platform/upstream/libvorbis.git
4 years agoMerge tag 'v1.3.7' into tizen 96/246496/1 accepted/tizen_6.5_base accepted/tizen_7.0_base accepted/tizen_7.0_base_hotfix accepted/tizen_unified tizen tizen_6.5_base tizen_7.0_base tizen_7.0_base_hotfix accepted/tizen/6.5/base/20211028.060335 accepted/tizen/7.0/base/20221116.025743 accepted/tizen/7.0/base/hotfix/20221116.055151 accepted/tizen/base/20210825.055357 accepted/tizen/base/20221115.103620 accepted/tizen/unified/20201105.124409 submit/tizen/20201104.014944 submit/tizen_6.5_base/20211028.134101 submit/tizen_base/20210825.043539 submit/tizen_base/20210825.044137 tizen_6.5.m2_release tizen_7.0_m2_release
Jeongmo Yang [Fri, 30 Oct 2020 02:51:59 +0000 (11:51 +0900)]
Merge tag 'v1.3.7' into tizen

libvorbis 1.3.7 (2020-07-04) -- "Xiph.Org libVorbis I 20200704 (Reducing Environment)"

* Fix CVE-2018-10393 - out-of-bounds read encoding very low sample rates.
* Fix CVE-2017-14160 - out-of-bounds read encoding very low sample rates.
* Fix handling invalid bytes per sample arguments.
* Fix handling invalid channel count arguments.
* Fix invalid free on seek failure.
* Fix negative shift reading blocksize.
* Fix accepting unreasonable float32 values.
* Fix tag comparison depending on locale.
* Fix unnecessarily linking libm.
* Fix memory leak in test_sharedbook.
* Update Visual Studio projects for ogg library filename change.
* Distribute CMake build files with the source package.
* Remove unnecessary configure --target switch.
* Add gitlab CI support.
* Add OSS-Fuzz support.
* Build system and integration updates.

Change-Id: Id3fe58a29509679f5b2ae2dfaa9da5dee8e7ff17
Signed-off-by: Jeongmo Yang <jm80.yang@samsung.com>
4 years agoAdd vorbis dependencies when building examples. v1.3.7
Ralph Giles [Sat, 4 Jul 2020 02:38:28 +0000 (19:38 -0700)]
Add vorbis dependencies when building examples.

The decoder_example program calls floor() which requires
its own -lm on the link line to resolve the local reference.

It seems on most platforms this was shadowed by the transitive
dependency in the vorbis libraries, but it results in an
unddefined reference error on e.g. debian 10 mipsel.

Signed-off-by: Mark Harris <mark.hsj@gmail.com>
4 years agoUpdate version and copyright for the 1.3.7 release.
Ralph Giles [Thu, 2 Jul 2020 19:33:54 +0000 (12:33 -0700)]
Update version and copyright for the 1.3.7 release.

Bump soname version and vendor string for the new release.

Update the top-level copyright dates for the release.

The have only been bug fixes to the encoder, no tuning changes,
but we updated the codename last time. so doing so again this
time. It's better to be able to distinguish releases than not.

Signed-off-by: Mark Harris <mark.hsj@gmail.com>
Signed-off-by: Thomas Daede <daede003@umn.edu>
4 years agoUpdate CHANGES for the 1.3.7 release
Ralph Giles [Thu, 2 Jul 2020 19:33:04 +0000 (12:33 -0700)]
Update CHANGES for the 1.3.7 release

Summary of commits since the last release.

Signed-off-by: Mark Harris <mark.hsj@gmail.com>
Signed-off-by: Thomas Daede <daede003@umn.edu>
4 years agoIgnore example executables.
Ralph Giles [Thu, 2 Jul 2020 19:27:36 +0000 (12:27 -0700)]
Ignore example executables.

Stop these clutting the `git status` output.

Signed-off-by: Mark Harris <mark.hsj@gmail.com>
4 years agoRebuild specification.
Ralph Giles [Thu, 2 Jul 2020 21:44:37 +0000 (14:44 -0700)]
Rebuild specification.

The tools to build the Vorbis format specification are a heavy
dependency, so we keep a built copy of that documentation in
the repository for the convenience of casual developers.

Rebuild the documents to bump the date and footer link
for the 1.3.7 release.

The spec build is broken on current texlive releases, with symptoms
like a missing table of contents in the pdf and incorrect size
attributes on figure images in the html output. This version
was build in a debian:9 (stretch) container to recover more
of the expected behaviour.

Signed-off-by: Mark Harris <mark.hsj@gmail.com>
4 years agoFix dependency loop in the specification.
Ralph Giles [Sat, 4 Jul 2020 00:02:26 +0000 (17:02 -0700)]
Fix dependency loop in the specification.

Building the html version of the Vorbis format specification
creates a series of image files containing figures and rendered
equations. Previously we were treating these as part of the
static documentation, since we keep a copy of the spec in
the repository.

Hopever, since the static images were listed as dependencies
of the specification document (as the not-generated ones are)
rebuilding the spec necessarily rebuilt them as well, which
meant the spec would always be considered out of date and
rebuilt needlessly.

