From kde-devel Mon Jul 22 07:14:57 2002 From: Matthias Welwarsky Date: Mon, 22 Jul 2002 07:14:57 +0000 To: kde-devel Subject: Re: bug in arts X-MARC-Message: https://marc.info/?l=kde-devel&m=102732229804351 MIME-Version: 1 Content-Type: multipart/mixed; boundary="--Boundary-02=_zD7O9GvnGHFMqU4" --Boundary-02=_zD7O9GvnGHFMqU4 Content-Type: text/plain; charset="windows-1252" Content-Transfer-Encoding: 8bit Content-Description: signed data Content-Disposition: inline On Sunday 21 July 2002 22:33, Dan Stone wrote: > > It seems that the spec for the ov_read_float() function (in libvorbis' > vorbisfile.c) changed from rc3 to the 1.0 release. It used to be: > long ov_read_float(OggVorbis_File *vf,float ***pcm_channels,int *bitstream) > > and it now is: > long ov_read_float(OggVorbis_File *vf,float ***pcm_channels,int length,int > *bitstream) > > From reading the spec provided with the source, it seems that 'length' is > the maximum amount of samples you want back from the read...I can't figure > out why you'd want to limit this, but maybe someone with more knowledge of > the aRts server could comment on that...once that's nailed down, seems like > a quick fix. I just set 'length' to an insanely large number, and it > compiled fine =P ... and you created a fine buffer overflow by doing so. The ov_read_float will now probably write an insane amount of samples into your sample buffer (pcm_channels), no matter how long it actually was. regards, matze -- Matthias Welwarsky Fachschaft Informatik FH Darmstadt Email: matze@stud.fbi.fh-darmstadt.de "all software sucks equally, but some software is more equal" --Boundary-02=_zD7O9GvnGHFMqU4 Content-Type: application/pgp-signature Content-Description: signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQA9O7DzANO+fpRuZ2IRAreZAJ9J+I+ivZDTYClgsdxpLoT7UTzGgwCeIp22 OomlK/8X2cdU5S+Woq4mZac= =Kc5B -----END PGP SIGNATURE----- --Boundary-02=_zD7O9GvnGHFMqU4-- >> Visit http://mail.kde.org/mailman/listinfo/kde-devel#unsub to unsubscribe <<