[gentoo-commits] repo/gentoo:master commit in: media-libs/libogg/, media-libs/libogg/files/

Tue, 11 Mar 2025 18:35:04 -0700 

commit:     767a62880d889b0280969d8520bd9783b40363a3
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Sun Mar  9 08:28:54 2025 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Sun Mar  9 08:28:54 2025 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=767a6288

media-libs/libogg: fix UBSAN issue

Similar to a921e04dff46b220e8be2f32d10ab10a98038a92.

Signed-off-by: Sam James <sam <AT> gentoo.org>

 .../libogg/files/libogg-1.3.5-ubsan-shift.patch    | 138 +++++++++++++++++++++
 media-libs/libogg/libogg-1.3.5-r2.ebuild           |  34 +++++
 2 files changed, 172 insertions(+)

diff --git a/media-libs/libogg/files/libogg-1.3.5-ubsan-shift.patch 
b/media-libs/libogg/files/libogg-1.3.5-ubsan-shift.patch
new file mode 100644
index 000000000000..79dcb9e1ce0a
--- /dev/null
+++ b/media-libs/libogg/files/libogg-1.3.5-ubsan-shift.patch
@@ -0,0 +1,138 @@
+https://gitlab.xiph.org/xiph/ogg/-/commit/7cf42ea17aef7bc1b7b21af70724840a96c2e7d0
+
+From 7cf42ea17aef7bc1b7b21af70724840a96c2e7d0 Mon Sep 17 00:00:00 2001
+From: "Timothy B. Terriberry" <[email protected]>
+Date: Tue, 11 Jun 2024 03:54:24 -0700
+Subject: [PATCH] Fix UB reported by UBsan.
+
+Also fix other instances of similar patterns.
+
+Thanks to kunitoki for the report.
+
+Fixes #2305
+--- a/src/bitwise.c
++++ b/src/bitwise.c
+@@ -284,13 +284,13 @@ long oggpack_look(oggpack_buffer *b,int bits){
+ 
+   ret=b->ptr[0]>>b->endbit;
+   if(bits>8){
+-    ret|=b->ptr[1]<<(8-b->endbit);
++    ret|=(unsigned long)b->ptr[1]<<(8-b->endbit);
+     if(bits>16){
+-      ret|=b->ptr[2]<<(16-b->endbit);
++      ret|=(unsigned long)b->ptr[2]<<(16-b->endbit);
+       if(bits>24){
+-        ret|=b->ptr[3]<<(24-b->endbit);
++        ret|=(unsigned long)b->ptr[3]<<(24-b->endbit);
+         if(bits>32 && b->endbit)
+-          ret|=b->ptr[4]<<(32-b->endbit);
++          ret|=(unsigned long)b->ptr[4]<<(32-b->endbit);
+       }
+     }
+   }
+@@ -313,13 +313,13 @@ long oggpackB_look(oggpack_buffer *b,int bits){
+     else if(!bits)return(0L);
+   }
+ 
+-  ret=b->ptr[0]<<(24+b->endbit);
++  ret=(unsigned long)b->ptr[0]<<(24+b->endbit);
+   if(bits>8){
+-    ret|=b->ptr[1]<<(16+b->endbit);
++    ret|=(unsigned long)b->ptr[1]<<(16+b->endbit);
+     if(bits>16){
+-      ret|=b->ptr[2]<<(8+b->endbit);
++      ret|=(unsigned long)b->ptr[2]<<(8+b->endbit);
+       if(bits>24){
+-        ret|=b->ptr[3]<<(b->endbit);
++        ret|=(unsigned long)b->ptr[3]<<(b->endbit);
+         if(bits>32 && b->endbit)
+           ret|=b->ptr[4]>>(8-b->endbit);
+       }
+@@ -389,13 +389,13 @@ long oggpack_read(oggpack_buffer *b,int bits){
+ 
+   ret=b->ptr[0]>>b->endbit;
+   if(bits>8){
+-    ret|=b->ptr[1]<<(8-b->endbit);
++    ret|=(unsigned long)b->ptr[1]<<(8-b->endbit);
+     if(bits>16){
+-      ret|=b->ptr[2]<<(16-b->endbit);
++      ret|=(unsigned long)b->ptr[2]<<(16-b->endbit);
+       if(bits>24){
+-        ret|=b->ptr[3]<<(24-b->endbit);
++        ret|=(unsigned long)b->ptr[3]<<(24-b->endbit);
+         if(bits>32 && b->endbit){
+-          ret|=b->ptr[4]<<(32-b->endbit);
++          ret|=(unsigned long)b->ptr[4]<<(32-b->endbit);
+         }
+       }
+     }
+@@ -430,13 +430,13 @@ long oggpackB_read(oggpack_buffer *b,int bits){
+     else if(!bits)return(0L);
+   }
+ 
+-  ret=b->ptr[0]<<(24+b->endbit);
++  ret=(unsigned long)b->ptr[0]<<(24+b->endbit);
+   if(bits>8){
+-    ret|=b->ptr[1]<<(16+b->endbit);
++    ret|=(unsigned long)b->ptr[1]<<(16+b->endbit);
+     if(bits>16){
+-      ret|=b->ptr[2]<<(8+b->endbit);
++      ret|=(unsigned long)b->ptr[2]<<(8+b->endbit);
+       if(bits>24){
+-        ret|=b->ptr[3]<<(b->endbit);
++        ret|=(unsigned long)b->ptr[3]<<(b->endbit);
+         if(bits>32 && b->endbit)
+           ret|=b->ptr[4]>>(8-b->endbit);
+       }
+--- a/src/framing.c
++++ b/src/framing.c
+@@ -349,12 +349,13 @@ int ogg_stream_packetin(ogg_stream_state *os,ogg_packet 
*op){
+ static int ogg_stream_flush_i(ogg_stream_state *os,ogg_page *og, int force, 
int nfill){
+   int i;
+   int vals=0;
+-  int maxvals=(os->lacing_fill>255?255:os->lacing_fill);
++  int maxvals;
+   int bytes=0;
+   long acc=0;
+   ogg_int64_t granule_pos=-1;
+ 
+   if(ogg_stream_check(os)) return(0);
++  maxvals=(os->lacing_fill>255?255:os->lacing_fill);
+   if(maxvals==0) return(0);
+ 
+   /* construct a page */
+@@ -639,12 +640,15 @@ int ogg_sync_wrote(ogg_sync_state *oy, long bytes){
+ */
+ 
+ long ogg_sync_pageseek(ogg_sync_state *oy,ogg_page *og){
+-  unsigned char *page=oy->data+oy->returned;
++  unsigned char *page;
+   unsigned char *next;
+-  long bytes=oy->fill-oy->returned;
++  long bytes;
+ 
+   if(ogg_sync_check(oy))return 0;
+ 
++  page=oy->data+oy->returned;
++  bytes=oy->fill-oy->returned;
++
+   if(oy->headerbytes==0){
+     int headerbytes,i;
+     if(bytes<27)return(0); /* not enough for a header */
+@@ -1086,11 +1090,11 @@ void print_header(ogg_page *og){
+           (int)og->header[4],(int)og->header[5]);
+ 
+   fprintf(stderr,"  granulepos: %d  serialno: %d  pageno: %ld\n",
+-          (og->header[9]<<24)|(og->header[8]<<16)|
++          ((unsigned)og->header[9]<<24)|(og->header[8]<<16)|
+           (og->header[7]<<8)|og->header[6],
+-          (og->header[17]<<24)|(og->header[16]<<16)|
++          ((unsigned)og->header[17]<<24)|(og->header[16]<<16)|
+           (og->header[15]<<8)|og->header[14],
+-          ((long)(og->header[21])<<24)|(og->header[20]<<16)|
++          ((long)((unsigned)og->header[21])<<24)|(og->header[20]<<16)|
+           (og->header[19]<<8)|og->header[18]);
+ 
+   fprintf(stderr,"  checksum: %02x:%02x:%02x:%02x\n  segments: %d (",
+-- 
+GitLab

