latest libogg is : Version 1.3.0 (2011 August 4)
the release notes at http://svn.xiph.org/trunk/ogg/CHANGES say :
Version 1.2.1 (2010 November 01)
* Various build updates (see SVN)
* Add ogg_stream_pageout_fill() to API to allow applications
greater explicit flexibility in page sizing.
* Documentation updates including multiplexing description,
terminology and API (incl. ogg_packet_clear(),
=> * Correct possible buffer overwrite in stream encoding on 32 bit
when a single packet exceed 250MB.
=> * Correct read-buffer overrun [without side effects] under
* Update unit testing to work properly with new page spill
and http://mxr.mozilla.org/mozilla-central/source/media/libogg/src/ says :
ogg_bitwise.c 22k Jun 15 2010
ogg_framing.c 66k Jun 15 2010
so it appears we should at least investigate to see if we have this issue.
We picked those fixes up in bug 559344 when the in-tree libogg was updated to SVN r17287.
We should still update to 1.3.0, since it makes working out the answer to questions like this much easier. I'll take the security flag off of this bug.
Created attachment 562573 [details] [diff] [review]
Brian, please check this patch on Solaris. I've changed the way the fixed width types are obtained there.
Review ping. I'll request checkin at the end of the week if we can't get verification on Solaris.
Comment on attachment 562573 [details] [diff] [review]
Timing out on Solaris review. Matthew, please review for check-in.