Instead, split the static image files from the set which
are generated as part of the specification build process,
and only mark dependence on the former.

This allows us to drop the inconsistent DISTCLEAN line which
was working around the problem of always needing to rebuild
the spec, even when it was included in the distribution.

Signed-off-by: Mark Harris <mark.hsj@gmail.com>
4 years agoUpdate documentation cleanfiles.
Ralph Giles [Fri, 3 Jul 2020 04:13:56 +0000 (21:13 -0700)]
Update documentation cleanfiles.

Add a new intermediate file generated when building the spec.
It's necessary to remove all intermediates to pass `make distcheck`.

Signed-off-by: Mark Harris <mark.hsj@gmail.com>
4 years agoFix EFF Open Audio License removal.
Ralph Giles [Fri, 3 Jul 2020 18:51:13 +0000 (11:51 -0700)]
Fix EFF Open Audio License removal.

The earlier commit changed the html, but not the original
TeX source document.

Signed-off-by: Mark Harris <mark.hsj@gmail.com>
4 years agoFix a link typo in the spec colophon.
Ralph Giles [Fri, 3 Jul 2020 17:05:58 +0000 (10:05 -0700)]
Fix a link typo in the spec colophon.

This was introduced by the recent https link update patch.

Signed-off-by: Mark Harris <mark.hsj@gmail.com>
4 years agoLink to archive.org for the LSP implementation.
Ralph Giles [Fri, 3 Jul 2020 05:00:39 +0000 (22:00 -0700)]
Link to archive.org for the LSP implementation.

The page the LSP algorithm is based on is no longer online.
Link to an archived version instead.

Signed-off-by: Mark Harris <mark.hsj@gmail.com>
4 years agoUpdate link to crc_v3.txt.
Ralph Giles [Fri, 3 Jul 2020 04:51:35 +0000 (21:51 -0700)]
Update link to crc_v3.txt.

Ross William's website is still up, but the section containing
the CRC introduction is no longer available. Instead link to
a copy on zlib.org which hopefully will remain available.

Also remove the mailto: link. Email is not one of the included
contact links on the author's site, so it seems rude to continue
to publish it here.

Signed-off-by: Mark Harris <mark.hsj@gmail.com>
4 years agoUpdate the link to the multirate filter bank paper.
Ralph Giles [Fri, 3 Jul 2020 04:45:59 +0000 (21:45 -0700)]
Update the link to the multirate filter bank paper.

The old url is broken. This PDF link is just the first
search engine suggestion for the filename.

Signed-off-by: Mark Harris <mark.hsj@gmail.com>
4 years agoRemove reference to the EFF Open Audio license.
Ralph Giles [Fri, 3 Jul 2020 04:40:42 +0000 (21:40 -0700)]
Remove reference to the EFF Open Audio license.

The url no longer works, and according to Wikipedia, the EFF
now recommends Creative Commons licenses instead.

Also provide a specific Creative Commons license as an example.

Signed-off-by: Mark Harris <mark.hsj@gmail.com>
4 years agoUpdate repository links to the gitlab instance.
Ralph Giles [Fri, 3 Jul 2020 04:33:00 +0000 (21:33 -0700)]
Update repository links to the gitlab instance.

Neither git.xiph.org not the jenkins instances are still online.
Point people at the new gitlab instance and build status badge
instead.

Signed-off-by: Mark Harris <mark.hsj@gmail.com>
4 years agoUpdate remaining website links to https.
Ralph Giles [Fri, 3 Jul 2020 04:32:08 +0000 (21:32 -0700)]
Update remaining website links to https.

These were missed in an earlier commit. Thanks to Mark Harris
for the review.

Signed-off-by: Mark Harris <mark.hsj@gmail.com>
4 years agoFix documentation links to the vorbis website.
Ralph Giles [Fri, 3 Jul 2020 04:23:02 +0000 (21:23 -0700)]
Fix documentation links to the vorbis website.

The server is using .shtml index pages, so linking directly
to an index.html page does not work. Truncate the reference
at the directory path and rely on the server's default page
to select the correct contents.

Thanks to Mark Harris for pointing out the breakage.

Signed-off-by: Mark Harris <mark.hsj@gmail.com>
4 years agoFix about link in the specification.
Ralph Giles [Fri, 3 Jul 2020 04:18:12 +0000 (21:18 -0700)]
Fix about link in the specification.

The old .html versions of these pages no longer redirect to
to the new-style directory-based urls, so this link was
broken.

Signed-off-by: Mark Harris <mark.hsj@gmail.com>
4 years agoUpdate download links in packaging files.
Ralph Giles [Thu, 2 Jul 2020 19:30:08 +0000 (12:30 -0700)]
Update download links in packaging files.

Use a secure link to the current mirror site.

Signed-off-by: Mark Harris <mark.hsj@gmail.com>
4 years agoUpdate website links in the documentation.
Ralph Giles [Thu, 2 Jul 2020 19:15:48 +0000 (12:15 -0700)]
Update website links in the documentation.

- Prefer the shorter, secure url.
- Link to the current xiph.org/vorbis location for the vorbis
  project website.

