Changeset 3773

Show
Ignore:
Timestamp:
2008-11-07 20:08:04 (2 months ago)
Author:
conrad
Message:

oggz_read: return an error when a hole (ie. missing sequence number) is detected
in the headers of a track, as such header corruption cannot be tolerated by decoders.
Beyond the headers, skip holes in data as before for robustness.

This should fix Mozilla bug 463756: https://bugzilla.mozilla.org/show_bug.cgi?id=463756
which crashed in vorbis_synthesize() after attempting to decode with corrupt headers.
The method of this fix is adapted from libvorbisfile, but here should work for any
content type. Tested with the file attached to the above bug, with fishsound-info
and oggplay-info, both of which previously crashed.

Files:

Legend:

Unmodified
Added
Removed
Modified
Copied
Moved

  • liboggz/trunk/include/oggz/oggz_constants.h

    r3772 r3773  
    171171  OGGZ_ERR_IO_AGAIN                     = -16, 
    172172 
     173  /** Hole (sequence number gap) detected in input data */ 
     174  OGGZ_ERR_HOLE_IN_DATA                 = -17, 
     175 
    173176  /** The requested serialno does not exist in this OGGZ */ 
    174177  OGGZ_ERR_BAD_SERIALNO                 = -20, 

  • liboggz/trunk/src/liboggz/oggz_read.c

    r3718 r3773  
    375375        result = ogg_stream_packetout(os, op); 
    376376 
     377        /* 
     378         * libogg flags "holes in the data" (which are really inconsistencies 
     379         * in the page sequence number) by returning -1. 
     380         */ 
    377381        if(result == -1) { 
    378382#ifdef DEBUG 
    379383          printf ("oggz_read_sync: hole in the data\n"); 
    380384#endif 
     385          /* We can't tolerate holes in headers, so bail out. */ 
     386          if (stream->packetno < 3) return OGGZ_ERR_HOLE_IN_DATA; 
     387 
     388          /* Holes in content occur in some files and pretty much don't matter, 
     389           * so we silently swallow the notification and reget the packet. 
     390           */ 
    381391          result = ogg_stream_packetout(os, op); 
    382392          if (result == -1) { 
     393            /* If the result is *still* -1 then something strange is 
     394             * happening. 
     395             */ 
    383396#ifdef DEBUG 
    384             /* 
    385              * libogg flags "holes in the data" (which are really  
    386              * inconsistencies in the page sequence number) by returning 
    387              * -1.  This occurs in some files and pretty much doesn't matter, 
    388              *  so we silently swallow the notification and reget the packet. 
    389              *  If the result is *still* -1 then something strange is happening. 
    390              */ 
    391             printf ("shouldn't get here"); 
    392 #endif 
    393             return -7; 
     397            printf ("Multiple holes in data!"); 
     398#endif 
     399            return OGGZ_ERR_HOLE_IN_DATA; 
    394400          } 
    395401        }