vorbis-tools icon indicating copy to clipboard operation
vorbis-tools copied to clipboard

Published 20 hours ago verified publisher icon xiph

Incorrect check in vcut.c and possible out-of-range array index

Open Alpt opened this issue 5 years ago • 1 comments

In vcut.c submit_headers_to_stream, the following is done:

    for(i=0;i<4;i++)
    {
        ogg_packet p;
        if(i < 4) { /* a header packet */
           take vs->headers[i]
        } else {
           take  vs->last_packet
        }

i < 4 is always true, so the else branch is never executed. Also, vs->headers is declared as follow: vcut_packet headers[3]; So, vs->headers[3] is out of range.

Alpt avatar Apr 16 '20 10:04 Alpt

This issue was already mentioned in pull request https://github.com/xiph/vorbis-tools/pull/23

Alpt avatar Apr 17 '20 10:04 Alpt