Bug 481601 - Fix crash in [@ _vorbis_block_ripcord - vorbis_block_clear] - r=conrad.parker
authorChris Double <chris.double@double.co.nz>
Fri, 10 Apr 2009 15:45:58 +1200
changeset 24344 209f931d0d75e7af69d4da3cb1affd9b604d032f
parent 24343 d0f235903360c0599ea0b8546720aec621db016f
child 24345 37acc64e5b6adc69e2cffa4008e49643edd66fb2
push id1131
push userrocallahan@mozilla.com
push dateFri, 10 Apr 2009 08:53:58 +0000
reviewersconrad.parker
bugs481601
milestone1.9.1b4pre
Bug 481601 - Fix crash in [@ _vorbis_block_ripcord - vorbis_block_clear] - r=conrad.parker
media/libfishsound/README_MOZILLA
media/libfishsound/bug481601.patch
media/libfishsound/src/libfishsound/fishsound_vorbis.c
media/libfishsound/update.sh
media/libvorbis/README_MOZILLA
media/libvorbis/bug481601.patch
media/libvorbis/include/vorbis/codec.h
media/libvorbis/lib/vorbis_block.c
media/libvorbis/update.sh
--- a/media/libfishsound/README_MOZILLA
+++ b/media/libfishsound/README_MOZILLA
@@ -2,8 +2,9 @@ The source from this directory was copie
 source distribution using the update.sh script. The only changes made
 were those applied by update.sh and the addition/upate of Makefile.in
 files for the Mozilla build system.
 
 Some files are renamed during the copy to prevent clashes with object
 file names with other Mozilla libraries.
 
 endian.patch is applied to fix Bug 45269.
+bu481601.patch is applied to fix bug 481601.
new file mode 100644
--- /dev/null
+++ b/media/libfishsound/bug481601.patch
@@ -0,0 +1,23 @@
+diff --git a/media/libfishsound/src/libfishsound/fishsound_vorbis.c b/media/libfishsound/src/libfishsound/fishsound_vorbis.c
+index 0c93a35..b1efc48 100644
+--- a/media/libfishsound/src/libfishsound/fishsound_vorbis.c
++++ b/media/libfishsound/src/libfishsound/fishsound_vorbis.c
+@@ -423,16 +423,18 @@ fs_vorbis_init (FishSound * fsound)
+ 
+   fsv = fs_malloc (sizeof (FishSoundVorbisInfo));
+   if (fsv == NULL) return NULL;
+ 
+   fsv->packetno = 0;
+   fsv->finished = 0;
+   vorbis_info_init (&fsv->vi);
+   vorbis_comment_init (&fsv->vc);
++  vorbis_dsp_init (&fsv->vd);
++  vorbis_block_init (&fsv->vd, &fsv->vb);
+   fsv->pcm = NULL;
+   fsv->ipcm = NULL;
+   fsv->max_pcm = 0;
+ 
+   fsound->codec_data = fsv;
+ 
+ #if FS_ENCODE && HAVE_VORBISENC
+ 
--- a/media/libfishsound/src/libfishsound/fishsound_vorbis.c
+++ b/media/libfishsound/src/libfishsound/fishsound_vorbis.c
@@ -423,16 +423,18 @@ fs_vorbis_init (FishSound * fsound)
 
   fsv = fs_malloc (sizeof (FishSoundVorbisInfo));
   if (fsv == NULL) return NULL;
 
   fsv->packetno = 0;
   fsv->finished = 0;
   vorbis_info_init (&fsv->vi);
   vorbis_comment_init (&fsv->vc);
+  vorbis_dsp_init (&fsv->vd);
+  vorbis_block_init (&fsv->vd, &fsv->vb);
   fsv->pcm = NULL;
   fsv->ipcm = NULL;
   fsv->max_pcm = 0;
 
   fsound->codec_data = fsv;
 
