Commit Graph

87 Commits

Author SHA1 Message Date
Kevin Croft
3b491aa07c
STB Vorbis: prevent division by zero in decode_resign if ch == 0
In the call to decode_residue:
  decode_residue(f, residue_buffers, ch, n2, r, do_not_decode);

The channel count is previously intialized as zero and incremented
based on a for-loop (f->channels) plus a conditional,
if (map->chan[j].mux == i).  If this doesn't happen then 'ch'
remains zero.

Once inside decode_residue(..), the code has three branches based
on channel count: stereo (ch == 2), mono (ch == 1), and then the
exception if it's neither of those (simple 'else').  It's in here
where a zero-valued 'ch' can be used as the denominator in these
calculations:
    int c_inter = z % ch
    p_inter = z/ch;

Obviously this 'else' branch is meant for channel counts greater
than two an not for zero channels; so this change simply makes
that branch only valid if (ch > 2).
2019-12-04 22:09:13 -08:00
Sean Barrett
5c98e6564b stb_vorbis: fix typo in CVE number in docs 2019-08-11 04:26:23 -07:00
Sean Barrett
1b2fa11055 stb_vorbis: bump version number 2019-08-09 04:13:24 -07:00
Sean Barrett
98fdfc6df8 Fix seven bugs discovered and fixed by ForAllSecure:
CVE-2019-13217: heap buffer overflow in start_decoder()
CVE-2019-13218: stack buffer overflow in compute_codewords()
CVE-2019-13219: uninitialized memory in vorbis_decode_packet_rest()
CVE-2019-13220: out-of-range read in draw_line()
CVE-2019-13221: issue with large 1D codebooks in lookup1_values()
CVE-2019-13222: unchecked NULL returned by get_window()
CVE-2019-13223: division by zero in predict_point()
2019-08-09 04:05:22 -07:00
Sean Barrett
2c2908f505 update version numbers 2019-03-04 15:08:53 -08:00
Sean Barrett
a0b521fcf2 no warnings when compiling /W3
compiling all test cases and compilers in test.sbm
   Compilers:
     32-bit:
       VS2015
       VS2013
       VS2008
       VC6 (1998)
       clang-cl 9.0.1
     64-bit
       VS2015
       clang-cl 9.0.1
2019-03-04 14:45:06 -08:00
Sean Barrett
63b59b46b0 update version numbers 2019-02-07 10:03:00 -08:00
Kevin Croft
d1dc3fe89c Fix return typo, disambiguate else, and check for the complete fishead identifier 2019-02-07 08:43:59 -08:00
Kevin Croft
604b9367ee Add detection for Ogg skeleton metadata 2019-02-07 08:43:59 -08:00
luz.paz
622b3adad3 Misc. comment typos
Found via `codespell -q 3`
2018-02-12 14:54:22 -05:00
Sean Barrett
ac66307576 docs 2018-02-11 11:41:20 -08:00
Sean Barrett
b79c8458d3 stb_vorbis: avoid NaN due to uninitialized variable 2018-02-11 11:29:53 -08:00
Sean Barrett
a77d9213e4 stb_vorbis: no dealloca 2018-02-01 03:53:17 -08:00
Sean Barrett
663deb3a43 redo lost stb_vorbis fixes 2018-01-29 15:20:54 -08:00
Sean Barrett
dfff6f5e7c stb_image: fix assert macro usage; stb_vorbis: changelog 2018-01-29 13:15:10 -08:00
Sean Barrett
ee0ebfc79b version numbers 2018-01-29 04:59:32 -08:00
Sean Barrett
244d83bc3d fix unchecked length in stb_vorbis that could crash on corrupt/invalid files 2018-01-29 02:23:18 -08:00
Sean Barrett
dd039e8cc5 credits for mingw fixes in #444 2017-07-23 14:13:07 -07:00
Sean Barrett
3b232a3ff7 Merge branch 'master' of https://github.com/Infatum/stb into dev 2017-07-23 14:10:17 -07:00
Sean Barrett
555efbedfc Update version numbers 2017-07-23 14:09:39 -07:00
Fabian Giesen
2da81a6433 stb_vorbis: MinGW has alloca defined in malloc.h.
Fixes issue #461.
2017-07-22 14:39:52 -07:00
Infatum
4963448726 fix: Build on MinGW32 2017-04-20 15:49:36 +03:00
Sean Barrett
e248e30954 change license to public-domain AND mit (based on twitter vote) 2017-03-03 07:53:07 -08:00
Sean Barrett
f88e2a8e7b update version 2017-03-03 06:58:14 -08:00
Sean Barrett
46046238b8 rename Point data structure as suggested in pull request 2017-03-03 06:54:11 -08:00
Sean Barrett
c88489549d Merge branch 'avoid-name-clash' of https://github.com/jlnr/stb into working 2017-03-03 06:51:37 -08:00
Sean Barrett
f9a83c0ae1 Merge branch 'master' of https://github.com/alxprd/stb into working 2017-03-03 06:50:32 -08:00
Sean Barrett
66fdbaaa87 Merge branch 'fix_vorbis_ilog' of https://github.com/rygorous/stb into working 2017-03-03 06:48:48 -08:00
Sean Barrett
d2de2be10f vorbis: propagate errors better on seek failure (e.g. when coarse seek fails) 2017-03-03 05:48:37 -08:00
Julian Raschke
a055654ee3 Rename Point to stbv__point 2016-12-27 11:18:26 +01:00
Alejandro Pereda
3f36b29589 Overwrites error parameter in stb_vorbis_open_memory when there is no error. This avoid confusion due to previous values. 2016-12-26 16:01:50 +01:00
Fabian Giesen
f32854c809 stb_vorbis: Fix handling of negative numbers in ilog.
For negative n, the original code went down the "n < (1<<4)"
path and performed an out-of-bounds array access. Fix the code
to agree with section 9.2.1 of the Vorbis spec. (Verified by
exhaustive testing of all 32-bit ints.)

