2/+2
| | | | git-svn-id: https://svn.xiph.org/trunk/Tremor@18153 0101bb08-14d6-0310-b084-bc0e0c8e3800
* Tremor mainline fix commit for Moz BZ #719612Monty2012-01-201-0/+1
| | | | git-svn-id: https://svn.xiph.org/trunk/Tremor@18152 0101bb08-14d6-0310-b084-bc0e0c8e3800
* Fix mis-matched types for serialno's.Tim Terriberry2011-11-061-4/+4
| | | | | | | | | | | | | | | The use of long caused some functions which now use libogg's ogg_page_serialno() (which returns an int) to sign-extend the serialno, while the actual list was stored as ogg_uint32_t's. This would cause subsequent lookups to fail on platforms with a 64-bit long. Introduced in r17375 and r16259, but only partially corrected in r17536. Fixes #1838. Thanks to achurch for the report. git-svn-id: https://svn.xiph.org/trunk/Tremor@18116 0101bb08-14d6-0310-b084-bc0e0c8e3800
* patch to fix a typo in the autoconf script for Tremor from brad0Monty2011-09-241-10/+1
| | | | git-svn-id: https://svn.xiph.org/trunk/Tremor@18099 0101bb08-14d6-0310-b084-bc0e0c8e3800
* Migrated main development to Visual Studio 2008 (which has a better ↵Cristian Adam2010-11-201-1/+7
| | | | | | | | | | integration with Windows 7). Modified project files to have Windows CE debug builds compilable and runnable. git-svn-id: https://svn.xiph.org/trunk/Tremor@17636 0101bb08-14d6-0310-b084-bc0e0c8e3800
* Fix for Trac #1578; alter open1 so that serialnos[0] and Monty2010-10-271-2/+1
| | | | | | | | vf->current_serialno matches on return. git-svn-id: https://svn.xiph.org/trunk/Tremor@17572 0101bb08-14d6-0310-b084-bc0e0c8e3800
* Port r17543 from Tremor.Tim Terriberry2010-10-211-3/+2
| | | | | | | | | A codebook that allows values outside the circular range of the piecewise floor1 representation can overflow the lookup Also fix a typo in the comments of the original patch. git-svn-id: https://svn.xiph.org/trunk/Tremor@17555 0101bb08-14d6-0310-b084-bc0e0c8e3800
* Removed Windows CE Platform Builder as a dependency of building Windows ↵Cristian Adam2010-10-201-1/+7
| | | | | | Mobile binaries. git-svn-id: https://svn.xiph.org/trunk/Tremor@17551 0101bb08-14d6-0310-b084-bc0e0c8e3800
* Add additional check, disallow books with dim<1 in floor0Monty2010-10-181-0/+1
| | | | git-svn-id: https://svn.xiph.org/trunk/Tremor@17547 0101bb08-14d6-0310-b084-bc0e0c8e3800
* floor0 code could potentially use a book where the number of vals itMonty2010-10-182-8/+11
| | | | | | | | | | | | | | | | | | | | needed to decode was not an integer number of dims wide. This caused it to overflow the output vector as the termination condition was in the outer loop of vorbis_book_decodev_set. None of the various vorbis_book_decodeXXXX calls internally guard against this case either, but in every other use the calling code does properly guard (and avoids putting more checks in the tight inner decode loop). For floor0, move the checks into the inner loop as there's little penalty for doing so. Add commentary indicating where guarding is done for each call variant. git-svn-id: https://svn.xiph.org/trunk/Tremor@17546 0101bb08-14d6-0310-b084-bc0e0c8e3800
* Check that floor0 books all have a value mapping. FixesMonty2010-10-181-0/+1
| | | | | | | | zzuf.00005.361003813.chop.lsp-test4.ogg etc. git-svn-id: https://svn.xiph.org/trunk/Tremor@17545 0101bb08-14d6-0310-b084-bc0e0c8e3800
* A guard conditional used > instead of >=. Fix forMonty2010-10-181-1/+1
