Skip to content

Add CPU detection on RISC OS. #5

New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

Add CPU detection on RISC OS. #5

wants to merge 1 commit into from

Conversation

ccawley2011
Copy link
Contributor

No description provided.

rillian
rillian approved these changes Oct 23, 2017
View reviewed changes
Copy link
Contributor

@rillian rillian left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the patch!

@rillian
Copy link
Contributor

rillian commented Oct 23, 2017

Merged in 2df21a6.

@rillian rillian closed this Oct 23, 2017
UnionTech-Software added a commit to UnionTech-Software/theora that referenced this pull request Dec 23, 2024
@UnionTech-Software
Fix the runtime error: shift exponent -1 is negative in huffdec.c
1a1e481 
When calling the function th_decode_ceaderin through constructed data, it will cause the len value in the oc_fuff_tree_unpack function to be -1 when subsequent functions run, resulting in the problem of negative displacement. This modification is to avoid len being negative

huffdec.c:228:27: runtime error: shift exponent -1 is negative
    #0 0x5d471012bfd0 in oc_huff_tree_unpack /home/uos/libtheora-18570/theora/lib/huffdec.c:228
    xiph#1 0x5d471012c134 in oc_huff_trees_unpack /home/uos/libtheora-18570/theora/lib/huffdec.c:392
    xiph#2 0x5d471010a98c in oc_setup_unpack /home/uos/libtheora-18570/theora/lib/decinfo.c:169
    xiph#3 0x5d471010a98c in oc_dec_headerin /home/uos/libtheora-18570/theora/lib/decinfo.c:238
    xiph#4 0x5d471010a98c in th_decode_headerin /home/uos/libtheora-18570/theora/lib/decinfo.c:266
    xiph#5 0x5d47100fd638 in TheoraDecoder::initialize() /home/uos/libtheora-18570/libtheora-18570/fuzzer.cpp:66
    xiph#6 0x5d47100ffa76 in TheoraDecoder::Run() /home/uos/libtheora-18570/libtheora-18570/fuzzer.cpp:180
    xiph#7 0x5d47100ffe48 in main /home/uos/libtheora-18570/libtheora-18570/fuzzer.cpp:240
    xiph#8 0x7cc9a5e29d8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
    xiph#9 0x7cc9a5e29e3f in __libc_start_main_impl ../csu/libc-start.c:392
    xiph#10 0x5d47100f9964 in _start (/home/uos/libtheora-18570/libtheora-18570/poc1+0x83964)
@UnionTech-Software UnionTech-Software mentioned this pull request Dec 23, 2024
Closed
ePirat pushed a commit that referenced this pull request Mar 10, 2025
@UnionTech-Software
Fix the runtime error: shift exponent -1 is negative in huffdec.c
eecd1ad 
When calling the function th_decode_ceaderin through constructed data,
it will cause the len value in the oc_fuff_tree_unpack function to be
-1 when subsequent functions run, resulting in the problem of negative
displacement. This modification is to avoid len being negative

huffdec.c:228:27: runtime error: shift exponent -1 is negative
    #0 0x5d471012bfd0 in oc_huff_tree_unpack /home/uos/libtheora-18570/theora/lib/huffdec.c:228
    #1 0x5d471012c134 in oc_huff_trees_unpack /home/uos/libtheora-18570/theora/lib/huffdec.c:392
    #2 0x5d471010a98c in oc_setup_unpack /home/uos/libtheora-18570/theora/lib/decinfo.c:169
    #3 0x5d471010a98c in oc_dec_headerin /home/uos/libtheora-18570/theora/lib/decinfo.c:238
    #4 0x5d471010a98c in th_decode_headerin /home/uos/libtheora-18570/theora/lib/decinfo.c:266
    #5 0x5d47100fd638 in TheoraDecoder::initialize() /home/uos/libtheora-18570/libtheora-18570/fuzzer.cpp:66
    #6 0x5d47100ffa76 in TheoraDecoder::Run() /home/uos/libtheora-18570/libtheora-18570/fuzzer.cpp:180
    #7 0x5d47100ffe48 in main /home/uos/libtheora-18570/libtheora-18570/fuzzer.cpp:240
    #8 0x7cc9a5e29d8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
    #9 0x7cc9a5e29e3f in __libc_start_main_impl ../csu/libc-start.c:392
    #10 0x5d47100f9964 in _start (/home/uos/libtheora-18570/libtheora-18570/poc1+0x83964)

Addresses CVE-2024-56431.

