Bug 481601 - Fix crash in [@ _vorbis_block_ripcord - vorbis_block_clear] - r=conrad.parker

media/libfishsound/README_MOZILLA

@@ -7,3 +7,4 @@ Some files are renamed during the copy to prevent clashes with object
 file names with other Mozilla libraries.
 
 endian.patch is applied to fix Bug 45269.
+bu481601.patch is applied to fix bug 481601.

media/libfishsound/bug481601.patch

@@ -0,0 +1,23 @@
+diff --git a/media/libfishsound/src/libfishsound/fishsound_vorbis.c b/media/libfishsound/src/libfishsound/fishsound_vorbis.c
+index 0c93a35..b1efc48 100644
+--- a/media/libfishsound/src/libfishsound/fishsound_vorbis.c
++++ b/media/libfishsound/src/libfishsound/fishsound_vorbis.c
+@@ -423,16 +423,18 @@ fs_vorbis_init (FishSound * fsound)
+ 
+   fsv = fs_malloc (sizeof (FishSoundVorbisInfo));
+   if (fsv == NULL) return NULL;
+ 
+   fsv->packetno = 0;
+   fsv->finished = 0;
+   vorbis_info_init (&fsv->vi);
+   vorbis_comment_init (&fsv->vc);
++  vorbis_dsp_init (&fsv->vd);
++  vorbis_block_init (&fsv->vd, &fsv->vb);
+   fsv->pcm = NULL;
+   fsv->ipcm = NULL;
+   fsv->max_pcm = 0;
+ 
+   fsound->codec_data = fsv;
+ 
+ #if FS_ENCODE && HAVE_VORBISENC
+ 

media/libfishsound/src/libfishsound/fishsound_vorbis.c

@@ -428,6 +428,8 @@ fs_vorbis_init (FishSound * fsound)
   fsv->finished = 0;
   vorbis_info_init (&fsv->vi);
   vorbis_comment_init (&fsv->vc);
+  vorbis_dsp_init (&fsv->vd);
+  vorbis_block_init (&fsv->vd, &fsv->vb);
   fsv->pcm = NULL;
   fsv->ipcm = NULL;
   fsv->max_pcm = 0;

media/libfishsound/update.sh

@@ -39,3 +39,4 @@ cp $1/src/libfishsound/fs_vector.c ./src/libfishsound/fs_vector.c
 cp $1/src/libfishsound/convert.h ./src/libfishsound/convert.h
 cp $1/AUTHORS ./AUTHORS
 patch -p4 <endian.patch
+patch -p3 <bug481601.patch

media/libvorbis/README_MOZILLA

@@ -10,4 +10,4 @@ BUG 455372 - WinCE LibVorbis No FPU Support on WinMobile, removed FPU
 support for builds with WINCE defined.
 
 BUG 469639 - Failed to build firefox trunk on OpenSolaris
-
+bug481601.patch is appled to fix bug 481601.