Signed-off-by: Mark Harris <mark.hsj@gmail.com>
4 years agoRemove obsolete link to vorbis.com.
Ralph Giles [Thu, 2 Jul 2020 19:02:49 +0000 (12:02 -0700)]
Remove obsolete link to vorbis.com.

There remains a link from the Vorbis RTP format RFC, which is
an immutable published document. We'll have to maintain a
redirect for the sake of that link.

Signed-off-by: Mark Harris <mark.hsj@gmail.com>
4 years agoUpdate CMake links.
Ralph Giles [Thu, 2 Jul 2020 18:59:24 +0000 (11:59 -0700)]
Update CMake links.

Use secure links to the default domain and current documentation.

Signed-off-by: Mark Harris <mark.hsj@gmail.com>
4 years agoUpdate ISRC link.
Ralph Giles [Thu, 2 Jul 2020 18:58:20 +0000 (11:58 -0700)]
Update ISRC link.

The current link redirects to this secure link.

Signed-off-by: Mark Harris <mark.hsj@gmail.com>
4 years agoUpdate website link in copyright headers.
Ralph Giles [Thu, 2 Jul 2020 18:39:16 +0000 (11:39 -0700)]
Update website link in copyright headers.

Use the secure link, which should be the default. Prefer the
url without the `www` prefix because it's shorter.

Signed-off-by: Mark Harris <mark.hsj@gmail.com>
4 years agoAdd further array bounds checks to bark_noise_hybridmp.
Ralph Giles [Sat, 13 Jun 2020 00:43:28 +0000 (17:43 -0700)]
Add further array bounds checks to bark_noise_hybridmp.

Make it clear to local analysis that no out-of-bounds array
accesses are possible here.

Follow-up to CVE-2018-10393 and CVE-2017-14160.

Signed-off-by: Thomas Daede <daede003@umn.edu>
Signed-off-by: Monty <xiphmont@xiph.org>
4 years agoautotools: Use AC_CANONICAL_HOST
Ralph Giles [Tue, 16 Jun 2020 17:13:52 +0000 (10:13 -0700)]
autotools: Use AC_CANONICAL_HOST

We were calling AC_CANONICAL_TARGET in configure.ac under the
mistaken impression that this allowed setting the target
architecture for cross-compilation output.

However, in GNU terminology the system type that this the
target of cross-compilation is the "host" and "target"
is reserved for setting what the output of the compiled
application should itself target, when compiling a
cross-compiler. Finally "build" is the system type the
build system is itself running under.

So to cross-compile, one invokes `./configure --host ...`
not `--target`.

In any case, we only make use of the `host` variable,
so that is the macro we need to invoke to provide it.

Thanks to Maarten Bosmans for reporting the issue.

Signed-off-by: Marvin Scholz <epirat07@gmail.com>
4 years agopkg-config: Only append -lm if necessary.
Ralph Giles [Fri, 12 Jun 2020 23:48:59 +0000 (16:48 -0700)]
pkg-config: Only append -lm if necessary.

Some systems don't require a separate -lm to link with libc
math functions. The configure script checks for this, so
use the corresponding variable to set the dependent libraries
in vorbis.pc dynamically.

Signed-off-by: Marvin Scholz <epirat07@gmail.com>
4 years agogitlab-ci: Use the gcc:9 base image.
Ralph Giles [Wed, 10 Jun 2020 21:31:53 +0000 (14:31 -0700)]
gitlab-ci: Use the gcc:9 base image.

Use a versioned base image for jobs to reduce variance.

This version number will need to be bumped periodically.

Signed-off-by: Marvin Scholz <epirat07@gmail.com>
4 years agogitlab-ci: Don't cache object files.
Ralph Giles [Wed, 10 Jun 2020 21:30:18 +0000 (14:30 -0700)]
gitlab-ci: Don't cache object files.

This could only help with the initial build, not `make distcheck`
and since config.h is generated fresh for each job, everything
was remade anyway. Thanks to ePirat for pointing out the issue.

4 years agogitlab-ci: Move shared tags to a default section.
Ralph Giles [Wed, 10 Jun 2020 21:03:28 +0000 (14:03 -0700)]
gitlab-ci: Move shared tags to a default section.

Move shared properties into a `default` stanza per current
style recommendations.

4 years agoAdd cmake build to gitlab ci.
Ralph Giles [Wed, 15 Apr 2020 16:29:35 +0000 (09:29 -0700)]
Add cmake build to gitlab ci.

Add an additional build job to the gitlab ci pipeline to do a
cmake build. This doesn't run tests, but gives us a little
bit of converage.

4 years agoAdd gitlab ci configuration.
Ralph Giles [Tue, 7 Apr 2020 18:27:50 +0000 (11:27 -0700)]
Add gitlab ci configuration.

Describe a basic autoconf build and test for gitlab's integrated
continuous integration runner. Uses the gcc docker image.

Copied from the theora version.

- `zip` is needed for `make dist`
- `doxygen` is needed to generate api documentation.
  latex is also needed, but a heavy dependency to install every run,
  so skipped for now.

