Commit Graph

84 Commits

Author SHA1 Message Date
Sean Barrett 98fdfc6df8 Fix seven bugs discovered and fixed by ForAllSecure:
CVE-2019-13217: heap buffer overflow in start_decoder()
CVE-2019-13218: stack buffer overflow in compute_codewords()
CVE-2019-13219: uninitialized memory in vorbis_decode_packet_rest()
CVE-2019-13220: out-of-range read in draw_line()
CVE-2019-13221: issue with large 1D codebooks in lookup1_values()
CVE-2019-13222: unchecked NULL returned by get_window()
CVE-2019-13223: division by zero in predict_point()
2019-08-09 04:05:22 -07:00
Sean Barrett 2c2908f505 update version numbers 2019-03-04 15:08:53 -08:00
Sean Barrett a0b521fcf2 no warnings when compiling /W3
compiling all test cases and compilers in test.sbm
   Compilers:
     32-bit:
       VS2015
       VS2013
       VS2008
       VC6 (1998)
       clang-cl 9.0.1
     64-bit
       VS2015
       clang-cl 9.0.1
2019-03-04 14:45:06 -08:00
Sean Barrett 63b59b46b0 update version numbers 2019-02-07 10:03:00 -08:00
Kevin Croft d1dc3fe89c Fix return typo, disambiguate else, and check for the complete fishead identifier 2019-02-07 08:43:59 -08:00
Kevin Croft 604b9367ee Add detection for Ogg skeleton metadata 2019-02-07 08:43:59 -08:00
luz.paz 622b3adad3 Misc. comment typos
Found via `codespell -q 3`
2018-02-12 14:54:22 -05:00
Sean Barrett ac66307576 docs 2018-02-11 11:41:20 -08:00
Sean Barrett b79c8458d3 stb_vorbis: avoid NaN due to uninitialized variable 2018-02-11 11:29:53 -08:00
Sean Barrett a77d9213e4 stb_vorbis: no dealloca 2018-02-01 03:53:17 -08:00
Sean Barrett 663deb3a43 redo lost stb_vorbis fixes 2018-01-29 15:20:54 -08:00
Sean Barrett dfff6f5e7c stb_image: fix assert macro usage; stb_vorbis: changelog 2018-01-29 13:15:10 -08:00
Sean Barrett ee0ebfc79b version numbers 2018-01-29 04:59:32 -08:00
Sean Barrett 244d83bc3d fix unchecked length in stb_vorbis that could crash on corrupt/invalid files 2018-01-29 02:23:18 -08:00
Sean Barrett dd039e8cc5 credits for mingw fixes in #444 2017-07-23 14:13:07 -07:00
Sean Barrett 3b232a3ff7 Merge branch 'master' of https://github.com/Infatum/stb into dev 2017-07-23 14:10:17 -07:00
Sean Barrett 555efbedfc Update version numbers 2017-07-23 14:09:39 -07:00
Fabian Giesen 2da81a6433 stb_vorbis: MinGW has alloca defined in malloc.h.
Fixes issue #461.
2017-07-22 14:39:52 -07:00
Infatum 4963448726 fix: Build on MinGW32 2017-04-20 15:49:36 +03:00
Sean Barrett e248e30954 change license to public-domain AND mit (based on twitter vote) 2017-03-03 07:53:07 -08:00
Sean Barrett f88e2a8e7b update version 2017-03-03 06:58:14 -08:00
Sean Barrett 46046238b8 rename Point data structure as suggested in pull request 2017-03-03 06:54:11 -08:00
Sean Barrett c88489549d Merge branch 'avoid-name-clash' of https://github.com/jlnr/stb into working 2017-03-03 06:51:37 -08:00
Sean Barrett f9a83c0ae1 Merge branch 'master' of https://github.com/alxprd/stb into working 2017-03-03 06:50:32 -08:00
Sean Barrett 66fdbaaa87 Merge branch 'fix_vorbis_ilog' of https://github.com/rygorous/stb into working 2017-03-03 06:48:48 -08:00
Sean Barrett d2de2be10f vorbis: propagate errors better on seek failure (e.g. when coarse seek fails) 2017-03-03 05:48:37 -08:00
Julian Raschke a055654ee3 Rename Point to stbv__point 2016-12-27 11:18:26 +01:00
Alejandro Pereda 3f36b29589 Overwrites error parameter in stb_vorbis_open_memory when there is no error. This avoid confusion due to previous values. 2016-12-26 16:01:50 +01:00
Fabian Giesen f32854c809 stb_vorbis: Fix handling of negative numbers in ilog.
For negative n, the original code went down the "n < (1<<4)"
path and performed an out-of-bounds array access. Fix the code
to agree with section 9.2.1 of the Vorbis spec. (Verified by
exhaustive testing of all 32-bit ints.)

