Bug 481601 - Fix crash in [@ _vorbis_block_ripcord - vorbis_block_clear] - r=conrad.parker
authorChris Double <chris.double@double.co.nz>
Tue, 10 Mar 2009 13:45:09 +1300
changeset 25959 203815a88708b8ec211fb9b74a034a7ecd435f33
parent 25958 aac514561b0b3491f84bee02e4136b7fe353bf7b
child 25960 e1545d194a52d0e6e3c6b816a2197b68721a5c09
push idunknown
push userunknown
push dateunknown
reviewersconrad.parker
bugs481601
milestone1.9.2a1pre
Bug 481601 - Fix crash in [@ _vorbis_block_ripcord - vorbis_block_clear] - r=conrad.parker
media/libfishsound/README_MOZILLA
media/libfishsound/bug481601.patch
media/libfishsound/src/libfishsound/fishsound_vorbis.c
media/libfishsound/update.sh
media/libvorbis/README_MOZILLA
media/libvorbis/bug481601.patch
media/libvorbis/include/vorbis/codec.h
media/libvorbis/lib/vorbis_block.c
media/libvorbis/update.sh
--- a/media/libfishsound/README_MOZILLA
+++ b/media/libfishsound/README_MOZILLA
@@ -2,8 +2,9 @@ The source from this directory was copie
 source distribution using the update.sh script. The only changes made
 were those applied by update.sh and the addition/upate of Makefile.in
 files for the Mozilla build system.
 
 Some files are renamed during the copy to prevent clashes with object
 file names with other Mozilla libraries.
 
 endian.patch is applied to fix Bug 45269.
+bu481601.patch is applied to fix bug 481601.
new file mode 100644
--- /dev/null
+++ b/media/libfishsound/bug481601.patch
@@ -0,0 +1,23 @@
+diff --git a/media/libfishsound/src/libfishsound/fishsound_vorbis.c b/media/libfishsound/src/libfishsound/fishsound_vorbis.c
+index 0c93a35..b1efc48 100644
+--- a/media/libfishsound/src/libfishsound/fishsound_vorbis.c
++++ b/media/libfishsound/src/libfishsound/fishsound_vorbis.c
+@@ -423,16 +423,18 @@ fs_vorbis_init (FishSound * fsound)
+ 
+   fsv = fs_malloc (sizeof (FishSoundVorbisInfo));
+   if (fsv == NULL) return NULL;
+ 
+   fsv->packetno = 0;
+   fsv->finished = 0;
+   vorbis_info_init (&fsv->vi);
+   vorbis_comment_init (&fsv->vc);
++  vorbis_dsp_init (&fsv->vd);
++  vorbis_block_init (&fsv->vd, &fsv->vb);
+   fsv->pcm = NULL;
+   fsv->ipcm = NULL;
+   fsv->max_pcm = 0;
+ 
+   fsound->codec_data = fsv;
+ 
+ #if FS_ENCODE && HAVE_VORBISENC
+ 
--- a/media/libfishsound/src/libfishsound/fishsound_vorbis.c
+++ b/media/libfishsound/src/libfishsound/fishsound_vorbis.c
@@ -423,16 +423,18 @@ fs_vorbis_init (FishSound * fsound)
 
   fsv = fs_malloc (sizeof (FishSoundVorbisInfo));
   if (fsv == NULL) return NULL;
 
   fsv->packetno = 0;
   fsv->finished = 0;
   vorbis_info_init (&fsv->vi);
   vorbis_comment_init (&fsv->vc);
+  vorbis_dsp_init (&fsv->vd);
+  vorbis_block_init (&fsv->vd, &fsv->vb);
   fsv->pcm = NULL;
   fsv->ipcm = NULL;
   fsv->max_pcm = 0;
 
   fsound->codec_data = fsv;
 
