Fix crashes with fuzzed Ogg files. (CVE-2008-3231)

--HG--
extra : transplant_source : %9F%E8R%D8%94R%9CJ%7F%5E%A7%DB%29%0DK%CD%CA%AD%7F%08

2 files changed, 9 insertions, 1 deletions

diff --git a/ChangeLog b/ChangeLog
index b3dc760ff..0482c3b93 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,4 +1,6 @@
 xine-lib (1.1.15) 2008-??-??
+  * Security fixes:
+    - Fix crashes with corrupted Ogg files. (CVE-2008-3231)
   * Use external ffmpeg by default.
   * V4L: Don't segfault if asked for an input that doesn't exist
   * Recognise AMR audio (normally found in 3GP files).
diff --git a/src/demuxers/demux_ogg.c b/src/demuxers/demux_ogg.c
index 2cbba982f..9e9de45aa 100644
--- a/src/demuxers/demux_ogg.c
+++ b/src/demuxers/demux_ogg.c
@@ -1357,7 +1357,7 @@ static void send_header (demux_ogg_t *this) {
   this->ignore_keyframes = 0;
 
   while (!done) {
-    if (!read_ogg_packet(this)) {
+    if (!read_ogg_packet(this) || !this->og.header || !this->og.body) {
       return;
     }
     /* now we've got at least one new page */
@@ -1483,6 +1483,12 @@ static int demux_ogg_send_chunk (demux_plugin_t *this_gen) {
     return this->status;
   }
 
+  if (!this->og.header || !this->og.body) {
+    this->status = DEMUX_FINISHED;
+    lprintf ("EOF\n");
+    return this->status;
+  }
+
   /* now we've got one new page */
 
   cur_serno = ogg_page_serialno (&this->og);