Incorrect check in vcut.c and possible out-of-range array index

xiph / vorbis-tools

Command-line tools for creating and playing Ogg Vorbis files.

GNU General Public License v2.0

73 stars 28 forks source link

Incorrect check in vcut.c and possible out-of-range array index #24

Open Alpt opened 4 years ago

Alpt commented 4 years ago

In vcut.c submit_headers_to_stream, the following is done:

    for(i=0;i<4;i++)
    {
        ogg_packet p;
        if(i < 4) { /* a header packet */
           take vs->headers[i]
        } else {
           take  vs->last_packet
        }

i < 4 is always true, so the else branch is never executed. Also, vs->headers is declared as follow: vcut_packet headers[3]; So, vs->headers[3] is out of range.

Alpt commented 4 years ago

This issue was already mentioned in pull request https://github.com/xiph/vorbis-tools/pull/23