Fixes issue #355.
2016-10-22 00:26:09 -07:00
Sean Barrett 14e6a98469 clarify alloca #include whitelists 2016-08-27 12:10:46 -07:00
Sean Barrett f4938bfa4d Whitelist the compilers that need malloc.h for alloca 2016-08-27 12:09:01 -07:00
Sean Barrett 4c519106a7 back out previous change to stb_vorbis (truncation of last frame in corrupt file) 2016-04-04 18:39:30 -07:00
Sean Barrett 6e4154737c update version numbers, documentation, and contributors 2016-04-02 04:51:26 -07:00
Sean Barrett b03133000a avoid dropping final frame of audio data due to wrong test 2016-04-02 04:20:36 -07:00
Sean Barrett 92bd7a49a8 emscripten needs explicit alloca as well 2016-04-02 03:57:17 -07:00
Sean Barrett 75c5908f95 fix includes for linux alloca 2016-04-02 03:44:50 -07:00
Jörn Heusipp aeba55604a stb_vorbis: Fix memory leak in start_decoder(). 2016-04-02 03:44:37 -07:00
Sean Barrett 8f368799e1 Merge branch 'for-upstream-stbvorbis-fix-memleaks' of https://github.com/manxorist/stb 2016-04-02 02:58:19 -07:00
Sean Barrett ba1277e39c Merge branch 'fix_warnings' of https://github.com/tgoulart/stb into working 2016-04-02 02:54:53 -07:00
Jörn Heusipp 0985e89335 stb_vorbis: Fix memory leak in decode_residue() and inverse_mdct() when redefining temp_alloc() and temp_free()
temp_alloc() and temp_free() are documented as customization points in section "MEMORY ALLOCATION" (stb_vorbis.c:81).
However, in decode_residue() and inverse_mdct() (via temp_block_array() and temp_alloc() respectively), stb_vorbis allocates temporary memory but does not call temp_free() when finished. It does call temp_alloc_restore() though, but there is no sane way to provide an implementation thereof when using a malloc()/free()-like allocation backend.

Adding calls to temp_free() before the respective calls to temp_alloc_restore() is safe, because in case of a non-empty temp_alloc_restore() implementation, temp_free() would simply be implemented empty (the current implementation of temp_*() is fine in this regard). That way, all possible temporary memory allocation schemes (i.e. alloca(), custom provided alloc_buffer, malloc()) are handled properly.

Add the appropriate temp_free() calls.
2016-03-17 09:23:45 +01:00
Thiago Goulart 5a00ce39eb Fix a few warnings when building std_vorbis using Xcode 7.2.1 2016-03-02 00:50:40 -08:00
Craig Donner ee6978cb68 Slightly modify the public domain license to keep it in the public domain, but make it clear that even when dedications might not be recognized that the code is still usable. Given that this isn't dual-licensing under a different license, I'm hoping this will be acceptable. 2016-02-25 12:55:44 -08:00
Sean Barrett 79f29bafff fix previous stb_vorbis check-in that didn't actually compile;
make stb_vorbis_alloc* parameter in APIs be const
2016-01-16 09:48:01 -08:00
Sean Barrett 3560e553e8 stb_vorbis version history and contributor info 2016-01-16 07:42:24 -08:00
Sean Barrett e9e5dd94b8 Merge branch 'vorbis-pedantic' of https://github.com/rohit-n/stb into working 2016-01-16 07:35:10 -08:00
Sean Barrett 95e954c822 const correctness for pushdata API;
minor tweak to get_samples_interleaved documentation
2016-01-16 07:26:16 -08:00
Sean Barrett 0860860af6 avoid __forceinline in mingw since their definition for C is broken;
dummy definitions for malloc et al (note you have to modify source to make this work though anyway);
tweak credits change;
2016-01-16 07:19:27 -08:00
Sean Barrett 2b57ea95da fixed version of removed support for CODEBOOK_SHORTS 2015-11-08 19:16:25 -08:00
Sean Barrett fe74a8c223 broken attempt at removign STB_VORBIS_CODEBOOK_FLOAT option 2015-11-08 19:13:32 -08:00
Sean Barrett bc2219e1b3 fix multiple crashes on invalid files 2015-11-08 16:22:07 -08:00