| | | | | | | | | zzuf.00005.355571120.chop.rc2-test2.ogg git-svn-id: https://svn.xiph.org/trunk/Tremor@17544 0101bb08-14d6-0310-b084-bc0e0c8e3800
* If fuzzing swaps in a codebook that allows values outside the circularMonty2010-10-181-3/+9
| | | | | | | | | | range of the piecewise representation, it can overflow the lookup. Proper fix here is just a simple clamp. git-svn-id: https://svn.xiph.org/trunk/Tremor@17543 0101bb08-14d6-0310-b084-bc0e0c8e3800
* The previous round of loosening the phrasebook checking to allowMonty2010-10-181-0/+1
| | | | | | | | | | playback of some older (pre-1.0) files removed an [implicit] check against phrasebook dim being set to zero. Reinstate as an explicit check. git-svn-id: https://svn.xiph.org/trunk/Tremor@17542 0101bb08-14d6-0310-b084-bc0e0c8e3800
* Harden the code that trims the last packet of a stream; it wasMonty2010-10-181-4/+34
| | | | | | | | | possible to game the granpos such that the trim code would try to rewind more samples than were actually available in storage. git-svn-id: https://svn.xiph.org/trunk/Tremor@17541 0101bb08-14d6-0310-b084-bc0e0c8e3800
* Fix compiler warning.Tim Terriberry2010-10-161-1/+1
| | | | | | | codebook.c:87: warning: suggest parentheses around '-' inside '>>' git-svn-id: https://svn.xiph.org/trunk/Tremor@17540 0101bb08-14d6-0310-b084-bc0e0c8e3800
* Additional codebook validity checks.Tim Terriberry2010-10-161-4/+16
| | | | | | | | | | Bail out of codebook loading early if the packet doesn't have enough data for the size of the codebooks it asked for. This doesn't in and of itself provide any additional security, but it does make peak heap usage on many invalid files smaller. git-svn-id: https://svn.xiph.org/trunk/Tremor@17539 0101bb08-14d6-0310-b084-bc0e0c8e3800
* Fix decoder handling of floor0 when the LSP order is 1.Tim Terriberry2010-10-152-14/+19
| | | | | | | | | | | | Header setup allows the LSP order to be as low as one, but the code in vorbis_lsp_to_curve() assumed it was at least two. This wasn't terrible in libvorbis... it would multiply a nonsense (but defined) value into the output, and nothing more. In Tremor, it referenced several completely undefined (stack) values, which could cause out-of-bounds lookup table accesses and crashes. git-svn-id: https://svn.xiph.org/trunk/Tremor@17538 0101bb08-14d6-0310-b084-bc0e0c8e3800
* Fix _lookup_serial to compare with proper types.Tim Terriberry2010-10-141-4/+4
| | | | | | | | Storing a serial number in a long and comparing it to an ogg_uint32_t only works if you cast the long down, instead of letting C promote it. git-svn-id: https://svn.xiph.org/trunk/Tremor@17536 0101bb08-14d6-0310-b084-bc0e0c8e3800
* Correct 'seconds' to 'milliseconds', a cosmetic error that's been there ↵Monty2010-10-141-2/+2
| | | | | | since the iseeking_example was originally copied over from reference. git-svn-id: https://svn.xiph.org/trunk/Tremor@17535 0101bb08-14d6-0310-b084-bc0e0c8e3800
* Commit provisional fix for 64 bit math overflow in libvorbisfileMonty2010-10-141-2/+33
| | | | | | | | | | | | | seeking bisection computation This is the equivalent of the r15921 fix in reference, but doesn't require a double cast (for obvious reasons). The technique is different, the intent is the same (avoid a 64x64= >64 bit overflow) git-svn-id: https://svn.xiph.org/trunk/Tremor@17534 0101bb08-14d6-0310-b084-bc0e0c8e3800
* Patch iseeking example to continue if there's insufficient memory to ↵Monty2010-10-141-27/+33
