diff --git a/Brewfile b/Brewfile new file mode 100644 index 0000000..af81e5b --- /dev/null +++ b/Brewfile @@ -0,0 +1,3 @@ +brew 'doxygen' +brew 'libogg' +brew 'xz' diff --git a/Makefile.am b/Makefile.am index c35131a..3feaf72 100644 --- a/Makefile.am +++ b/Makefile.am @@ -26,7 +26,7 @@ EXTRA_DIST = \ vorbisenc-uninstalled.pc.in \ vorbisfile-uninstalled.pc.in \ symbian \ - macosx win32 + macosx win32 CMakeLists.txt DISTCHECK_CONFIGURE_FLAGS = --enable-docs diff --git a/contrib/oss-fuzz/build.sh b/contrib/oss-fuzz/build.sh new file mode 100755 index 0000000..29e7f38 --- /dev/null +++ b/contrib/oss-fuzz/build.sh @@ -0,0 +1,23 @@ +#!/bin/bash -eu + +pushd $SRC +mv people.xiph.org/*.ogg decode_corpus/ +zip -r "$OUT/decode_fuzzer_seed_corpus.zip" decode_corpus/ +popd + +pushd $SRC/ogg +./autogen.sh +./configure --prefix="$WORK" --enable-static --disable-shared --disable-crc +make clean +make -j$(nproc) +make install +popd + + +./autogen.sh +./configure --prefix="$WORK" --enable-static --disable-shared +make clean +make -j$(nproc) +make install + +$CXX $CXXFLAGS $SRC/vorbis/contrib/oss-fuzz/decode_fuzzer.cc -o $OUT/decode_fuzzer -L"$WORK/lib" -I"$WORK/include" -lFuzzingEngine -lvorbisfile -lvorbis -logg diff --git a/contrib/oss-fuzz/decode_fuzzer.cc b/contrib/oss-fuzz/decode_fuzzer.cc new file mode 100644 index 0000000..b8840c1 --- /dev/null +++ b/contrib/oss-fuzz/decode_fuzzer.cc @@ -0,0 +1,48 @@ +#include +#include +#include +#include + +struct vorbis_data { + const uint8_t *current; + const uint8_t *data; + size_t size; +}; + +size_t read_func(void *ptr, size_t size1, size_t size2, void *datasource) { + vorbis_data* vd = (vorbis_data *)(datasource); + size_t len = size1 * size2; + if (vd->current + len > vd->data + vd->size) { + len = vd->data + vd->size - vd->current; + } + memcpy(ptr, vd->current, len); + vd->current += len; + return len; +} + + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { + ov_callbacks memory_callbacks = {0}; + memory_callbacks.read_func = read_func; + vorbis_data data_st; + data_st.size = Size; + data_st.current = Data; + data_st.data = Data; + OggVorbis_File vf; + int result = ov_open_callbacks(&data_st, &vf, NULL, 0, memory_callbacks); + if (result < 0) { + return 0; + } + int current_section = 0; + int eof = 0; + char buf[4096]; + int read_result; + while (!eof) { + read_result = ov_read(&vf, buf, sizeof(buf), 0, 2, 1, ¤t_section); + if (read_result != OV_HOLE && read_result <= 0) { + eof = 1; + } + } + ov_clear(&vf); + return 0; +} diff --git a/lib/Makefile.am b/lib/Makefile.am index cd5afdf..e22895e 100644 --- a/lib/Makefile.am +++ b/lib/Makefile.am @@ -35,7 +35,7 @@ psytune_SOURCES = psytune.c psytune_LDFLAGS = -static psytune_LDADD = libvorbis.la -EXTRA_DIST = lookups.pl +EXTRA_DIST = lookups.pl CMakeLists.txt # build and run the