media/libvorbis/bug481601.patch

@@ -0,0 +1,66 @@
+diff --git a/media/libvorbis/include/vorbis/codec.h b/media/libvorbis/include/vorbis/codec.h
+index b23fe0a..c62b2d5 100644
+--- a/media/libvorbis/include/vorbis/codec.h
++++ b/media/libvorbis/include/vorbis/codec.h
+@@ -170,16 +170,17 @@ extern void     vorbis_comment_add(vorbis_comment *vc, char *comment);
+ extern void     vorbis_comment_add_tag(vorbis_comment *vc,
+ 				       char *tag, char *contents);
+ extern char    *vorbis_comment_query(vorbis_comment *vc, char *tag, int count);
+ extern int      vorbis_comment_query_count(vorbis_comment *vc, char *tag);
+ extern void     vorbis_comment_clear(vorbis_comment *vc);
+ 
+ extern int      vorbis_block_init(vorbis_dsp_state *v, vorbis_block *vb);
+ extern int      vorbis_block_clear(vorbis_block *vb);
++extern void     vorbis_dsp_init(vorbis_dsp_state *v);
+ extern void     vorbis_dsp_clear(vorbis_dsp_state *v);
+ extern double   vorbis_granule_time(vorbis_dsp_state *v,
+ 				    ogg_int64_t granulepos);
+ 
+ /* Vorbis PRIMITIVES: analysis/DSP layer ****************************/
+ 
+ extern int      vorbis_analysis_init(vorbis_dsp_state *v,vorbis_info *vi);
+ extern int      vorbis_commentheader_out(vorbis_comment *vc, ogg_packet *op);
+diff --git a/media/libvorbis/lib/vorbis_block.c b/media/libvorbis/lib/vorbis_block.c
+index 3b6f456..d7f5974 100644
+--- a/media/libvorbis/lib/vorbis_block.c
++++ b/media/libvorbis/lib/vorbis_block.c
+@@ -84,18 +84,16 @@ static int ilog2(unsigned int v){
+ #ifndef WORD_ALIGN
+ #define WORD_ALIGN 8
+ #endif
+ 
+ int vorbis_block_init(vorbis_dsp_state *v, vorbis_block *vb){
+   int i;
+   memset(vb,0,sizeof(*vb));
+   vb->vd=v;
+-  vb->localalloc=0;
+-  vb->localstore=NULL;
+   if(v->analysisp){
+     vorbis_block_internal *vbi=
+       vb->internal=_ogg_calloc(1,sizeof(vorbis_block_internal));
+     vbi->ampmax=-9999;
+ 
+     for(i=0;i<PACKETBLOBS;i++){
+       if(i==PACKETBLOBS/2){
+ 	vbi->packetblob[i]=&vb->opb;
+@@ -295,16 +293,20 @@ int vorbis_analysis_init(vorbis_dsp_state *v,vorbis_info *vi){
+ 
+   /* compressed audio packets start after the headers
+      with sequence number 3 */
+   v->sequence=3;
+ 
+   return(0);
+ }
+ 
++void vorbis_dsp_init(vorbis_dsp_state *v){
++  memset(v,0,sizeof(*v));
++}
++
+ void vorbis_dsp_clear(vorbis_dsp_state *v){
+   int i;
+   if(v){
+     vorbis_info *vi=v->vi;
+     codec_setup_info *ci=(vi?vi->codec_setup:NULL);
+     private_state *b=v->backend_state;
+ 
+     if(b){

media/libvorbis/include/vorbis/codec.h

@@ -175,6 +175,7 @@ extern void     vorbis_comment_clear(vorbis_comment *vc);
 
 extern int      vorbis_block_init(vorbis_dsp_state *v, vorbis_block *vb);
 extern int      vorbis_block_clear(vorbis_block *vb);
+extern void     vorbis_dsp_init(vorbis_dsp_state *v);
 extern void     vorbis_dsp_clear(vorbis_dsp_state *v);
 extern double   vorbis_granule_time(vorbis_dsp_state *v,
 				    ogg_int64_t granulepos);

media/libvorbis/lib/vorbis_block.c

@@ -89,8 +89,6 @@ int vorbis_block_init(vorbis_dsp_state *v, vorbis_block *vb){
   int i;
   memset(vb,0,sizeof(*vb));
   vb->vd=v;
-  vb->localalloc=0;
-  vb->localstore=NULL;
   if(v->analysisp){
     vorbis_block_internal *vbi=
       vb->internal=_ogg_calloc(1,sizeof(vorbis_block_internal));
@@ -300,6 +298,10 @@ int vorbis_analysis_init(vorbis_dsp_state *v,vorbis_info *vi){
   return(0);
 }
 
+void vorbis_dsp_init(vorbis_dsp_state *v){
+  memset(v,0,sizeof(*v));
+}
+
 void vorbis_dsp_clear(vorbis_dsp_state *v){
   int i;
   if(v){

media/libvorbis/update.sh

@@ -47,3 +47,4 @@ cp $1/COPYING ./COPYING
 cp $1/README ./README
 cp $1/AUTHORS ./AUTHORS
 patch -p3 < ./alloca.diff
+patch -p3 <./bug481601.patch