Bug#370144: marked as done (specialy crafted WAV turns mkvmerge into a malloc bomb)

Wed, 16 Aug 2006 23:53:45 -0700 

Your message dated Wed, 16 Aug 2006 23:32:23 -0700
with message-id <[EMAIL PROTECTED]>
and subject line Bug#370144: fixed in mkvtoolnix 1.7.0-2
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message --- 
Package: mkvtoolnix
Version: 1.7.0-1
Severity: normal
Tags: security

If the "wBitsPerSample" parameter (last field in "fmt " chunk, normaly 0x22
file offset) is set to 4 in a WAV file, mkvmerge becomes a malloc bomb when
attempting to demux it.

mkvmerge v1.7.0 ('What Do You Take Me For') built on Jun  3 2006 16:39:55
'evil.wav': Using the WAV demultiplexer.
'evil.wav' track 0: Using the PCM output module.
The file 'out' has been opened for writing.

[boom]
^C
Warning: mkvmerge received a SIGINT (probably because the user pressed Ctrl+C). 
\
Trying to sanitize the file. If mkvmerge hangs during this process you'll have \
to kill it manually.
[...]

-- System Information:
Debian Release: testing/unstable
  APT prefers testing
  APT policy: (500, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.8-12-amd64-k8
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL 
set to en_US.UTF-8)

Versions of packages mkvtoolnix depends on:
ii  libbz2-1.0                    1.0.3-2    high-quality block-sorting file co
ii  libc6                         2.3.6-7    GNU C Library: Shared libraries
ii  libexpat1                     1.95.8-3.2 XML parsing C library - runtime li
ii  libflac7                      1.1.2-3.1  Free Lossless Audio Codec - runtim
ii  libgcc1                       1:4.1.0-1  GCC support library
ii  liblzo1                       1.08-3     data compression library (old vers
ii  libmagic1                     4.17-1     File type determination library us
ii  libogg0                       1.1.3-2    Ogg Bitstream Library
ii  libstdc++6                    4.1.0-1    The GNU Standard C++ Library v3
ii  libvorbis0a                   1.1.2-1    The Vorbis General Audio Compressi
ii  zlib1g                        1:1.2.3-11 compression library - runtime

Versions of packages mkvtoolnix recommends:
pn  mkvtoolnix-gui                <none>     (no description available)

-- no debconf information

--- End Message ---
--- Begin Message --- 
Source: mkvtoolnix
Source-Version: 1.7.0-2

We believe that the bug you reported is fixed in the latest version of
mkvtoolnix, which is due to be installed in the Debian FTP archive:

mkvtoolnix-gui_1.7.0-2_i386.deb
  to pool/main/m/mkvtoolnix/mkvtoolnix-gui_1.7.0-2_i386.deb
mkvtoolnix_1.7.0-2.diff.gz
  to pool/main/m/mkvtoolnix/mkvtoolnix_1.7.0-2.diff.gz
mkvtoolnix_1.7.0-2.dsc
  to pool/main/m/mkvtoolnix/mkvtoolnix_1.7.0-2.dsc
mkvtoolnix_1.7.0-2_i386.deb
  to pool/main/m/mkvtoolnix/mkvtoolnix_1.7.0-2_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Clément Stenac <[EMAIL PROTECTED]> (supplier of updated mkvtoolnix package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Thu, 17 Aug 2006 08:18:27 +0200
Source: mkvtoolnix
Binary: mkvtoolnix-gui mkvtoolnix
Architecture: source i386
Version: 1.7.0-2
Distribution: unstable
Urgency: high
Maintainer: Clément Stenac <[EMAIL PROTECTED]>
Changed-By: Clément Stenac <[EMAIL PROTECTED]>
Description: 
 mkvtoolnix - Set of command-line tools to work with Matroska files
 mkvtoolnix-gui - Set of tools to work with Matroska files - GUI frontend
Closes: 370144
Changes: 
 mkvtoolnix (1.7.0-2) unstable; urgency=high
 .
   * Fix WAV handling crash (Closes:#370144)
   * Switch to Quilt for patch management
Files: 
 500dcb62321b5e2225f68aeb1e85e465 792 graphics optional mkvtoolnix_1.7.0-2.dsc
 58b764bf2e1b6d1a9d719129b2419a98 29427 graphics optional 
mkvtoolnix_1.7.0-2.diff.gz
 88cfc34af74e703c3865cf1b77441491 1400532 graphics optional 
mkvtoolnix_1.7.0-2_i386.deb
 3e61a99458a3453834e978db5397d3fb 885086 graphics optional 
mkvtoolnix-gui_1.7.0-2_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFE5Au6rSbtgqbIBbkRAgg7AJ9SGDYe81MEbjqRvM/lOnQXQk1ODgCgqLaz
S7Jga0EhCun5ZzPwP4ykV4A=
=/QCL
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to