Fixes issue #355.
2016-10-22 00:26:09 -07:00
Sean Barrett
14e6a98469 clarify alloca #include whitelists 2016-08-27 12:10:46 -07:00
Sean Barrett
f4938bfa4d Whitelist the compilers that need malloc.h for alloca 2016-08-27 12:09:01 -07:00
Sean Barrett
4c519106a7 back out previous change to stb_vorbis (truncation of last frame in corrupt file) 2016-04-04 18:39:30 -07:00
Sean Barrett
6e4154737c update version numbers, documentation, and contributors 2016-04-02 04:51:26 -07:00
Sean Barrett
b03133000a avoid dropping final frame of audio data due to wrong test 2016-04-02 04:20:36 -07:00
Sean Barrett
92bd7a49a8 emscripten needs explicit alloca as well 2016-04-02 03:57:17 -07:00
Sean Barrett
75c5908f95 fix includes for linux alloca 2016-04-02 03:44:50 -07:00
Jörn Heusipp
aeba55604a stb_vorbis: Fix memory leak in start_decoder(). 2016-04-02 03:44:37 -07:00
Sean Barrett
8f368799e1 Merge branch 'for-upstream-stbvorbis-fix-memleaks' of https://github.com/manxorist/stb 2016-04-02 02:58:19 -07:00
Sean Barrett
ba1277e39c Merge branch 'fix_warnings' of https://github.com/tgoulart/stb into working 2016-04-02 02:54:53 -07:00
Jörn Heusipp
0985e89335 stb_vorbis: Fix memory leak in decode_residue() and inverse_mdct() when redefining temp_alloc() and temp_free()
temp_alloc() and temp_free() are documented as customization points in section "MEMORY ALLOCATION" (stb_vorbis.c:81).
However, in decode_residue() and inverse_mdct() (via temp_block_array() and temp_alloc() respectively), stb_vorbis allocates temporary memory but does not call temp_free() when finished. It does call temp_alloc_restore() though, but there is no sane way to provide an implementation thereof when using a malloc()/free()-like allocation backend.

Adding calls to temp_free() before the respective calls to temp_alloc_restore() is safe, because in case of a non-empty temp_alloc_restore() implementation, temp_free() would simply be implemented empty (the current implementation of temp_*() is fine in this regard). That way, all possible temporary memory allocation schemes (i.e. alloca(), custom provided alloc_buffer, malloc()) are handled properly.

Add the appropriate temp_free() calls.
2016-03-17 09:23:45 +01:00
Thiago Goulart
5a00ce39eb Fix a few warnings when building std_vorbis using Xcode 7.2.1 2016-03-02 00:50:40 -08:00
Craig Donner
ee6978cb68 Slightly modify the public domain license to keep it in the public domain, but make it clear that even when dedications might not be recognized that the code is still usable. Given that this isn't dual-licensing under a different license, I'm hoping this will be acceptable. 2016-02-25 12:55:44 -08:00
Sean Barrett
79f29bafff fix previous stb_vorbis check-in that didn't actually compile;
make stb_vorbis_alloc* parameter in APIs be const
2016-01-16 09:48:01 -08:00
Sean Barrett
3560e553e8 stb_vorbis version history and contributor info 2016-01-16 07:42:24 -08:00
Sean Barrett
e9e5dd94b8 Merge branch 'vorbis-pedantic' of https://github.com/rohit-n/stb into working 2016-01-16 07:35:10 -08:00
Sean Barrett
95e954c822 const correctness for pushdata API;
minor tweak to get_samples_interleaved documentation
2016-01-16 07:26:16 -08:00
Sean Barrett
0860860af6 avoid __forceinline in mingw since their definition for C is broken;
dummy definitions for malloc et al (note you have to modify source to make this work though anyway);
tweak credits change;
2016-01-16 07:19:27 -08:00