 #if FS_ENCODE && HAVE_VORBISENC
 
--- a/media/libfishsound/update.sh
+++ b/media/libfishsound/update.sh
@@ -34,8 +34,9 @@ cp $1/src/libfishsound/private.h ./src/l
 cp $1/src/libfishsound/fs_compat.h ./src/libfishsound/fs_compat.h
 cp $1/src/libfishsound/speex.c ./src/libfishsound/fishsound_speex.c
 cp $1/src/libfishsound/encode.c ./src/libfishsound/fishsound_encode.c
 cp $1/src/libfishsound/fs_vector.h ./src/libfishsound/fs_vector.h
 cp $1/src/libfishsound/fs_vector.c ./src/libfishsound/fs_vector.c
 cp $1/src/libfishsound/convert.h ./src/libfishsound/convert.h
 cp $1/AUTHORS ./AUTHORS
 patch -p4 <endian.patch
+patch -p3 <bug481601.patch
--- a/media/libvorbis/README_MOZILLA
+++ b/media/libvorbis/README_MOZILLA
@@ -5,9 +5,9 @@ files for the Mozilla build system.
 
 Some files are renamed during the copy to prevent clashes with object
 file names with other Mozilla libraries.
 
 BUG 455372 - WinCE LibVorbis No FPU Support on WinMobile, removed FPU
 support for builds with WINCE defined.
 
 BUG 469639 - Failed to build firefox trunk on OpenSolaris
-
+bug481601.patch is appled to fix bug 481601.
new file mode 100644
--- /dev/null
+++ b/media/libvorbis/bug481601.patch
@@ -0,0 +1,66 @@
+diff --git a/media/libvorbis/include/vorbis/codec.h b/media/libvorbis/include/vorbis/codec.h
+index b23fe0a..c62b2d5 100644
+--- a/media/libvorbis/include/vorbis/codec.h
++++ b/media/libvorbis/include/vorbis/codec.h
+@@ -170,16 +170,17 @@ extern void     vorbis_comment_add(vorbis_comment *vc, char *comment);
+ extern void     vorbis_comment_add_tag(vorbis_comment *vc,
+ 				       char *tag, char *contents);
+ extern char    *vorbis_comment_query(vorbis_comment *vc, char *tag, int count);
+ extern int      vorbis_comment_query_count(vorbis_comment *vc, char *tag);
+ extern void     vorbis_comment_clear(vorbis_comment *vc);
+ 
+ extern int      vorbis_block_init(vorbis_dsp_state *v, vorbis_block *vb);
+ extern int      vorbis_block_clear(vorbis_block *vb);
++extern void     vorbis_dsp_init(vorbis_dsp_state *v);
+ extern void     vorbis_dsp_clear(vorbis_dsp_state *v);
+ extern double   vorbis_granule_time(vorbis_dsp_state *v,
+ 				    ogg_int64_t granulepos);
+ 
+ /* Vorbis PRIMITIVES: analysis/DSP layer ****************************/
+ 
+ extern int      vorbis_analysis_init(vorbis_dsp_state *v,vorbis_info *vi);
+ extern int      vorbis_commentheader_out(vorbis_comment *vc, ogg_packet *op);
+diff --git a/media/libvorbis/lib/vorbis_block.c b/media/libvorbis/lib/vorbis_block.c
+index 3b6f456..d7f5974 100644
+--- a/media/libvorbis/lib/vorbis_block.c
++++ b/media/libvorbis/lib/vorbis_block.c
+@@ -84,18 +84,16 @@ static int ilog2(unsigned int v){
+ #ifndef WORD_ALIGN
+ #define WORD_ALIGN 8
+ #endif
+ 
+ int vorbis_block_init(vorbis_dsp_state *v, vorbis_block *vb){
+   int i;
+   memset(vb,0,sizeof(*vb));
+   vb->vd=v;
+-  vb->localalloc=0;
+-  vb->localstore=NULL;
+   if(v->analysisp){
+     vorbis_block_internal *vbi=
+       vb->internal=_ogg_calloc(1,sizeof(vorbis_block_internal));
+     vbi->ampmax=-9999;
+ 
+     for(i=0;i<PACKETBLOBS;i++){
+       if(i==PACKETBLOBS/2){
+ 	vbi->packetblob[i]=&vb->opb;
+@@ -295,16 +293,20 @@ int vorbis_analysis_init(vorbis_dsp_state *v,vorbis_info *vi){
+ 
+   /* compressed audio packets start after the headers
+      with sequence number 3 */
+   v->sequence=3;
+ 
+   return(0);
+ }
+ 
++void vorbis_dsp_init(vorbis_dsp_state *v){
++  memset(v,0,sizeof(*v));
++}
++
+ void vorbis_dsp_clear(vorbis_dsp_state *v){
+   int i;
+   if(v){
+     vorbis_info *vi=v->vi;
+     codec_setup_info *ci=(vi?vi->codec_setup:NULL);
+     private_state *b=v->backend_state;
+ 
+     if(b){
--- a/media/libvorbis/include/vorbis/codec.h
+++ b/media/libvorbis/include/vorbis/codec.h
@@ -170,16 +170,17 @@ extern void     vorbis_comment_add(vorbi
 extern void     vorbis_comment_add_tag(vorbis_comment *vc,
 				       char *tag, char *contents);
 extern char    *vorbis_comment_query(vorbis_comment *vc, char *tag, int count);
 extern int      vorbis_comment_query_count(vorbis_comment *vc, char *tag);
 extern void     vorbis_comment_clear(vorbis_comment *vc);
 
