Vorbis dev - Dec 2004 - Crash when reading OGG/Vorbis file

I'm seeing a crash when reading an OGG/Vorbis file.  I'm using OGG 1.0 
/ Vorbis 1.0.

The crash occurs in _vds_shared_init because the passed in vorbis_info 
*vi points to a structure containing all 0s (and thus crashes on the 
line

b->modebits = ilog2(ci->modes);

as ci is NULL.

Following the stack, I see that _vds_shared_init is called by 
vorbis_synthesis_init which is called by _make_decode_ready by the line

vorbis_syntesis_init(&vf->vd, vf->vi + vf->current_link);

At this point in the vf structure, links = 7.  Looking at the vb->vi 
array I see that elements 0 and 5 are initialized structures, but 1, 2, 
3, 4, and 6 are all 0.

My company provides a tool that reads and writes OGG/Vorbis files and 
the file that is causing this crash is from one of our customers.  At 
this point, I don't know where the file came from or how it was 
created.  I suppose it could be a corrupted or malformed file.

Any help would be greatly appreciated.

-Stevo Brock
  Skyward Studios
  www.monkey-tools.com

On Monday 20 December 2004 10:32, Stevo Brock wrote:
> I'm seeing a crash when reading an OGG/Vorbis file.  I'm using OGG
1.0
> / Vorbis 1.0.
>
> The crash occurs in _vds_shared_init because the passed in vorbis_info
> *vi points to a structure containing all 0s (and thus crashes on the
> line
Thanks for the detailed description.

Could you provide this file to us (off-list, though - either directly to me 
via email, or putting it up on a website somewhere), so that we can figure 
out what's going wrong?

I'd be very surprised if the file was valid - vorbisfile should probably be 
rejecting it, but ideally, it should not be possible to crash vorbisfile with 
invalid input. So any file that can cause a crash would be welcome!

Additionally, I'd very strongly recommend you upgrade to vorbis 1.1. This 
particular problem doesn't sound like anything I remember being fixed in
1.1,
but many other bugs were, and encoder quality was also improved.

Mike