Fixes github pull request #19.

Signed-off-by: Petter Reinholdtsen <pere@hungry.com>
ePirat pushed a commit that referenced this pull request Mar 10, 2025
Avoided calling __Builting_clz(0) with undefined behaviuor.
0cb634e 
Check if argument is null before using this approach, and just return
zero when the value to do bit count on is zero.

Fixes a issue discovered by --enable-gcc-sanitizers in !31:

  ../../lib/encode.c:1384:49: runtime error: passing zero to clz(),
    which is not a valid argument
    #0 0x7f0af5dae97d in th_encode_ctl ../../lib/encode.c:1384
    #1 0x7f0af5e2eb97 in theora_encode_init ../../lib/encapiwrapper.c:72
    #2 0x55fd4beb18b7 in granulepos_test_encode
     ../../tests/granulepos_theora.c:71
    #3 0x55fd4beb126d in main ../../tests/granulepos_theora.c:137
    #4 0x7f0af51d3249 in __libc_start_call_main
     ../sysdeps/nptl/libc_start_call_main.h:58
    #5 0x7f0af51d3304 in __libc_start_main_impl ../csu/libc-start.c:360
    #6 0x55fd4beb1300 in _start
     (/home/user/libtheora/build/tests/.libs/granulepos_theoraenc+0x2300)

Fixes #2323
ePirat pushed a commit that referenced this pull request Mar 10, 2025
Avoid negative bit shift operatoin in huffdec.c (CVE-2024-56431).
5665f86 
A crash was discovered using input fuzzying, in th_decode_ceaderin()
where the len value in the oc_fuff_tree_unpack() can end up as -1.
Added a check to ensure this do not happen.

Based on feedback from Timothy B. Terriberry.

The issue was discovered using gcc sanitazion, which reported the following:

huffdec.c:228:27: runtime error: shift exponent -1 is negative
    #0 0x5d471012bfd0 in oc_huff_tree_unpack /home/uos/libtheora-18570/theora/lib/huffdec.c:228
    #1 0x5d471012c134 in oc_huff_trees_unpack /home/uos/libtheora-18570/theora/lib/huffdec.c:392
    #2 0x5d471010a98c in oc_setup_unpack /home/uos/libtheora-18570/theora/lib/decinfo.c:169
    #3 0x5d471010a98c in oc_dec_headerin /home/uos/libtheora-18570/theora/lib/decinfo.c:238
    #4 0x5d471010a98c in th_decode_headerin /home/uos/libtheora-18570/theora/lib/decinfo.c:266
    #5 0x5d47100fd638 in TheoraDecoder::initialize() /home/uos/libtheora-18570/libtheora-18570/fuzzer.cpp:66
    #6 0x5d47100ffa76 in TheoraDecoder::Run() /home/uos/libtheora-18570/libtheora-18570/fuzzer.cpp:180
    #7 0x5d47100ffe48 in main /home/uos/libtheora-18570/libtheora-18570/fuzzer.cpp:240
    #8 0x7cc9a5e29d8f in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
    #9 0x7cc9a5e29e3f in __libc_start_main_impl ../csu/libc-start.c:392
    #10 0x5d47100f9964 in _start (/home/uos/libtheora-18570/libtheora-18570/poc1+0x83964)

Fixes github pull request #19.
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers

@rillian rillian rillian approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@ccawley2011 @rillian