[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-devel
Subject: Re: bug in arts
From: Matthias Welwarsky <matze () stud ! fbi ! fh-darmstadt ! de>
Date: 2002-07-22 7:14:57
[Download RAW message or body]
On Sunday 21 July 2002 22:33, Dan Stone wrote:
>
> It seems that the spec for the ov_read_float() function (in libvorbis'
> vorbisfile.c) changed from rc3 to the 1.0 release. It used to be:
> long ov_read_float(OggVorbis_File *vf,float ***pcm_channels,int *bitstream)
>
> and it now is:
> long ov_read_float(OggVorbis_File *vf,float ***pcm_channels,int length,int
> *bitstream)
>
> From reading the spec provided with the source, it seems that 'length' is
> the maximum amount of samples you want back from the read...I can't figure
> out why you'd want to limit this, but maybe someone with more knowledge of
> the aRts server could comment on that...once that's nailed down, seems like
> a quick fix. I just set 'length' to an insanely large number, and it
> compiled fine =P
... and you created a fine buffer overflow by doing so. The ov_read_float will
now probably write an insane amount of samples into your sample buffer
(pcm_channels), no matter how long it actually was.
regards,
matze
--
Matthias Welwarsky
Fachschaft Informatik FH Darmstadt
Email: matze@stud.fbi.fh-darmstadt.de
"all software sucks equally, but some software is more equal"
[Attachment #3 (application/pgp-signature)]
>> Visit http://mail.kde.org/mailman/listinfo/kde-devel#unsub to unsubscribe <<
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic