CMake build #10
Comments
|
This is how I include libtheora in my CMake project: set(THEORA_SRC_DIR ${CMAKE_CURRENT_SOURCE_DIR}/theora)
if ((NOT EXISTS ${THEORA_SRC_DIR}) OR (NOT EXISTS ${THEORA_SRC_DIR}/CMakeLists.txt))
execute_process(COMMAND git clone -b v1.1.1
https://git.xiph.org/theora.git
WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/)
endif()
add_library(theoradec OBJECT ${LIBTHEORA_DEC} "${THEORA_SRC_DIR}/lib/apiwrapper.c"
"${THEORA_SRC_DIR}/lib/bitpack.c" "${THEORA_SRC_DIR}/lib/dequant.c"
"${THEORA_SRC_DIR}/lib/fragment.c" "${THEORA_SRC_DIR}/lib/idct.c"
"${THEORA_SRC_DIR}/lib/info.c" "${THEORA_SRC_DIR}/lib/internal.c"
"${THEORA_SRC_DIR}/lib/state.c" "${THEORA_SRC_DIR}/lib/quant.c"
"${THEORA_SRC_DIR}/lib/decapiwrapper.c" "${THEORA_SRC_DIR}/lib/decinfo.c"
"${THEORA_SRC_DIR}/lib/decode.c" "${THEORA_SRC_DIR}/lib/huffdec.c")
target_include_directories(theoradec PRIVATE ${OGG_INCLUDE_DIRS}
"${THEORA_SRC_DIR}/include")
target_compile_options(theoradec PRIVATE -Wno-shift-negative-value
-Wno-shift-op-parentheses) |
|
@jhasse Thanks, that works! Would be nice to have an official cmakelists though |
UnionTech-Software
added a commit
to UnionTech-Software/theora
that referenced
this issue
Dec 23, 2024
When calling the function th_decode_ceaderin through constructed data, it will cause the len value in the oc_fuff_tree_unpack function to be -1 when subsequent functions run, resulting in the problem of negative displacement. This modification is to avoid len being negative
huffdec.c:228:27: runtime error: shift exponent -1 is negative
#0 0x5d471012bfd0 in oc_huff_tree_unpack /home/uos/libtheora-18570/theora/lib/huffdec.c:228
xiph#1 0x5d471012c134 in oc_huff_trees_unpack /home/uos/libtheora-18570/theora/lib/huffdec.c:392
xiph#2 0x5d471010a98c in oc_setup_unpack /home/uos/libtheora-18570/theora/lib/decinfo.c:169
xiph#3 0x5d471010a98c in oc_dec_headerin /home/uos/libtheora-18570/theora/lib/decinfo.c:238
xiph#4 0x5d471010a98c in th_decode_headerin /home/uos/libtheora-18570/theora/lib/decinfo.c:266
xiph#5 0x5d47100fd638 in TheoraDecoder::initialize() /home/uos/libtheora-18570/libtheora-18570/fuzzer.cpp:66
xiph#6 0x5d47100ffa76 in TheoraDecoder::Run() /home/uos/libtheora-18570/libtheora-18570/fuzzer.cpp:180
xiph#7 0x5d47100ffe48 in main /home/uos/libtheora-18570/libtheora-18570/fuzzer.cpp:240
xiph#8 0x7cc9a5e29d8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
xiph#9 0x7cc9a5e29e3f in __libc_start_main_impl ../csu/libc-start.c:392
xiph#10 0x5d47100f9964 in _start (/home/uos/libtheora-18570/libtheora-18570/poc1+0x83964)
ePirat
pushed a commit
that referenced
this issue
Mar 10, 2025
When calling the function th_decode_ceaderin through constructed data,
it will cause the len value in the oc_fuff_tree_unpack function to be
-1 when subsequent functions run, resulting in the problem of negative
displacement. This modification is to avoid len being negative
huffdec.c:228:27: runtime error: shift exponent -1 is negative
#0 0x5d471012bfd0 in oc_huff_tree_unpack /home/uos/libtheora-18570/theora/lib/huffdec.c:228
