From 158bfc563b018ba4e0068ff4202f6d2ad1001aa1 Mon Sep 17 00:00:00 2001 From: Andrew Productengine Date: Mon, 25 Oct 2010 18:56:04 +0300 Subject: STORM-95 FIXED Fixed hanging of client when incorrect WAV file was passed. As Aimee has found: "The data chunk of nexfire.wav has an incorrect length specified in its header which we blindly trust when reading the file in check_for_invalid_wav_formats() in llvorbisencode.cpp. It causes an overflow of the file position pointer when reading the file which makes it start over from the beginning, hanging it in an infinite loop." - To avoid this situation in future, check for chunk size was added, and if it is declared bigger then it may be, function is interrupted and returns error. --- indra/llaudio/llvorbisencode.cpp | 7 +++++++ indra/llaudio/llvorbisencode.h | 1 + 2 files changed, 8 insertions(+) (limited to 'indra/llaudio') diff --git a/indra/llaudio/llvorbisencode.cpp b/indra/llaudio/llvorbisencode.cpp index 9f479189d7..0e0c80a456 100644 --- a/indra/llaudio/llvorbisencode.cpp +++ b/indra/llaudio/llvorbisencode.cpp @@ -120,6 +120,13 @@ S32 check_for_invalid_wav_formats(const std::string& in_fname, std::string& erro + ((U32) wav_header[5] << 8) + wav_header[4]; + if (chunk_length > physical_file_size - file_pos - 4) + { + infile.close(); + error_msg = "SoundFileInvalidChunkSize"; + return(LLVORBISENC_CHUNK_SIZE_ERR); + } + // llinfos << "chunk found: '" << wav_header[0] << wav_header[1] << wav_header[2] << wav_header[3] << "'" << llendl; if (!(strncmp((char *)&(wav_header[0]),"fmt ",4))) diff --git a/indra/llaudio/llvorbisencode.h b/indra/llaudio/llvorbisencode.h index d33aacf1ea..6b22a2cb59 100644 --- a/indra/llaudio/llvorbisencode.h +++ b/indra/llaudio/llvorbisencode.h @@ -38,6 +38,7 @@ const S32 LLVORBISENC_MULTICHANNEL_ERR = 7; // can't do stereo const S32 LLVORBISENC_UNSUPPORTED_SAMPLE_RATE = 8; // unsupported sample rate const S32 LLVORBISENC_UNSUPPORTED_WORD_SIZE = 9; // unsupported word size const S32 LLVORBISENC_CLIP_TOO_LONG = 10; // source file is too long +const S32 LLVORBISENC_CHUNK_SIZE_ERR = 11; // chunk size is wrong const F32 LLVORBIS_CLIP_MAX_TIME = 10.0f; const U8 LLVORBIS_CLIP_MAX_CHANNELS = 2; -- cgit v1.2.3