vss: Avoid read-overflowing the header buffer for ogg streams.
valgrind complains because of invalid reads/writes in vss.c:
==998== Invalid write of size 1
==998== at 0x8050B09: vss_post_select (vss.c:574)
==998== by 0x806106C: schedule (sched.c:71)
==998== by 0x804EE04: main (server.c:579)
==998== Address 0x46d99bc is 0 bytes after a block of size 548 alloc'd
==998== at 0x4028A3B: realloc (vg_replace_malloc.c:632)
==998== by 0x805356B: para_realloc (string.c:40)
==998== by 0x80506EC: vss_post_select (vss.c:331)
==998== by 0x806106C: schedule (sched.c:71)
==998== by 0x804EE04: main (server.c:579)
==998==
...
==5543== Invalid read of size 1
==5543== at 0x8050EBD: vss_post_select (vss.c:1099)
==5543== by 0x806108E: schedule (sched.c:71)
==5543== by 0x804EE04: main (server.c:579)
==5543== Address 0x47c70ac is 0 bytes after a block of size 3,956 alloc'd
==5543== at 0x4028A3B: realloc (vg_replace_malloc.c:632)
==5543== by 0x805358D: para_realloc (string.c:40)
==5543== by 0x80642AA: add_ogg_page (ogg_afh.c:78)
==5543== by 0x8064458: vorbis_get_header_callback (ogg_afh.c:132)
==5543== by 0x8063EF1: process_ogg_packets (ogg_afh_common.c:48)
==5543== by 0x8063F9A: ogg_get_file_info (ogg_afh_common.c:144)
==5543== by 0x8064200: vorbis_get_header (ogg_afh.c:149)
==5543== by 0x804FDD9: recv_afs_result (vss.c:1006)
==5543== by 0x80503F4: vss_post_select (vss.c:1124)
==5543== by 0x806108E: schedule (sched.c:71)
==5543== by 0x804EE04: main (server.c:579)
The problem is that for ogg streams chunk 0 points to a buffer on
the heap rather than to the mapped audio file, but we are checking
the buffer bounds against the memory map.
The fix consists of two parts. (a) We now treat a FEC group special
if it starts at chunk zero: Such a group now contains only this single
chunk. (b) When setting up the FEC group we always compare the buffer
bounds against the start of the first buffer in the group rather than
the memory map.
projects / paraslash.git / commit