| | | | | | | | | | | | | allocate a verification buffer for excessively large samples. Also correct sample/time calculation to not overflow 64 bit math, again for those excessively long samples git-svn-id: https://svn.xiph.org/trunk/Tremor@17533 0101bb08-14d6-0310-b084-bc0e0c8e3800
* Fix iseeking_example #includes.Tim Terriberry2010-10-141-2/+2
| | | | | | | | | | Unless you're using the autotools build system, <vorbis/...> doesn't exist, and could pull out-of-date system headers anyway. ivorbisfile_example had the same problem, but that fix was accidentally included in r17526. git-svn-id: https://svn.xiph.org/trunk/Tremor@17532 0101bb08-14d6-0310-b084-bc0e0c8e3800
* Port r17177 from libvorbis.Tim Terriberry2010-10-141-9/+10
| | | | | | | | r16328 (committed in Tremor as r17526) broke chaining by causing vorbis_synthesis_init() to fail on a second call. git-svn-id: https://svn.xiph.org/trunk/Tremor@17531 0101bb08-14d6-0310-b084-bc0e0c8e3800
* Port r17029 and r17050 from libvorbis.Tim Terriberry2010-10-144-16/+10
| | | | | | | Fix leak when aborting out of static_codebook unpack. Closes #1663. git-svn-id: https://svn.xiph.org/trunk/Tremor@17530 0101bb08-14d6-0310-b084-bc0e0c8e3800
* Port r17027 from libvorbis.Tim Terriberry2010-10-141-5/+13
| | | | | | | Apply patches from Trac #1638, additional application hardening. git-svn-id: https://svn.xiph.org/trunk/Tremor@17529 0101bb08-14d6-0310-b084-bc0e0c8e3800
* Port r16597 from libvorbis.Tim Terriberry2010-10-141-0/+1
| | | | | | | Don't allow ordered codebooks with codeword lengths longer than 32 bits. git-svn-id: https://svn.xiph.org/trunk/Tremor@17528 0101bb08-14d6-0310-b084-bc0e0c8e3800
* Port r16326 from libvorbis.Tim Terriberry2010-10-141-1/+1
| | | | | | | Eliminate possibility of booklist overflow in res0/1/2 unpacking. git-svn-id: https://svn.xiph.org/trunk/Tremor@17527 0101bb08-14d6-0310-b084-bc0e0c8e3800
* Port r16328 and r16330 from libvorbis.Tim Terriberry2010-10-142-10/+26
| | | | | | | | | ivorbisfile_example.c ignores an error code and plows ahead blindly if libvorbisidec reports the current bitstream section is bad (OV_EBADLINK). Retrying after the error crashes libvorbisidec due to the unitialized state. git-svn-id: https://svn.xiph.org/trunk/Tremor@17526 0101bb08-14d6-0310-b084-bc0e0c8e3800
* Port the rest of r16222 from libvorbis.Tim Terriberry2010-10-144-19/+25
| | | | | | | Commit additional hardening to setup packet decode. git-svn-id: https://svn.xiph.org/trunk/Tremor@17525 0101bb08-14d6-0310-b084-bc0e0c8e3800
* Port r16218 from libvorbis.Tim Terriberry2010-10-141-4/+15
| | | | | | | Fix for https://bugzilla.mozilla.org/show_bug.cgi?id=501279 git-svn-id: https://svn.xiph.org/trunk/Tremor@17524 0101bb08-14d6-0310-b084-bc0e0c8e3800
* Port of r16182 from libvorbis.Tim Terriberry2010-10-141-4/+15
| | | | | | | | | Second half of fix to https://bugzilla.mozilla.org/show_bug.cgi?id=500254 Sanity check the floor 1 post list to reject files with repeated values that would result in floor line segments with zero length. git-svn-id: https://svn.xiph.org/trunk/Tremor@17523 0101bb08-14d6-0310-b084-bc0e0c8e3800
* Port of r16181 from libvorbis.Tim Terriberry2010-10-141-1/+3
| | | | | | | | | First half of fix for https://bugzilla.mozilla.org/show_bug.cgi?id=500254 Residue code was not checking that its partition books were books with specified/populated value mappings. git-svn-id: https://svn.xiph.org/trunk/Tremor@17522 0101bb08-14d6-0310-b084-bc0e0c8e3800