4 years agoInstead of SIGFPE when bytespersample is zero or negative, return OV_EINVAL
Petter Reinholdtsen [Mon, 13 Apr 2020 16:55:21 +0000 (18:55 +0200)]
Instead of SIGFPE when bytespersample is zero or negative, return OV_EINVAL

Based on0002-Avoid-SIGFPE-when-bytespersample-is-zero.patch from Debian,
see https://bugs.debian.org/635906 , adjusted with input from Ralph
Giles.

Signed-off-by: Ralph Giles <giles@thaumas.net>
4 years agoSilence some CMake build MSVC useless warnings
evpobr [Wed, 8 Apr 2020 05:28:27 +0000 (10:28 +0500)]
Silence some CMake build MSVC useless warnings

Supress warnings about unsafe and deprecated functions like this: strcat is unsafe, use `strcat_s` instead and so on.

Signed-off-by: Ralph Giles <giles@thaumas.net>
4 years agoExport public function on MinGW platform
evpobr [Wed, 8 Apr 2020 05:24:39 +0000 (10:24 +0500)]
Export public function on MinGW platform

MinGW produces DLLs, but exports nothing.

4 years agoFix CMake include install directory
evpobr [Wed, 8 Apr 2020 05:19:51 +0000 (10:19 +0500)]
Fix CMake include install directory

4 years agoFix CMake config-file package generation
evpobr [Wed, 8 Apr 2020 05:19:26 +0000 (10:19 +0500)]
Fix CMake config-file package generation

4 years agotravis-ci: Build on the xcode11 macOS image.
Ralph Giles [Wed, 8 Apr 2020 20:46:29 +0000 (13:46 -0700)]
travis-ci: Build on the xcode11 macOS image.

Fix the macOS builds on the travis-ci.org continuous integration
system by requiring a more recently-created system image where
homebrew packages install correctly.

Also switch to declarative syntax for the homebrew package
dependencies, using the built-in Brewfile support instead
of invoking `brew` explicitly.

Travis doesn't update the homebrew three on their default macOS
images, so over time available packages become out-of-date, or
any explicit update step takes longer and longer, slowing the
testing feedback loop.

In this particular instance jobs were failing because homebrew
on the default macOS image wasn't working at all. Without an
update, package installation failed because the `brew bundle`
subcommand had itself bitrotted, while running `brew update`
would time out, taking more than the allowed job time.

Requiring a more recent (non-default) macOS image gets out
tests working again. In the future this will probably need
to be bumped again or restored to the default image.

For more context, see https://travis-ci.community/t/macos-build-fails-because-of-homebrew-bundle-unknown-command/7296/14

4 years agowin32: Update VS2010 project files for ogg library name.
Ralph Giles [Wed, 8 Apr 2020 20:27:26 +0000 (13:27 -0700)]
win32: Update VS2010 project files for ogg library name.

The ogg project changed the default target, making libogg.lib
a static library instead of libogg_static.lib. Update our
build to match.

The VS2005 and VS2008 projects are left as-is, because
I have no way to test them and they likely aren't in
active use.

4 years agoappveyor: Use the correct ogg solution file.
Ralph Giles [Wed, 8 Apr 2020 19:41:41 +0000 (12:41 -0700)]
appveyor: Use the correct ogg solution file.

In ogg commit 6d55ddf64b65, the static build was made the
default, removing the separate static target solution file,
breaking our build on the Appveyor continuous integration system.

4 years agoClean up trailing whitespace.
Ralph Giles [Tue, 7 Apr 2020 16:23:42 +0000 (09:23 -0700)]
Clean up trailing whitespace.

4 years agoRewrap EXTRA_DIST lines.
Ralph Giles [Tue, 7 Apr 2020 16:23:10 +0000 (09:23 -0700)]
Rewrap EXTRA_DIST lines.

Make the grouping a little more logical.

4 years agoAdd CMake config-file package generation
evpobr [Tue, 23 Apr 2019 05:14:09 +0000 (10:14 +0500)]
Add CMake config-file package generation

Signed-off-by: Ralph Giles <giles@thaumas.net>
4 years agooss-fuzz: replace -lFuzzingEngine with $LIB_FUZZING_ENGINE
Tyson Smith [Fri, 17 Jan 2020 17:55:16 +0000 (09:55 -0800)]
oss-fuzz: replace -lFuzzingEngine with $LIB_FUZZING_ENGINE

Signed-off-by: Tristan Matthews <tmatth@videolan.org>
5 years agoFix CVE-2018-10392 : Sanity check number of channels in setup 93/216993/1 accepted/tizen_6.0_unified accepted/tizen_6.0_unified_hotfix tizen_6.0 tizen_6.0_hotfix accepted/tizen/6.0/unified/20201030.105652 accepted/tizen/6.0/unified/hotfix/20201102.235021 accepted/tizen/6.0/unified/hotfix/20201103.045914 accepted/tizen/unified/20191106.124652 submit/tizen/20191106.041052 submit/tizen_6.0/20201029.205502 submit/tizen_6.0_hotfix/20201102.192902 submit/tizen_6.0_hotfix/20201103.115102 tizen_6.0.m2_release
Jeongmo Yang [Tue, 5 Nov 2019 07:31:50 +0000 (16:31 +0900)]
Fix CVE-2018-10392 : Sanity check number of channels in setup

Change-Id: I14540b2c3f455f4eeb5ef43d8f90865fdcc801c2
Signed-off-by: Jeongmo Yang <jm80.yang@samsung.com>
5 years agoDon't leak memory in test_sharedbook to please asan.
Thomas Daede [Tue, 29 Jan 2019 01:39:24 +0000 (17:39 -0800)]
Don't leak memory in test_sharedbook to please asan.

