468280 - Audit alloc failure in oggz annodex library

Status: RESOLVED FIXED

(Core :: Audio/Video, defect)

Description

[timeless]

note that this code isn't consistent about oggz_malloc v malloc, i don't care as i'm not specifically looking for it, 

http://mxr-test.konigsberg.mozilla.org/mozilla-central/source/media/liboggz/src/liboggz/oggz_table.c?rev=79c023857355&mark=55-57,56,77-79,57,80#50
http://mxr-test.konigsberg.mozilla.org/mozilla-central/source/media/liboggz/src/liboggz/oggz_read.c?rev=79c023857355&mark=261-262,263-264,#257
http://mxr-test.konigsberg.mozilla.org/mozilla-central/source/media/liboggz/src/liboggz/oggz_comments.c?rev=79c023857355&mark=63-64,137-138,144-147,154-155,164-166,206-207,
http://mxr-test.konigsberg.mozilla.org/mozilla-central/source/media/liboggz/src/liboggz/oggz_auto.c?rev=79c023857355&mark=438-440,491-493,556-559,679-680,822-828,949-951,
http://mxr-test.konigsberg.mozilla.org/mozilla-central/source/media/liboggz/src/liboggz/oggz_vector.c?rev=79c023857355&mark=84-86,
http://mxr-test.konigsberg.mozilla.org/mozilla-central/source/media/liboggz/src/liboggz/oggz.c?rev=79c023857355&mark=98,203,315,356,108,206-207,
http://mxr-test.konigsberg.mozilla.org/mozilla-central/source/media/liboggz/src/liboggz/oggz_io.c?rev=79c023857355&rev=186-187,196-198,221-223,246-248,271-273,296-298,
http://mxr-test.konigsberg.mozilla.org/mozilla-central/source/media/liboggz/src/liboggz/oggz_dlist.c?rev=79c023857355&mark=56,67,58,61,59,65,96-98,108-110,
http://mxr-test.konigsberg.mozilla.org/mozilla-central/source/media/liboggz/src/liboggz/oggz_write.c?rev=79c023857355&mark=310-311,316-318,


note that realloc is generally used incorrectly (and especially in any case i've highlighted...)

Comment 1

[Conrad Parker]

thanks, these should be fixed in upstream liboggz r3816, which checks for malloc failure and handles realloc failure.

Also r3817 makes sure to use oggz_malloc/oggz_free consistently.

Comment 2

[timeless]

i've pulled in latest xiph/annodex to konigsberg for further bits.

http://mxr-test.konigsberg.mozilla.org/annodex/source/liboggz/src/liboggz/oggz_table.c?mark=54,77,55,80#54
http://mxr-test.konigsberg.mozilla.org/annodex/source/liboggz/src/liboggz/oggz_read.c?mark=434-438,458-462#434
http://mxr-test.konigsberg.mozilla.org/annodex/source/liboggz/src/liboggz/oggz_comments.c?mark=342-344,373-375,479-480,555-556,560-561,#342

this isn't something we'd build, but while you're fixing stuff:
http://mxr-test.konigsberg.mozilla.org/annodex/source/liboggz/src/tools/oggz-dump.c?mark=115-116,385,403,118,586,119,311,548-550,#384
http://mxr-test.konigsberg.mozilla.org/annodex/source/liboggz/src/tools/oggz-comment.c?mark=106,280,108-109,111-112,114-115,456,475,#106

this is mostly _new chasing.

Comment 3

[timeless]

I just noticed that comment 0 had a typo:
http://mxr-test.konigsberg.mozilla.org/mozilla-central/source/media/liboggz/src/liboggz/oggz_io.c?rev=79c023857355&mark=186-187,196-198,221-223,246-248,271-273,296-298

these will return errors for oom eventually:
http://mxr-test.konigsberg.mozilla.org/annodex/source/liboggz/src/liboggz/oggz_read.c?mark=78#73
http://mxr-test.konigsberg.mozilla.org/annodex/source/liboggz/src/liboggz/oggz.c?mark=338,340#338

Comment 4

[Conrad Parker]

Thanks, the above should be fixed in upstream revs 3817-3821:

http://trac.annodex.net/changeset/3821
http://trac.annodex.net/changeset/3820
http://trac.annodex.net/changeset/3819
http://trac.annodex.net/changeset/3818
http://trac.annodex.net/changeset/3817

Comment 5

[cajbir (:cajbir)]

The fixes mentioned in comment 4 will be picked up in bug 477899 which updates liboggz.

Comment 6

[cajbir (:cajbir)]

Bug 477899 has landed on mozilla-central.

Comment 7

[cajbir (:cajbir)]

Bug 477899 has landed on mozilla-1.9.1, fixing this bug.