Skip to content

A potential bug of NPD #92

New issue
New issue
Open
Open
A potential bug of NPD#92
@ash1852

Description

@ash1852
ash1852
opened on Sep 5, 2022

Hi, I found a potential null pointer dereference bug in the project source code of vorbis, and I have shown the execution sequence of the program that may generate the bug on the graph below. The red text illustrates the steps that generate the bug, the red arrows represent the control flow,the file path can be seen in the blue framed section.
1662360760592

Although the code shown is for version 1.3.6 but is still exist in current version

vorbis/lib/vorbisfile.c

Lines 898 to 902 in 84c0236

if(initial){
char *buffer=ogg_sync_buffer(&vf->oy,ibytes);
memcpy(buffer,initial,ibytes);
ogg_sync_wrote(&vf->oy,ibytes);
}

would you can help to check if this bug is true?thank you for your effort and patience!

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions