diff options
| author | Andrew Productengine <adyukov@productengine.com> | 2010-10-25 18:56:04 +0300 |
|---|---|---|
| committer | Andrew Productengine <adyukov@productengine.com> | 2010-10-25 18:56:04 +0300 |
| commit | 158bfc563b018ba4e0068ff4202f6d2ad1001aa1 (patch) | |
| tree | 654e127b4e2e9f9e457e7f7667ae1121f6f89283 /indra/llaudio | |
| parent | de6f7e19c44d267d3224c56941c2ab27677c406f (diff) | |
STORM-95 FIXED Fixed hanging of client when incorrect WAV file was passed.
As Aimee has found: "The data chunk of nexfire.wav has an incorrect length specified in its header which we blindly trust when reading
the file in check_for_invalid_wav_formats() in llvorbisencode.cpp. It causes an overflow of the file position pointer when reading the file which makes
it start over from the beginning, hanging it in an infinite loop."
- To avoid this situation in future, check for chunk size was added, and if it is declared bigger then it may be, function is interrupted and returns error.
Diffstat (limited to 'indra/llaudio')
| -rw-r--r-- | indra/llaudio/llvorbisencode.cpp | 7 | ||||
| -rw-r--r-- | indra/llaudio/llvorbisencode.h | 1 |
2 files changed, 8 insertions, 0 deletions
diff --git a/indra/llaudio/llvorbisencode.cpp b/indra/llaudio/llvorbisencode.cpp index 9f479189d7..0e0c80a456 100644 --- a/indra/llaudio/llvorbisencode.cpp +++ b/indra/llaudio/llvorbisencode.cpp @@ -120,6 +120,13 @@ S32 check_for_invalid_wav_formats(const std::string& in_fname, std::string& erro + ((U32) wav_header[5] << 8) + wav_header[4]; + if (chunk_length > physical_file_size - file_pos - 4) + { + infile.close(); + error_msg = "SoundFileInvalidChunkSize"; + return(LLVORBISENC_CHUNK_SIZE_ERR); + } + // llinfos << "chunk found: '" << wav_header[0] << wav_header[1] << wav_header[2] << wav_header[3] << "'" << llendl; if (!(strncmp((char *)&(wav_header[0]),"fmt ",4))) diff --git a/indra/llaudio/llvorbisencode.h b/indra/llaudio/llvorbisencode.h index d33aacf1ea..6b22a2cb59 100644 --- a/indra/llaudio/llvorbisencode.h +++ b/indra/llaudio/llvorbisencode.h @@ -38,6 +38,7 @@ const S32 LLVORBISENC_MULTICHANNEL_ERR = 7; // can't do stereo const S32 LLVORBISENC_UNSUPPORTED_SAMPLE_RATE = 8; // unsupported sample rate const S32 LLVORBISENC_UNSUPPORTED_WORD_SIZE = 9; // unsupported word size const S32 LLVORBISENC_CLIP_TOO_LONG = 10; // source file is too long +const S32 LLVORBISENC_CHUNK_SIZE_ERR = 11; // chunk size is wrong const F32 LLVORBIS_CLIP_MAX_TIME = 10.0f; const U8 LLVORBIS_CLIP_MAX_CHANNELS = 2; |