After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 791606 - vorbisparse: Seg fault for corrupt stream where header packets are missing
vorbisparse: Seg fault for corrupt stream where header packets are missing
Status: RESOLVED FIXED
Product: GStreamer
Classification: Platform
Component: gst-plugins-base
1.13.x
Other Linux
: Normal critical
: 1.13.1
Assigned To: GStreamer Maintainers
GStreamer Maintainers
Depends on:
Blocks:
 
 
Reported: 2017-12-14 11:11 UTC by vijay
Modified: 2018-02-15 07:09 UTC
See Also:
GNOME target: ---
GNOME version: ---


Description vijay 2017-12-14 11:11:57 UTC 
If header type field is corrupted .Crash is observed in vorbisparse plugin.
1 for identification Header
3 for comment header
5 setup header 

If Second or third packet header type [Eg: 3 or 5] is corrupted, leads to vorbis parse plugin segfault. 

Reason for segfault:
trying to access fileds in "parse->streamheader" in function "vorbis_parse_push_headers"


Solution:
Need to proper check while parsing header in function "vorbis_parse_parse_packet"

Call stack:
(gdb) bt

+ Trace 238261

  • #0 vorbis_parse_push_headers
    at gstvorbisparse.c line 203
  • #1 vorbis_parse_parse_packet
    at gstvorbisparse.c line 415
  • #2 ??
    from /usr/lib/x86_64-linux-gnu/libgstreamer-1.0.so.0
  • #3 gst_pad_push
    from /usr/lib/x86_64-linux-gnu/libgstreamer-1.0.so.0
  • #4 gst_ogg_demux_chain_peer
    at gstoggdemux.c line 816
  • #5 gst_ogg_pad_submit_packet
    at gstoggdemux.c line 1231
  • #6 gst_ogg_pad_stream_out
    at gstoggdemux.c line 1270 






Comment 1


Tim-Philipp Müller





          2017-12-14 11:44:49 UTC
        



Thanks. Will you be making a patch for this?

(Note that you shouldn't really ever need the vorbisparse element and it is not autoplugged by default either.)






Comment 2


vijay





          2017-12-14 13:24:16 UTC
        



Thank you.
I am working on fix.Will upload the patch






Comment 3


Tim-Philipp Müller





          2018-02-08 20:29:42 UTC
        



Vijay: are you still planning on making a patch?






Comment 4


Tim-Philipp Müller





          2018-02-14 00:26:12 UTC
        



commit 466b868459b498edaffd2bdcac998792e6488327
Author: Tim-Philipp Müller <tim@centricular.com>
Date:   Wed Feb 14 00:22:38 2018 +0000

    vorbisparse: error out when headers are missing
    
    https://bugzilla.gnome.org/show_bug.cgi?id=791606






Comment 5


vijay





          2018-02-15 07:09:02 UTC
        



Hi Tim,

Sorry for delay.
Thanks for adding patch.

Also Similar patch required for theora parse plugin,To avoid SegFault