#1 0x5d471012c134 in oc_huff_trees_unpack /home/uos/libtheora-18570/theora/lib/huffdec.c:392
#2 0x5d471010a98c in oc_setup_unpack /home/uos/libtheora-18570/theora/lib/decinfo.c:169
#3 0x5d471010a98c in oc_dec_headerin /home/uos/libtheora-18570/theora/lib/decinfo.c:238
#4 0x5d471010a98c in th_decode_headerin /home/uos/libtheora-18570/theora/lib/decinfo.c:266
#5 0x5d47100fd638 in TheoraDecoder::initialize() /home/uos/libtheora-18570/libtheora-18570/fuzzer.cpp:66
#6 0x5d47100ffa76 in TheoraDecoder::Run() /home/uos/libtheora-18570/libtheora-18570/fuzzer.cpp:180
#7 0x5d47100ffe48 in main /home/uos/libtheora-18570/libtheora-18570/fuzzer.cpp:240
#8 0x7cc9a5e29d8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
#9 0x7cc9a5e29e3f in __libc_start_main_impl ../csu/libc-start.c:392
#10 0x5d47100f9964 in _start (/home/uos/libtheora-18570/libtheora-18570/poc1+0x83964)
Addresses CVE-2024-56431.
Fixes github pull request #19.
Signed-off-by: Petter Reinholdtsen <pere@hungry.com>
ePirat
pushed a commit
that referenced
this issue
Mar 10, 2025
A crash was discovered using input fuzzying, in th_decode_ceaderin()
where the len value in the oc_fuff_tree_unpack() can end up as -1.
Added a check to ensure this do not happen.
Based on feedback from Timothy B. Terriberry.
The issue was discovered using gcc sanitazion, which reported the following:
huffdec.c:228:27: runtime error: shift exponent -1 is negative
#0 0x5d471012bfd0 in oc_huff_tree_unpack /home/uos/libtheora-18570/theora/lib/huffdec.c:228
#1 0x5d471012c134 in oc_huff_trees_unpack /home/uos/libtheora-18570/theora/lib/huffdec.c:392
#2 0x5d471010a98c in oc_setup_unpack /home/uos/libtheora-18570/theora/lib/decinfo.c:169
#3 0x5d471010a98c in oc_dec_headerin /home/uos/libtheora-18570/theora/lib/decinfo.c:238
#4 0x5d471010a98c in th_decode_headerin /home/uos/libtheora-18570/theora/lib/decinfo.c:266
#5 0x5d47100fd638 in TheoraDecoder::initialize() /home/uos/libtheora-18570/libtheora-18570/fuzzer.cpp:66
#6 0x5d47100ffa76 in TheoraDecoder::Run() /home/uos/libtheora-18570/libtheora-18570/fuzzer.cpp:180
#7 0x5d47100ffe48 in main /home/uos/libtheora-18570/libtheora-18570/fuzzer.cpp:240
#8 0x7cc9a5e29d8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
#9 0x7cc9a5e29e3f in __libc_start_main_impl ../csu/libc-start.c:392
#10 0x5d47100f9964 in _start (/home/uos/libtheora-18570/libtheora-18570/poc1+0x83964)
Fixes github pull request #19.
|
This issue is reported upstream as https://gitlab.xiph.org/xiph/theora/-/issues/2316 and should probably be closed here. Unless someone show up to explain which problem cmake solve and provide a brushed up patch upstream, a fix is unlikely to make it into the coming weekends release. |
# for free
to join this conversation on GitHub.
Already have an account?
# to comment
Hi, I see a cmake build option for both ogg and vorbis, but not this great theora library. It would be great to be able to request one.
The text was updated successfully, but these errors were encountered: