latest libogg is : Version 1.3.0 (2011 August 4) the release notes at http://svn.xiph.org/trunk/ogg/CHANGES say : Version 1.2.1 (2010 November 01) * Various build updates (see SVN) * Add ogg_stream_pageout_fill() to API to allow applications greater explicit flexibility in page sizing. * Documentation updates including multiplexing description, terminology and API (incl. ogg_packet_clear(), ogg_stream_pageout_fill()) => * Correct possible buffer overwrite in stream encoding on 32 bit when a single packet exceed 250MB. => * Correct read-buffer overrun [without side effects] under similar circumstances. * Update unit testing to work properly with new page spill heuristic. and http://mxr.mozilla.org/mozilla-central/source/media/libogg/src/ says : ogg_bitwise.c 22k Jun 15 2010 ogg_framing.c 66k Jun 15 2010 so it appears we should at least investigate to see if we have this issue.
We picked those fixes up in bug 559344 when the in-tree libogg was updated to SVN r17287. We should still update to 1.3.0, since it makes working out the answer to questions like this much easier. I'll take the security flag off of this bug.
Summary: libogg is out of date and may contain possible memory read/write overruns → Update in-tree libogg to 1.3.0
Created attachment 562573 [details] [diff] [review] proposed patch Brian, please check this patch on Solaris. I've changed the way the fixed width types are obtained there.
Attachment #562573 - Flags: review?(eagle.lu)
Review ping. I'll request checkin at the end of the week if we can't get verification on Solaris.
Comment on attachment 562573 [details] [diff] [review] proposed patch Timing out on Solaris review. Matthew, please review for check-in.
Attachment #562573 - Flags: review?(eagle.lu) → review?(kinetik)
Attachment #562573 - Flags: review?(kinetik) → review+
Target Milestone: --- → mozilla10
Status: NEW → RESOLVED
Last Resolved: 7 years ago
Resolution: --- → FIXED
a year ago
You need to log in before you can comment on or make changes to this bug.