5 years agoos.h: make vorbis_ftoi() static inline if !VORBIS_FPU_CONTROL
sezero [Sun, 11 Nov 2018 05:01:10 +0000 (08:01 +0300)]
os.h: make vorbis_ftoi() static inline if !VORBIS_FPU_CONTROL

5 years agoos.h: cleanup the _MSC_VER cpp checks mess.
sezero [Sat, 10 Nov 2018 14:00:02 +0000 (17:00 +0300)]
os.h: cleanup the _MSC_VER cpp checks mess.

5 years agofix typo introduced in commit 8d73daa
sezero [Sat, 10 Nov 2018 13:51:01 +0000 (16:51 +0300)]
fix typo introduced in commit 8d73daa

5 years agoCheck for sse2 math before using it.
tico-tico [Fri, 25 Jan 2019 13:40:16 +0000 (16:40 +0300)]
Check for sse2 math before using it.

5 years agoinfo.c (tagcompare): use a locale-insensitive toupper()
sezero [Sat, 10 Nov 2018 21:51:10 +0000 (00:51 +0300)]
info.c (tagcompare): use a locale-insensitive toupper()

see: https://gitlab.xiph.org/xiph/vorbis/issues/2079

5 years agoPort opus-tools check to see if underlying file was overwritten.
Thomas Daede [Mon, 28 Jan 2019 23:33:32 +0000 (15:33 -0800)]
Port opus-tools check to see if underlying file was overwritten.

5 years agoFix free of uninitialized memory if seek fails in ov_raw_seek
James Cowgill [Tue, 13 Jun 2017 12:39:52 +0000 (13:39 +0100)]
Fix free of uninitialized memory if seek fails in ov_raw_seek

If _seek_helper fails in ov_raw_seek, control jumps to the seek_error
label which calls ogg_stream_clear on work_os. However, at this point
in the function, work_os is not initialized so we end up attempting to
free some uninitialized memory and crashing.

Fix by removing the call to ogg_stream_clear. This is safe because the
only code path to seek_error happens before work_os is initialized (so
there is never anything to free anyway).

I also refactor the code a bit:
- Remove the ret variable which is unnessesary since we can just pass
  the result of _seek_helper directly to the if.
- Since seek_error is only used once, move the contents of that block
  to the if statement so we can remove a goto.

5 years agoRemove C99-style comments.
Thomas Daede [Mon, 28 Jan 2019 22:59:52 +0000 (14:59 -0800)]
Remove C99-style comments.

6 years agoFix the compiling errors on msvc ARM64 configuration.
Minmin Gong [Thu, 5 Jul 2018 04:37:54 +0000 (21:37 -0700)]
Fix the compiling errors on msvc ARM64 configuration.

6 years ago[CVE-2018-5146] Prevent out-of-bounds write in codebook decoding. 97/181097/2
Sejun Park [Fri, 8 Jun 2018 05:50:46 +0000 (14:50 +0900)]
[CVE-2018-5146] Prevent out-of-bounds write in codebook decoding.

Change-Id: I0abca7326d25e738f1a1b840b5c9676ca16e5c20

6 years ago[CVE-2018-10393] heap buffer overflow 72/180372/1
Sejun Park [Tue, 29 May 2018 00:49:33 +0000 (09:49 +0900)]
[CVE-2018-10393] heap buffer overflow

Change-Id: I976da227a735780b01441f016c53b5f8ab4b9364

6 years agoFix shift by negative value when reading blocksize.
Thomas Daede [Wed, 23 May 2018 22:23:09 +0000 (15:23 -0700)]
Fix shift by negative value when reading blocksize.

6 years agoadd osx to travis
Stephen [Mon, 27 Nov 2017 19:28:35 +0000 (11:28 -0800)]
add osx to travis

6 years agoadd fuzzers and build script from OSS-Fuzz
Paul Kehrer [Tue, 3 Apr 2018 13:35:55 +0000 (08:35 -0500)]
add fuzzers and build script from OSS-Fuzz

6 years agoSanity check number of channels in setup.
Thomas Daede [Thu, 17 May 2018 23:19:19 +0000 (16:19 -0700)]
Sanity check number of channels in setup.

Fixes #2335.

6 years agoClamp large exponents in float32_unpack.
Thomas Daede [Mon, 14 May 2018 22:45:00 +0000 (15:45 -0700)]
Clamp large exponents in float32_unpack.