 extern int      vorbis_block_init(vorbis_dsp_state *v, vorbis_block *vb);
 extern int      vorbis_block_clear(vorbis_block *vb);
+extern void     vorbis_dsp_init(vorbis_dsp_state *v);
 extern void     vorbis_dsp_clear(vorbis_dsp_state *v);
 extern double   vorbis_granule_time(vorbis_dsp_state *v,
 				    ogg_int64_t granulepos);
 
 /* Vorbis PRIMITIVES: analysis/DSP layer ****************************/
 
 extern int      vorbis_analysis_init(vorbis_dsp_state *v,vorbis_info *vi);
 extern int      vorbis_commentheader_out(vorbis_comment *vc, ogg_packet *op);
--- a/media/libvorbis/lib/vorbis_block.c
+++ b/media/libvorbis/lib/vorbis_block.c
@@ -84,18 +84,16 @@ static int ilog2(unsigned int v){
 #ifndef WORD_ALIGN
 #define WORD_ALIGN 8
 #endif
 
 int vorbis_block_init(vorbis_dsp_state *v, vorbis_block *vb){
   int i;
   memset(vb,0,sizeof(*vb));
   vb->vd=v;
-  vb->localalloc=0;
-  vb->localstore=NULL;
   if(v->analysisp){
     vorbis_block_internal *vbi=
       vb->internal=_ogg_calloc(1,sizeof(vorbis_block_internal));
     vbi->ampmax=-9999;
 
     for(i=0;i<PACKETBLOBS;i++){
       if(i==PACKETBLOBS/2){
 	vbi->packetblob[i]=&vb->opb;
@@ -295,16 +293,20 @@ int vorbis_analysis_init(vorbis_dsp_stat
 
   /* compressed audio packets start after the headers
      with sequence number 3 */
   v->sequence=3;
 
   return(0);
 }
 
+void vorbis_dsp_init(vorbis_dsp_state *v){
+  memset(v,0,sizeof(*v));
+}
+
 void vorbis_dsp_clear(vorbis_dsp_state *v){
   int i;
   if(v){
     vorbis_info *vi=v->vi;
     codec_setup_info *ci=(vi?vi->codec_setup:NULL);
     private_state *b=v->backend_state;
 
     if(b){
--- a/media/libvorbis/update.sh
+++ b/media/libvorbis/update.sh
@@ -42,8 +42,9 @@ cp $1/lib/codebook.c ./lib/vorbis_codebo
 cp $1/lib/bitrate.c ./lib/vorbis_bitrate.c
 cp $1/lib/block.c ./lib/vorbis_block.c
 cp $1/include/vorbis/codec.h ./include/vorbis/codec.h
 cp $1/todo.txt ./todo.txt
 cp $1/COPYING ./COPYING
 cp $1/README ./README
 cp $1/AUTHORS ./AUTHORS
 patch -p3 < ./alloca.diff
+patch -p3 <./bug481601.patch