]> git.tue.mpg.de Git - paraslash.git/commit
projects / paraslash.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 9005b5a) | patch
Fix an invalid-free-bug in the ogg audio format handler code.
authorAndre Noll <maan@systemlinux.org>
Mon, 9 Aug 2010 22:15:04 +0000 (00:15 +0200)
committerAndre Noll <maan@systemlinux.org>
Mon, 9 Aug 2010 22:15:04 +0000 (00:15 +0200)
commit3f8c505afd85714f6f8c12d8a94ae642fbfb6de4
treefdd0f32f3073efb7284db648433ebfe51782061ctree | snapshot
parent9005b5a064873fc1ec2af9fb76c61aa7cd60db9bcommit | diff
Fix an invalid-free-bug in the ogg audio format handler code.

In process_ogg_packets(), if ogg_sync_pageout() fails, we jmp to
the out label where "stream" is being freed by ogg_stream_clear()
without being initialized.

This causes para_afh and para_server to segfault in libogg:

*** glibc detected *** para_afh: munmap_chunk(): invalid pointer: 0x6f890d42 ***
======= Backtrace: =========
/usr/lib/glibc/lib/libc.so.6(+0x66e5a)[0x6f712e5a]
/usr/lib/glibc/lib/libc.so.6(+0x68021)[0x6f714021]
/usr/local/lib/libogg.so.0(ogg_stream_clear+0x2f)[0x6f891adf]
para_afh[0x804cb52]
para_afh[0x804cbeb]
para_afh[0x804ce59]
para_afh[0x804be71]
para_afh[0x804a97c]
/usr/lib/glibc/lib/libc.so.6(__libc_start_main+0xd9)[0x6f6c2c79]
para_afh[0x8049991]

Fix this bug by returning the error code directly rather than jumping
to "out".
NEWS diff | blob | history
ogg_afh_common.c diff | blob | history
paraslash - network audio streaming tools