6 years agoCVE-2017-14160: fix bounds check on very low sample rates.
Thomas Daede [Wed, 9 May 2018 21:56:59 +0000 (14:56 -0700)]
CVE-2017-14160: fix bounds check on very low sample rates.

6 years agovorbisenc: detect if new_template is NULL
Tristan Matthews [Mon, 9 Apr 2018 15:15:07 +0000 (11:15 -0400)]
vorbisenc: detect if new_template is NULL

Fixes #1975

6 years agoInclude CMake build scripts in release archives
Marcel Metz [Tue, 20 Mar 2018 20:15:40 +0000 (21:15 +0100)]
Include CMake build scripts in release archives

Fixes xiph/vorbis#32

6 years agoUpdate release version in configure.ac to 1.3.6 v1.3.6
Thomas Daede [Fri, 16 Mar 2018 03:36:25 +0000 (20:36 -0700)]
Update release version in configure.ac to 1.3.6

6 years agoUpdate CHANGES and dates for 1.3.6.
Thomas Daede [Fri, 16 Mar 2018 03:34:28 +0000 (20:34 -0700)]
Update CHANGES and dates for 1.3.6.

6 years agoBump version to 1.3.6
Thomas Daede [Fri, 16 Mar 2018 03:25:47 +0000 (20:25 -0700)]
Bump version to 1.3.6

6 years agoCVE-2018-5146: Prevent out-of-bounds write in codebook decoding.
Thomas Daede [Thu, 15 Mar 2018 21:15:31 +0000 (14:15 -0700)]
CVE-2018-5146: Prevent out-of-bounds write in codebook decoding.

Codebooks that are not an exact divisor of the partition size are now
truncated to fit within the partition.

6 years ago[CVE-2017-14633]: Don't allow for more than 256 channels 81/164581/1
Sejun Park [Wed, 20 Dec 2017 00:40:54 +0000 (09:40 +0900)]
[CVE-2017-14633]: Don't allow for more than 256 channels

Change-Id: I17b8a0a97b4b97889bad757bb1ddfe20bb4331b4

6 years agoCVE-2017-14632: vorbis_analysis_header_out: Don't clear opb if not initialized
Guido Günther [Wed, 15 Nov 2017 17:22:59 +0000 (18:22 +0100)]
CVE-2017-14632: vorbis_analysis_header_out: Don't clear opb if not initialized

If the number of channels is not within the allowed range
we call oggback_writeclear altough it's not initialized yet.

This fixes

    =23371== Invalid free() / delete / delete[] / realloc()
    ==23371==    at 0x4C2CE1B: free (vg_replace_malloc.c:530)
    ==23371==    by 0x829CA31: oggpack_writeclear (in /usr/lib/x86_64-linux-gnu/libogg.so.0.8.2)
    ==23371==    by 0x84B96EE: vorbis_analysis_headerout (info.c:652)
    ==23371==    by 0x9FBCBCC: ??? (in /usr/lib/x86_64-linux-gnu/sox/libsox_fmt_vorbis.so)
    ==23371==    by 0x4E524F1: ??? (in /usr/lib/x86_64-linux-gnu/libsox.so.2.0.1)
    ==23371==    by 0x4E52CCA: sox_open_write (in /usr/lib/x86_64-linux-gnu/libsox.so.2.0.1)
    ==23371==    by 0x10D82A: open_output_file (sox.c:1556)
    ==23371==    by 0x10D82A: process (sox.c:1753)
    ==23371==    by 0x10D82A: main (sox.c:3012)
    ==23371==  Address 0x68768c8 is 488 bytes inside a block of size 880 alloc'd
    ==23371==    at 0x4C2BB1F: malloc (vg_replace_malloc.c:298)
    ==23371==    by 0x4C2DE9F: realloc (vg_replace_malloc.c:785)
    ==23371==    by 0x4E545C2: lsx_realloc (in /usr/lib/x86_64-linux-gnu/libsox.so.2.0.1)
    ==23371==    by 0x9FBC9A0: ??? (in /usr/lib/x86_64-linux-gnu/sox/libsox_fmt_vorbis.so)
    ==23371==    by 0x4E524F1: ??? (in /usr/lib/x86_64-linux-gnu/libsox.so.2.0.1)
    ==23371==    by 0x4E52CCA: sox_open_write (in /usr/lib/x86_64-linux-gnu/libsox.so.2.0.1)
    ==23371==    by 0x10D82A: open_output_file (sox.c:1556)
    ==23371==    by 0x10D82A: process (sox.c:1753)
    ==23371==    by 0x10D82A: main (sox.c:3012)

as seen when using the testcase from CVE-2017-11333 with
008d23b782be09c8d75ba8190b1794abd66c7121 applied. However the error was
there before.

6 years agoCVE-2017-14633: Don't allow for more than 256 channels
Guido Günther [Tue, 31 Oct 2017 17:32:46 +0000 (18:32 +0100)]
CVE-2017-14633: Don't allow for more than 256 channels

Otherwise

 for(i=0;i<vi->channels;i++){
      /* the encoder setup assumes that all the modes used by any
         specific bitrate tweaking use the same floor */
      int submap=info->chmuxlist[i];

overreads later in mapping0_forward since chmuxlist is a fixed array of
256 elements max.

