Stop trying to read comments outside the ogg package available. (!11) · Merge requests · Xiph.Org / liboggz

Petter Reinholdtsen requested to merge issue-14-comments-decode-crash into master Feb 05, 2025

This fixes a crash on invalid input. Avoids the following valgrind issues with the provided test file.

==2211783== Conditional jump or move depends on uninitialised value(s)
==2211783==    at 0x4846DF3: __strncpy_sse2_unaligned (vg_replace_strmem.c:602)
==2211783==    by 0x4855BAE: oggz_strdup_len (oggz_comments.c:92)
==2211783==    by 0x4855BAE: oggz_comments_decode (oggz_comments.c:594)
==2211783==    by 0x485A81D: oggz_auto_read_comments (oggz_auto.c:1507)
==2211783==    by 0x4856E03: oggz_read_sync (oggz_read.c:456)
==2211783==    by 0x485734B: oggz_read (oggz_read.c:650)
==2211783==    by 0x10AD64: validate (oggz-validate.c:445)
==2211783==    by 0x10A431: main (oggz-validate.c:594)
==2211783==
==2211783== Invalid read of size 4
==2211783==    at 0x48559DA: oggz_comments_decode (oggz_comments.c:614)
==2211783==    by 0x485A81D: oggz_auto_read_comments (oggz_auto.c:1507)
==2211783==    by 0x4856E03: oggz_read_sync (oggz_read.c:456)
==2211783==    by 0x485734B: oggz_read (oggz_read.c:650)
==2211783==    by 0x10AD64: validate (oggz-validate.c:445)
==2211783==    by 0x10A431: main (oggz-validate.c:594)
==2211783==  Address 0x4ae75f5 is 244,869 bytes inside a block of size 274,481 free'd
==2211783==    at 0x484317B: free (vg_replace_malloc.c:872)
==2211783==    by 0x4855C1F: oggz_comments_decode (oggz_comments.c:602)
==2211783==    by 0x485A81D: oggz_auto_read_comments (oggz_auto.c:1507)
==2211783==    by 0x4856E03: oggz_read_sync (oggz_read.c:456)
==2211783==    by 0x485734B: oggz_read (oggz_read.c:650)
==2211783==    by 0x10AD64: validate (oggz-validate.c:445)
==2211783==    by 0x10A431: main (oggz-validate.c:594)
==2211783==  Block was alloc'd at
==2211783==    at 0x48407B4: malloc (vg_replace_malloc.c:381)
==2211783==    by 0x4855B94: oggz_strdup_len (oggz_comments.c:90)
==2211783==    by 0x4855B94: oggz_comments_decode (oggz_comments.c:594)
==2211783==    by 0x485A81D: oggz_auto_read_comments (oggz_auto.c:1507)
==2211783==    by 0x4856E03: oggz_read_sync (oggz_read.c:456)
==2211783==    by 0x485734B: oggz_read (oggz_read.c:650)
==2211783==    by 0x10AD64: validate (oggz-validate.c:445)
==2211783==    by 0x10A431: main (oggz-validate.c:594)

Fixes #14 (closed)

Edited Feb 05, 2025 by Petter Reinholdtsen

Stop trying to read comments outside the ogg package available.

Merge request reports