 #if FS_ENCODE && HAVE_VORBISENC
 
--- a/media/libfishsound/update.sh
+++ b/media/libfishsound/update.sh
@@ -34,8 +34,9 @@ cp $1/src/libfishsound/private.h ./src/l
 cp $1/src/libfishsound/fs_compat.h ./src/libfishsound/fs_compat.h
 cp $1/src/libfishsound/speex.c ./src/libfishsound/fishsound_speex.c
 cp $1/src/libfishsound/encode.c ./src/libfishsound/fishsound_encode.c
 cp $1/src/libfishsound/fs_vector.h ./src/libfishsound/fs_vector.h
 cp $1/src/libfishsound/fs_vector.c ./src/libfishsound/fs_vector.c
 cp $1/src/libfishsound/convert.h ./src/libfishsound/convert.h
 cp $1/AUTHORS ./AUTHORS
 patch -p4 <endian.patch
+patch -p3 <bug481601.patch
--- a/media/libvorbis/README_MOZILLA
+++ b/media/libvorbis/README_MOZILLA
@@ -5,8 +5,10 @@ files for the Mozilla build system.
 
 Some files are renamed during the copy to prevent clashes with object
 file names with other Mozilla libraries.
 
 BUG 455372 - WinCE LibVorbis No FPU Support on WinMobile, removed FPU
 support for builds with WINCE defined.
 
 BUG 469639 - Failed to build firefox trunk on OpenSolaris
+
+bug481601.patch is appled to fix bug 481601.
new file mode 100644
--- /dev/null
+++ b/media/libvorbis/bug481601.patch
@@ -0,0 +1,66 @@
+diff --git a/media/libvorbis/include/vorbis/codec.h b/media/libvorbis/include/vorbis/codec.h
+index b23fe0a..c62b2d5 100644
+--- a/media/libvorbis/include/vorbis/codec.h
++++ b/media/libvorbis/include/vorbis/codec.h
+@@ -170,16 +170,17 @@ extern void     vorbis_comment_add(vorbis_comment *vc, char *comment);
+ extern void     vorbis_comment_add_tag(vorbis_comment *vc,
+ 				       char *tag, char *contents);
+ extern char    *vorbis_comment_query(vorbis_comment *vc, char *tag, int count);
+ extern int      vorbis_comment_query_count(vorbis_comment *vc, char *tag);
+ extern void     vorbis_comment_clear(vorbis_comment *vc);
+ 
+ extern int      vorbis_block_init(vorbis_dsp_state *v, vorbis_block *vb);
+ extern int      vorbis_block_clear(vorbis_block *vb);
++extern void     vorbis_dsp_init(vorbis_dsp_state *v);
+ extern void     vorbis_dsp_clear(vorbis_dsp_state *v);
+ extern double   vorbis_granule_time(vorbis_dsp_state *v,
+ 				    ogg_int64_t granulepos);
+ 
+ /* Vorbis PRIMITIVES: analysis/DSP layer ****************************/
+ 
+ extern int      vorbis_analysis_init(vorbis_dsp_state *v,vorbis_info *vi);
+ extern int      vorbis_commentheader_out(vorbis_comment *vc, ogg_packet *op);
+diff --git a/media/libvorbis/lib/vorbis_block.c b/media/libvorbis/lib/vorbis_block.c
+index 3b6f456..d7f5974 100644
+--- a/media/libvorbis/lib/vorbis_block.c
++++ b/media/libvorbis/lib/vorbis_block.c
+@@ -84,18 +84,16 @@ static int ilog2(unsigned int v){
+ #ifndef WORD_ALIGN
+ #define WORD_ALIGN 8
+ #endif
+ 
+ int vorbis_block_init(vorbis_dsp_state *v, vorbis_block *vb){
+   int i;
+   memset(vb,0,sizeof(*vb));
+   vb->vd=v;
+-  vb->localalloc=0;
+-  vb->localstore=NULL;
+   if(v->analysisp){
+     vorbis_block_internal *vbi=
+       vb->internal=_ogg_calloc(1,sizeof(vorbis_block_internal));
+     vbi->ampmax=-9999;
+ 
+     for(i=0;i<PACKETBLOBS;i++){
+       if(i==PACKETBLOBS/2){
+ 	vbi->packetblob[i]=&vb->opb;
+@@ -295,16 +293,20 @@ int vorbis_analysis_init(vorbis_dsp_state *v,vorbis_info *vi){
+ 
+   /* compressed audio packets start after the headers
+      with sequence number 3 */
+   v->sequence=3;
+ 
+   return(0);
+ }
+ 
++void vorbis_dsp_init(vorbis_dsp_state *v){
++  memset(v,0,sizeof(*v));
++}
++
+ void vorbis_dsp_clear(vorbis_dsp_state *v){
+   int i;
+   if(v){
+     vorbis_info *vi=v->vi;
+     codec_setup_info *ci=(vi?vi->codec_setup:NULL);
+     private_state *b=v->backend_state;
+ 
+     if(b){
--- a/media/libvorbis/include/vorbis/codec.h
+++ b/media/libvorbis/include/vorbis/codec.h
@@ -170,16 +170,17 @@ extern void     vorbis_comment_add(vorbi
 extern void     vorbis_comment_add_tag(vorbis_comment *vc,
 				       char *tag, char *contents);
 extern char    *vorbis_comment_query(vorbis_comment *vc, char *tag, int count);
 extern int      vorbis_comment_query_count(vorbis_comment *vc, char *tag);
 extern void     vorbis_comment_clear(vorbis_comment *vc);
 