6 years agoFixed error in Vorbis I specification for limiting residue vector size
Loren M. Lang [Sat, 11 Nov 2017 10:14:35 +0000 (02:14 -0800)]
Fixed error in Vorbis I specification for limiting residue vector size

The minimum between the encoded residue boundaries and actual block size
needs to be used, otherwise it pushes the boundaries to the edge of the
actual blocksize or beyond.

6 years agovorbis: avoid invalid free
Tristan Matthews [Thu, 9 Nov 2017 07:30:14 +0000 (02:30 -0500)]
vorbis: avoid invalid free

Regression started at commit "4b67376 Remove multiple subtly different inline..."

7 years agoAdd build flags for YouCompleteMe.
Ralph Giles [Mon, 25 Sep 2017 22:58:41 +0000 (15:58 -0700)]
Add build flags for YouCompleteMe.

Add a .ycm_extra.conf.py script to return the same CFLAGS
we pass for `make debug`. These are passed to libclang
so symbol lookup works correctly.

Note this doesn't pick up changes to the build config,
including non-default locations for the ogg headers,
but it's better than nothing.

7 years agomapping0.c (mapping0_unpack): kill a useless memset()
sezero [Sun, 23 Jul 2017 08:30:06 +0000 (11:30 +0300)]
mapping0.c (mapping0_unpack): kill a useless memset()

info is allocated with calloc() already.

Signed-off-by: Ralph Giles <giles@thaumas.net>
7 years agoos.h: change elif _WIN32 to elif defined(_WIN32)
sezero [Sun, 23 Jul 2017 08:27:00 +0000 (11:27 +0300)]
os.h: change elif _WIN32 to elif defined(_WIN32)

This symbol is only defined (with the value 1) when building
for the Windows target, so we need to ifdef, not if.

Signed-off-by: Ralph Giles <giles@thaumas.net>
7 years agoCleanup: Removed tailing white-spaces in C code files
Philipp Schafft [Sat, 22 Jul 2017 23:27:53 +0000 (23:27 +0000)]
Cleanup: Removed tailing white-spaces in C code files

Signed-off-by: Ralph Giles <giles@thaumas.net>
7 years agoUpdate release checklist for the transition to git.
Ralph Giles [Sat, 22 Jul 2017 16:39:42 +0000 (09:39 -0700)]
Update release checklist for the transition to git.

The tagging method is different now that our main
repository is in git instead of subversion.

7 years agoCMake: Add vorbisenc.c to vorbis target for WIN32 builds
Marcel Metz [Mon, 7 Mar 2016 20:20:21 +0000 (21:20 +0100)]
CMake: Add vorbisenc.c to vorbis target for WIN32 builds

On Windows the vorbis shared library exports some symbols defined in the
vorbisen.c file.  To allow error free linking this file should be added
to to the VORBIS_SOURCES.

Signed-off-by: Ralph Giles <giles@thaumas.net>
7 years agoFix reading maximum, nominal, minimum bitrate in _vorbis_unpack_info().
Jörn Heusipp [Sat, 22 Jul 2017 06:29:35 +0000 (08:29 +0200)]
Fix reading maximum, nominal, minimum bitrate in _vorbis_unpack_info().

https://xiph.org/vorbis/doc/Vorbis_I_spec.html#x1-630004.2.2 specifies
these fields as 32bit signed. oggpack_read(opb,32), which is used to
read these fields, returns 32 bits stored in a long. On architectures
where long is 64bit, this results in a positive value being returned.
This value is then stored in struct vorbis_info in bitrate_upper,
bitrate_nominal and bitrate_lower, also as long. ogginfo relies on
these values in order to display the respective header fields and thus
misrepresented the stored value -1 (which has the intended meaning of
"bitrate not set") as 2**32-1 on architectures where long is 64bit.

Explicitly cast the return value of oggpack_read() to a signed 32bit
integer type.

A nominal bitrate value of -1 is valid as per specification, and is
written by libvorbis for VBR files with samplerate >= 50000Hz.

Signed-off-by: Timothy B. Terriberry <tterribe@xiph.org>
7 years agoRemove svn $Id$ header.
Ralph Giles [Fri, 16 Jun 2017 20:44:20 +0000 (13:44 -0700)]
Remove svn $Id$ header.

Most checked-in files had a comment with a filename and
last-modified string automatically updated by the
subversion version control tool. These became obsolete
when we migrated the repository to git. Remove them.

7 years agoFix signed overflow in _book_maptype1_quantvals().
Timothy B. Terriberry [Tue, 4 Oct 2016 01:22:16 +0000 (18:22 -0700)]
Fix signed overflow in _book_maptype1_quantvals().

If b->dims is very large, vals will be 1 and acc1 will overflow a
 long.
This causes us to read too many values for this codebook.

Signed-off-by: Monty <xiphmont@xiph.org>
8 years agoAdd AppVeyor build status badge.
Ralph Giles [Wed, 5 Oct 2016 20:25:36 +0000 (13:25 -0700)]
Add AppVeyor build status badge.