diff --git a/media-libs/libogg/libogg-1.3.5-r2.ebuild 
b/media-libs/libogg/libogg-1.3.5-r2.ebuild
new file mode 100644
index 000000000000..c87c3c112e4d
--- /dev/null
+++ b/media-libs/libogg/libogg-1.3.5-r2.ebuild
@@ -0,0 +1,34 @@
+# Copyright 1999-2025 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit multilib-minimal
+
+DESCRIPTION="The Ogg media file format library"
+HOMEPAGE="https://xiph.org/ogg/";
+SRC_URI="https://downloads.xiph.org/releases/ogg/${P}.tar.xz";
+
+LICENSE="BSD"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~loong ~m68k ~mips ~ppc ~ppc64 
~riscv ~s390 ~sparc ~x86 ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos 
~x64-solaris"
+IUSE="static-libs"
+
+PATCHES=(
+       "${FILESDIR}"/${PN}-1.3.4-libdir-m4.patch
+       "${FILESDIR}"/${PN}-1.3.5-macro-wstrict-prototypes.patch
+       "${FILESDIR}"/${P}-ubsan-shift.patch
+)
+
+MULTILIB_WRAPPED_HEADERS=(
+       /usr/include/ogg/config_types.h
+)
+
+multilib_src_configure() {
+       ECONF_SOURCE="${S}" econf $(use_enable static-libs static)
+}
+
+multilib_src_install_all() {
+       einstalldocs
+       find "${ED}" -type f -name "*.la" -delete || die
+}

Reply via email to