[xiph-commits] r17561 - in trunk/vorbis: examples lib
xiphmont at svn.xiph.org
xiphmont at svn.xiph.org
Sat Oct 23 03:34:24 PDT 2010
Author: xiphmont
Date: 2010-10-23 03:34:24 -0700 (Sat, 23 Oct 2010)
New Revision: 17561
Modified:
trunk/vorbis/examples/seeking_example.c
trunk/vorbis/lib/block.c
Log:
Commit tterribe's port of Tremor r17541:
Harden the code that trims the last packet of a stream; it was
possible to game the granpos such that the trim code would try to
rewind more samples than were actually available in storage.
Also, fix/eliminate two printf warnings in seeking_example extension.
Modified: trunk/vorbis/examples/seeking_example.c
===================================================================
--- trunk/vorbis/examples/seeking_example.c 2010-10-23 10:29:11 UTC (rev 17560)
+++ trunk/vorbis/examples/seeking_example.c 2010-10-23 10:34:24 UTC (rev 17561)
@@ -61,13 +61,13 @@
bread=ov_read(ov,buffer,4096,1,1,1,&dummy);
for(j=0;j<bread;j++){
if(buffer[j]!=bigassbuffer[j+((pos>>hs)*2)]){
- fprintf(stderr,"data after seek doesn't match declared pcm position %lld\n",pos);
+ fprintf(stderr,"data after seek doesn't match declared pcm position %ld\n",(long)pos);
for(i=0;i<(pcmlength>>hs)*2-bread;i++){
for(j=0;j<bread;j++)
if(buffer[j] != bigassbuffer[i+j])break;
if(j==bread){
- fprintf(stderr,"data after seek appears to match position %lld\n",(i/2)<<hs);
+ fprintf(stderr,"data after seek appears to match position %ld\n",(long)((i/2)<<hs));
}
}
{
Modified: trunk/vorbis/lib/block.c
===================================================================
--- trunk/vorbis/lib/block.c 2010-10-23 10:29:11 UTC (rev 17560)
+++ trunk/vorbis/lib/block.c 2010-10-23 10:34:24 UTC (rev 17561)
@@ -860,6 +860,15 @@
if(b->sample_count>v->granulepos){
/* corner case; if this is both the first and last audio page,
then spec says the end is cut, not beginning */
+ long extra=b->sample_count-vb->granulepos;
+
+ /* we use ogg_int64_t for granule positions because a
+ uint64 isn't universally available. Unfortunately,
+ that means granposes can be 'negative' and result in
+ extra being negative */
+ if(extra<0)
+ extra=0;
+
if(vb->eofflag){
/* trim the end */
/* no preceding granulepos; assume we started at zero (we'd
@@ -867,10 +876,16 @@
/* granulepos could be -1 due to a seek, but that would result
in a long count, not short count */
- v->pcm_current-=(b->sample_count-v->granulepos)>>hs;
+ /* Guard against corrupt/malicious frames that set EOP and
+ a backdated granpos; don't rewind more samples than we
+ actually have */
+ if(extra > (v->pcm_current - v->pcm_returned)<<hs)
+ extra = (v->pcm_current - v->pcm_returned)<<hs;
+
+ v->pcm_current-=extra>>hs;
}else{
/* trim the beginning */
- v->pcm_returned+=(b->sample_count-v->granulepos)>>hs;
+ v->pcm_returned+=extra>>hs;
if(v->pcm_returned>v->pcm_current)
v->pcm_returned=v->pcm_current;
}
@@ -888,6 +903,20 @@
if(extra)
if(vb->eofflag){
/* partial last frame. Strip the extra samples off */
+
+ /* Guard against corrupt/malicious frames that set EOP and
+ a backdated granpos; don't rewind more samples than we
+ actually have */
+ if(extra > (v->pcm_current - v->pcm_returned)<<hs)
+ extra = (v->pcm_current - v->pcm_returned)<<hs;
+
+ /* we use ogg_int64_t for granule positions because a
+ uint64 isn't universally available. Unfortunately,
+ that means granposes can be 'negative' and result in
+ extra being negative */
+ if(extra<0)
+ extra=0;
+
v->pcm_current-=extra>>hs;
} /* else {Shouldn't happen *unless* the bitstream is out of
spec. Either way, believe the bitstream } */
More information about the commits
mailing list