* Also add the header change needed for the fix in r17520.Tim Terriberry2010-10-141-0/+1
| | | | git-svn-id: https://svn.xiph.org/trunk/Tremor@17521 0101bb08-14d6-0310-b084-bc0e0c8e3800
* Port r15532 and r16552 from libvorbis.Tim Terriberry2010-10-131-3/+7
| | | | | | | | | | | Fix for bug #1456-- the 'bulletproofing' from CVE-2008-1420 inadvertantly rejects a harmless/legal (if suboptimal) codebook arrangement that was apparently used in 1.0b1. Modify fix for Trac #1572; some files from the earliest beta accidentally used an oversized phrasebook in res decode; allow these. git-svn-id: https://svn.xiph.org/trunk/Tremor@17520 0101bb08-14d6-0310-b084-bc0e0c8e3800
* Port r14984 from libvorbis.Tim Terriberry2010-10-131-4/+6
| | | | | | | Correct an accidental dereference-before-check in error cleanup in comments. git-svn-id: https://svn.xiph.org/trunk/Tremor@17519 0101bb08-14d6-0310-b084-bc0e0c8e3800
* Forward port the rest of r5278.Tim Terriberry2010-10-131-3/+5
| | | | | | | | The vorbisfile part of this got merged in r16259, but the corresponding changes to voris_synthesis_init() to actually return a failure code did not. git-svn-id: https://svn.xiph.org/trunk/Tremor@17518 0101bb08-14d6-0310-b084-bc0e0c8e3800
* Fixes for r17514 (take two).Tim Terriberry2010-10-131-3/+4
| | | | | | | | | Actually allocate the right number of comments, and add an extra check against i+1 overflowing (which could happen with a 4 GB comment packet on a 64-bit machine... unlikely, but possible). git-svn-id: https://svn.xiph.org/trunk/Tremor@17517 0101bb08-14d6-0310-b084-bc0e0c8e3800
* Back out r17515.Tim Terriberry2010-10-136-19/+13
| | | | | | | This accidentally contained far more than I meant to commit. git-svn-id: https://svn.xiph.org/trunk/Tremor@17516 0101bb08-14d6-0310-b084-bc0e0c8e3800
* Fixes for r17514.Tim Terriberry2010-10-136-13/+19
| | | | | | | | | Actually allocate the right number of comments, and add an extra check against i+1 overflowing (which could happen with a 4 GB comment packet on a 64-bit machine... unlikely, but possible). git-svn-id: https://svn.xiph.org/trunk/Tremor@17515 0101bb08-14d6-0310-b084-bc0e0c8e3800
* Forward port r14502, r16217, and parts of r16222.Tim Terriberry2010-10-131-7/+16
| | | | | | | | | | | | | Don't try to read past the end of the comment packet if the string lengths are corrupt. Correct a potential comment length sanity check overflow. Commit additional hardening to comment packet decode. Also add allocation checks, since these can still run us out of address space if someone actually sends a GB or two of comment data. git-svn-id: https://svn.xiph.org/trunk/Tremor@17514 0101bb08-14d6-0310-b084-bc0e0c8e3800
* Forward port r14598 from libvorbis.Tim Terriberry2010-10-131-0/+14
| | | | | | | | Add code to prevent heap attacks by exploiting dim==bignum and partition_codewords==partion_values^dim. git-svn-id: https://svn.xiph.org/trunk/Tremor@17513 0101bb08-14d6-0310-b084-bc0e0c8e3800
* Forward port r14602 from libvorbis.Tim Terriberry2010-10-131-1/+1
| | | | | | | Correctly handle the nonsensical codebook.dim==0 case. git-svn-id: https://svn.xiph.org/trunk/Tremor@17512 0101bb08-14d6-0310-b084-bc0e0c8e3800
* Forward port r14064 from libvorbis.Tim Terriberry2010-10-131-0/+2
| | | | | | | Add checks/rejection for absurdly huge codebooks. git-svn-id: https://svn.xiph.org/trunk/Tremor@17511 0101bb08-14d6-0310-b084-bc0e0c8e3800
View Lorry Controller Status