Permalink
Browse files

Initialize vorbis_dsp_state to avoid a crash triggered by a Vorbis file

with corrupt headers Mozilla bug 481601.

Adapted from a patch that fixes the crash by adding a new vorbis_dsp_init()
function to libvorbis, and calling that from fs_vorbis_init():
https://bug481601.bugzilla.mozilla.org/attachment.cgi?id=366150

It was suggested in this thread on vorbis-dev that we isolate the patch
to libfishsound, rather than also adding vorbis_dsp_init() to libvorbis:
http://lists.xiph.org/pipermail/vorbis-dev/2009-March/019791.html

Hence, this revision should replace the patch currently in use in
Firefox for Mozilla bug 481601.

git-svn-id: http://svn.annodex.net/libfishsound/trunk@3901 8158c8cd-e7e1-0310-9fa4-c5954c97daef
  • Loading branch information...
1 parent 7051bfe commit e98a058c51e79eb7d97cdf31166fd8196cd0a383 conrad committed Mar 28, 2009
Showing with 2 additions and 0 deletions.
  1. +2 −0 src/libfishsound/vorbis.c
@@ -433,6 +433,8 @@ fs_vorbis_init (FishSound * fsound)
fsv->finished = 0;
vorbis_info_init (&fsv->vi);
vorbis_comment_init (&fsv->vc);
+ memset(&fsv->vd, 0, sizeof(fsv->vd));
+ vorbis_block_init (&fsv->vd, &fsv->vb);
fsv->pcm = NULL;
fsv->ipcm = NULL;
fsv->max_pcm = 0;

0 comments on commit e98a058

Please sign in to comment.