Closed Bug 506878 Opened 15 years ago Closed 15 years ago

oggz_read_sync and oggz_read_update_gp don't check for errors from oggz_stream_get_content

Categories

(Core :: Audio/Video, defect)

Product:
Core
Component:
Audio/Video
Type:
defect
Priority:
Not set
Severity:
blocker

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: timeless, Assigned: cajbir)

References

(Blocks 1 open bug,
URL
)

Details

(Keywords: coverity, Whiteboard: [sg:moderate]) 

55   	oggz_stream_get_content (OGGZ * oggz, long serialno)
62   	  if (stream == NULL) return OGGZ_ERR_BAD_SERIALNO;

i'm aware that the code thinks its serial number is ok, but the function returns two error codes at this point and could potentially return more.

it'd be appreciated if callers always checked for error values.

318  	oggz_read_sync (OGGZ * oggz)
397  	          content = oggz_stream_get_content(oggz, serialno);

414  	            reader->current_granulepos = 
415  	              oggz_auto_calculate_granulepos (content, granulepos, stream, op);
Group: core-security
URL: http://mxr.mozilla.org/mozilla-centra...http://mxr.mozilla.org/mozilla-centra...
Summary: oggz_read_sync doesn't check for errors from oggz_stream_get_content → oggz_read_sync and oggz_read_update_gp don't check for errors from oggz_stream_get_content
Fixed in upstream commit 822b0af67199d97298261d615cf6a3a50a3b8426
Status: UNCONFIRMED → NEW
Ever confirmed: true
Whiteboard: [sg:moderate]
Fixed by liboggz update.
Status: NEW → RESOLVED
Closed: 15 years ago
Depends on: CVE-2009-3377
Resolution: --- → FIXED
Group: core-security
You need to log in before you can comment on or make changes to this bug.