550184 - vorbis_analysis_headerout calls oggpack_writeclear with uninitialized ogb if !v->backend_state

Status: RESOLVED FIXED

(Core :: Audio/Video, defect)

Description

[timeless]

567  	int vorbis_analysis_headerout(vorbis_dsp_state *v,
568  	                              vorbis_comment *vc,
569  	                              ogg_packet *op,
570  	                              ogg_packet *op_comm,
571  	                              ogg_packet *op_code){

574  	  oggpack_buffer opb;
575  	  private_state *b=v->backend_state;

577  	  if(!b){
578  	    ret=OV_EFAULT;
579  	    goto err_out;

630  	 err_out:
631  	  oggpack_writeclear(&opb);

Comment 1

[cajbir (:cajbir)]

Raised as trac ticket #1656 in the Xiph bug system:

https://trac.xiph.org/ticket/1656

Comment 2

[cajbir (:cajbir)]

Patch suggested by Tim Terryberry:

http://pastebin.com/SzAsqYaM

Comment 3

[cajbir (:cajbir)]

Attachment: Fix

Patch attached based on Tim's patch (Apologies for spelling Tim's last name wrong in the previous comment).

Comment 4

[Robert O'Callahan (:roc) (email my personal email if necessary)]

http://hg.mozilla.org/mozilla-central/rev/d63280421a8d

We should get this on branch eh?

Comment 5

[Mike Beltzner [:beltzner, not reading bugmail]]

Comment on attachment 430413 [details] [diff] [review]
Fix

a=beltzner for 1.9.2.2 and 1.9.1.9

Comment 6

[timeless]

http://hg.mozilla.org/releases/mozilla-1.9.2/rev/c57eeb94d898
http://hg.mozilla.org/releases/mozilla-1.9.1/rev/fa02f59ba2f9

Comment 7

[Robert O'Callahan (:roc) (email my personal email if necessary)]

Thanks timeless!

Comment 8

[Aakash Desai [:aakashd]]

Is there a way to test this?

Comment 9

[cajbir (:cajbir)]

Not that I'm aware of.