8 years agoMake CMake build test on Travis-CI mandatory
Marcel Metz [Wed, 5 Oct 2016 16:23:53 +0000 (18:23 +0200)]
Make CMake build test on Travis-CI mandatory

Signed-off-by: Ralph Giles <giles@thaumas.net>
8 years agoAdd cmake as optional build system to Travis-CI configuration
Marcel Metz [Wed, 5 Oct 2016 16:07:26 +0000 (18:07 +0200)]
Add cmake as optional build system to Travis-CI configuration

8 years agoAdd BUILD_SYSTEM env variable to Travis-CI build matrix
Marcel Metz [Wed, 5 Oct 2016 16:05:43 +0000 (18:05 +0200)]
Add BUILD_SYSTEM env variable to Travis-CI build matrix

This allows to switch between different build systems when building
multiple test matrix configurations.

8 years agoautotools: Fix doc_DATA install.
Ralph Giles [Wed, 5 Oct 2016 20:07:00 +0000 (13:07 -0700)]
autotools: Fix doc_DATA install.

Both the generated format specification document and the static
html documents depend on the logo in fish_xiph_org.png.

Unfortunately we can't list them both in their respective
dependencies because both are passed to doc_DATA for installation
and automake doesn't seem to remove duplicates, causing
/usr/bin/install to complain about the overwrite.

I couldn't find a good solution to this. Wrapping the doc_DATA
value in GNU make's $(sort /list/) function would work, but
automake warns about the non-portable construct. Instead, I've
just removed it from the spec dependency list and appended it
manually.

8 years agoAdd missing graphics for the html spec.
Ralph Giles [Wed, 5 Oct 2016 19:49:26 +0000 (12:49 -0700)]
Add missing graphics for the html spec.

New equations were added to the spec source in the previous
update (early last year) but the generated graphic versions
where not added to the repository.

Also add all the generated figures to the distribution. No
sense in shipping a spec with broken links.

8 years agoMake CMake build test on AppVeyor mandatory
Marcel Metz [Wed, 5 Oct 2016 16:19:30 +0000 (18:19 +0200)]
Make CMake build test on AppVeyor mandatory

Signed-off-by: Ralph Giles <giles@thaumas.net>
8 years agoUse different install dir for libogg dependency in CMake AppVeyor
Marcel Metz [Wed, 5 Oct 2016 15:11:35 +0000 (17:11 +0200)]
Use different install dir for libogg dependency in CMake AppVeyor

8 years agoAdd OGG_ROOT search path to AppVeyor CMake build
Marcel Metz [Wed, 5 Oct 2016 14:10:18 +0000 (16:10 +0200)]
Add OGG_ROOT search path to AppVeyor CMake build

8 years agoBuild CMake install target for libogg dependency on AppVeyor
Marcel Metz [Wed, 5 Oct 2016 14:03:40 +0000 (16:03 +0200)]
Build CMake install target for libogg dependency on AppVeyor

8 years agoAdd cmake as optional build system to AppVeyor configuration
Marcel Metz [Wed, 5 Oct 2016 13:39:22 +0000 (15:39 +0200)]
Add cmake as optional build system to AppVeyor configuration

8 years agoAdd BUILD_SYSTEM env variable to AppVeyor build matrix
Marcel Metz [Wed, 5 Oct 2016 13:36:27 +0000 (15:36 +0200)]
Add BUILD_SYSTEM env variable to AppVeyor build matrix

This allows to switch between different build systems when building
multiple test matrix configurations.

8 years agoUse build_script step in AppVeyor configuration
Marcel Metz [Wed, 5 Oct 2016 13:31:57 +0000 (15:31 +0200)]
Use build_script step in AppVeyor configuration

Preparations for building with multiple build systems

8 years agoFix CMake error
Russell Greene [Tue, 4 Oct 2016 01:13:35 +0000 (19:13 -0600)]
Fix CMake error

Include vorbis library when linking vorbisfile and vorbisenc.

Signed-off-by: Ralph Giles <giles@thaumas.net>
8 years agoInitial appveyor config to test the Windows build.
Ralph Giles [Thu, 8 Sep 2016 19:38:57 +0000 (12:38 -0700)]
Initial appveyor config to test the Windows build.

This makes the minimal changes necessary to build
the dynamic solution Win32|Debug target with VS2015
and against the static solution from the ogg master
branch.

The other targets can be added after updating the
project files for VS2015.

8 years agoAdd ids to v-comment.html
Christian Weiske [Fri, 22 Jul 2016 19:56:10 +0000 (21:56 +0200)]
Add ids to v-comment.html

This allows linking to specific sections.

Signed-off-by: Timothy B. Terriberry <tterribe@xiph.org>
8 years agodoc/Makefile.am: Fix `clean` target
Erik de Castro Lopo [Thu, 12 May 2016 09:35:28 +0000 (19:35 +1000)]
doc/Makefile.am: Fix `clean` target

The `doc/Vorbis_I_spec*.png` files are checked into git, but were also
being incorrectly deleted during `make clean` because they were listed
in `CLEANFILES`.