 extern int      vorbis_block_init(vorbis_dsp_state *v, vorbis_block *vb);
 extern int      vorbis_block_clear(vorbis_block *vb);
+extern void     vorbis_dsp_init(vorbis_dsp_state *v);
 extern void     vorbis_dsp_clear(vorbis_dsp_state *v);
 extern double   vorbis_granule_time(vorbis_dsp_state *v,
 				    ogg_int64_t granulepos);
 
 /* Vorbis PRIMITIVES: analysis/DSP layer ****************************/
 
 extern int      vorbis_analysis_init(vorbis_dsp_state *v,vorbis_info *vi);
 extern int      vorbis_commentheader_out(vorbis_comment *vc, ogg_packet *op);
--- a/media/libvorbis/lib/vorbis_block.c
+++ b/media/libvorbis/lib/vorbis_block.c
@@ -84,18 +84,16 @@ static int ilog2(unsigned int v){
 #ifndef WORD_ALIGN
 #define WORD_ALIGN 8
 #endif
 
 int vorbis_block_init(vorbis_dsp_state *v, vorbis_block *vb){
   int i;
   memset(vb,0,sizeof(*vb));
   vb->vd=v;
-  vb->localalloc=0;
-  vb->localstore=NULL;
   if(v->analysisp){
     vorbis_block_internal *vbi=
       vb->internal=_ogg_calloc(1,sizeof(vorbis_block_internal));
     vbi->ampmax=-9999;
 
     for(i=0;i<PACKETBLOBS;i++){
       if(i==PACKETBLOBS/2){
 	vbi->packetblob[i]=&vb->opb;
@@ -295,16 +293,20 @@ int vorbis_analysis_init(vorbis_dsp_stat
 
   /* compressed audio packets start after the headers
      with sequence number 3 */
   v->sequence=3;
 
   return(0);
 }
 
+void vorbis_dsp_init(vorbis_dsp_state *v){
+  memset(v,0,sizeof(*v));
+}
+
 void vorbis_dsp_clear(vorbis_dsp_state *v){
   int i;
   if(v){
     vorbis_info *vi=v->vi;
     codec_setup_info *ci=(vi?vi->codec_setup:NULL);
     private_state *b=v->backend_state;
 
     if(b){
--- a/media/libvorbis/update.sh
+++ b/media/libvorbis/update.sh
@@ -42,8 +42,9 @@ cp $1/lib/codebook.c ./lib/vorbis_codebo
 cp $1/lib/bitrate.c ./lib/vorbis_bitrate.c
 cp $1/lib/block.c ./lib/vorbis_block.c
 cp $1/include/vorbis/codec.h ./include/vorbis/codec.h
 cp $1/todo.txt ./todo.txt
 cp $1/COPYING ./COPYING
 cp $1/README ./README
 cp $1/AUTHORS ./AUTHORS
 patch -p3 < ./alloca.diff
+patch -p3 <./bug481601.patch