Ubuntu
vorbis-tools package

oggenc fails when using '--advanced-encode-option disable_coupling' switch and CBR encoding

Bug #948459 reported by eenechuwahxi
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
libvorbis (Ubuntu)
Confirmed
Undecided
Unassigned
Xenial
Fix Released
Undecided
Unassigned
vorbis-tools (Ubuntu)
New
Undecided
Unassigned

Bug Description

Running the following command line in a shell (with in.wav being a commong 16bit 44,1KHz wave file):

oggenc -b 80 -m 80 -M 80 --advanced-encode-option disable_coupling -o out.ogg in.wav

I get the following output:

Mise en route du mécanisme de gestion du débit
Ouverture avec le module wav : WAV file reader
Encodage de "stereo.wav"
         en "out.ogg"
en utilisant la gestion du débit (min 80 kbps, max 80 kbps)
Setting advanced encoder option "disable_coupling"
Erreur de segmentation

Without the '--advanced-encode-option disable_coupling' switch, encoding works as usual.

More about my setup:
Ubuntu 10.10 amd64 (all packages up to date)
vorbis-tools 1.4.0

More information available on demand, this is the first time I file a bug here.

Revision history for this message
Martin Steghöfer (martin-steghoefer) wrote :

I can confirm this with vorbis-tools/1.4.0-6 (in Debian unstable), so I've forwarded this bug report to Debian: https://bugs.debian.org/772877

As soon as I have a little more time, I will look into this.

Revision history for this message
Rodrigo Figueiredo Zaiden (rodrigo-zaiden) wrote :

This bug was fixed in the package libvorbis - 1.3.5-3ubuntu0.2+esm1

---------------
libvorbis (1.3.5-3ubuntu0.2+esm1) xenial-security; urgency=medium

  * SECURITY UPDATE: Out-of-bounds access
    - debian/patches/CVE-2017-14160_CVE-2018-10393-1.patch: add boundaries
      check in bark_noise_hybridmp() in lib/psy.c.
    - debian/patches/CVE-2017-14160_CVE-2018-10393-2.patch: add further
      boundaries checks in bark_noise_hybridmp() in lib/psy.c.
    - debian/patches/CVE-2018-10392.patch: add a validation for channels
      boundaries in vorbis_encode_setup_init() in lib/vorbisenc.c.
    - CVE-2017-14160, CVE-2018-10392, CVE-2018-10393
  * Fix autopkgtest:
    - debian/patches/0003-vorbisenc-detect-if-new-template-is-null.patch:
      check if new_template is NULL at vorbis_encode_ctl() in
      lib/vorbisenc.c.

 -- Rodrigo Figueiredo Zaiden <email address hidden> Wed, 11 May 2022 14:54:32 -0300

no longer affects: vorbis-tools (Ubuntu Xenial)
Changed in libvorbis (Ubuntu Xenial):
status: New → Fix Released
Changed in libvorbis (Ubuntu):
status: New → Confirmed
Revision history for this message
Rodrigo Figueiredo Zaiden (rodrigo-zaiden) wrote :

Upstream issue is: https://gitlab.xiph.org/xiph/vorbis/-/issues/1975
and the solution is the commit: https://gitlab.xiph.org/xiph/vorbis/-/commit/42f2bb2936ea06e3a9a2fc2260988120d6dfc97d

the '--advanced-encode-option disable_coupling' in oggenc is used on autopkgtests for libvorbis.
so, in xenial, it was fixed along with some security updates.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.