Update in-tree libogg to 1.3.0

RESOLVED FIXED in mozilla10

Status

()

Core
Audio/Video
RESOLVED FIXED
6 years ago
6 years ago

People

(Reporter: imelven, Assigned: rillian)

Tracking

Trunk
mozilla10
x86
Windows Vista
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment)

(Reporter)

Description

6 years ago
latest libogg is : Version 1.3.0 (2011 August 4)

the release notes at http://svn.xiph.org/trunk/ogg/CHANGES say :

Version 1.2.1 (2010 November 01)

* Various build updates (see SVN)
* Add ogg_stream_pageout_fill() to API to allow applications
  greater explicit flexibility in page sizing.
* Documentation updates including multiplexing description,
  terminology and API (incl. ogg_packet_clear(),
  ogg_stream_pageout_fill())
=> * Correct possible buffer overwrite in stream encoding on 32 bit
  when a single packet exceed 250MB.
=> * Correct read-buffer overrun [without side effects] under
  similar circumstances.
* Update unit testing to work properly with new page spill
  heuristic.

and http://mxr.mozilla.org/mozilla-central/source/media/libogg/src/ says :

ogg_bitwise.c 22k Jun 15 2010
ogg_framing.c 66k Jun 15 2010

so it appears we should at least investigate to see if we have this issue.
We picked those fixes up in bug 559344 when the in-tree libogg was updated to SVN r17287.

We should still update to 1.3.0, since it makes working out the answer to questions like this much easier.  I'll take the security flag off of this bug.
Group: core-security
Summary: libogg is out of date and may contain possible memory read/write overruns → Update in-tree libogg to 1.3.0
(Assignee)

Updated

6 years ago
Assignee: nobody → giles
(Assignee)

Comment 2

6 years ago
Created attachment 562573 [details] [diff] [review]
proposed patch

Brian, please check this patch on Solaris. I've changed the way the fixed width types are obtained there.
Attachment #562573 - Flags: review?(eagle.lu)
(Assignee)

Comment 3

6 years ago
Review ping. I'll request checkin at the end of the week if we can't get verification on Solaris.
(Assignee)

Comment 4

6 years ago
Comment on attachment 562573 [details] [diff] [review]
proposed patch

Timing out on Solaris review. Matthew, please review for check-in.
Attachment #562573 - Flags: review?(eagle.lu) → review?(kinetik)
Attachment #562573 - Flags: review?(kinetik) → review+
https://hg.mozilla.org/integration/mozilla-inbound/rev/df9d305be412
Target Milestone: --- → mozilla10
https://hg.mozilla.org/mozilla-central/rev/df9d305be412
Status: NEW → RESOLVED
Last Resolved: 6 years ago
Resolution: --- → FIXED
(Assignee)

Comment 7

6 years ago
Thanks, Matthew.
Depends on: 695240
You need to log in before you can comment on or make changes to this bug.