self tests on 'make check' diff --git a/lib/info.c b/lib/info.c index 3fbb7c7..23efa25 100644 --- a/lib/info.c +++ b/lib/info.c @@ -203,6 +203,7 @@ void vorbis_info_clear(vorbis_info *vi){ static int _vorbis_unpack_info(vorbis_info *vi,oggpack_buffer *opb){ codec_setup_info *ci=vi->codec_setup; + int bs; if(!ci)return(OV_EFAULT); vi->version=oggpack_read(opb,32); @@ -215,8 +216,12 @@ static int _vorbis_unpack_info(vorbis_info *vi,oggpack_buffer *opb){ vi->bitrate_nominal=(ogg_int32_t)oggpack_read(opb,32); vi->bitrate_lower=(ogg_int32_t)oggpack_read(opb,32); - ci->blocksizes[0]=1<blocksizes[1]=1<blocksizes[0]=1<blocksizes[1]=1<rate<1)goto err_out; if(vi->channels<1)goto err_out; diff --git a/lib/os.h b/lib/os.h index 416a401..e098926 100644 --- a/lib/os.h +++ b/lib/os.h @@ -120,7 +120,7 @@ static inline int vorbis_ftoi(double f){ /* yes, double! Otherwise, /* MSVC inline assembly. 32 bit only; inline ASM isn't implemented in the * 64 bit compiler and doesn't work on arm. */ #if defined(_MSC_VER) && !defined(_WIN64) && \ - !defined(_WIN32_WCE) && !defined(_M_ARM) + !defined(_WIN32_WCE) && !defined(_M_ARM) && !defined(_M_ARM64) # define VORBIS_FPU_CONTROL typedef ogg_int16_t vorbis_fpu_control; diff --git a/lib/psy.c b/lib/psy.c index 422c6f1..1310123 100644 --- a/lib/psy.c +++ b/lib/psy.c @@ -602,8 +602,9 @@ static void bark_noise_hybridmp(int n,const long *b, for (i = 0, x = 0.f;; i++, x += 1.f) { lo = b[i] >> 16; - if( lo>=0 ) break; hi = b[i] & 0xffff; + if( lo>=0 ) break; + if( hi>=n ) break; tN = N[hi] + N[-lo]; tX = X[hi] - X[-lo]; diff --git a/lib/sharedbook.c b/lib/sharedbook.c index 4545d4f..8d73daa 100644 --- a/lib/sharedbook.c +++ b/lib/sharedbook.c @@ -62,7 +62,15 @@ float _float32_unpack(long val){ int sign=val&0x80000000; long exp =(val&0x7fe00000L)>>VQ_FMAN; if(sign)mant= -mant; - return(ldexp(mant,exp-(VQ_FMAN-1)-VQ_FEXP_BIAS)); + exp=exp-(VQ_FMAN-1)-VQ_FEXP_BIAS; + /* clamp excessive exponent values */ + if (exp>63){ + exp=63; + } + if (exp<-63){ + exp-63; + } + return(ldexp(mant,exp)); } /* given a list of word lengths, generate a list of codewords. Works diff --git a/lib/vorbisenc.c b/lib/vorbisenc.c index 4a4607c..64a51b5 100644 --- a/lib/vorbisenc.c +++ b/lib/vorbisenc.c @@ -684,6 +684,7 @@ int vorbis_encode_setup_init(vorbis_info *vi){ highlevel_encode_setup *hi=&ci->hi; if(ci==NULL)return(OV_EINVAL); + if(vi->channels<1||vi->channels>255)return(OV_EINVAL); if(!hi->impulse_block_p)i0=1; /* too low/high an ATH floater is nonsensical, but doesn't break anything */ @@ -1210,7 +1211,7 @@ int vorbis_encode_ctl(vorbis_info *vi,int number,void *arg){ hi->req, hi->managed, &new_base); - if(!hi->setup)return OV_EIMPL; + if(!new_template)return OV_EIMPL; hi->setup=new_template; hi->base_setting=new_base; vorbis_encode_setup_setting(vi,vi->channels,vi->rate);