From a46042a92cdf318496da0fa0d67a2d1c27ce15b5 Mon Sep 17 00:00:00 2001
From: Ralph Giles <giles@thaumas.net>
Date: Tue, 6 Sep 2022 19:04:31 -0700
Subject: [PATCH] Propagate allocation failure from ogg_sync_buffer.

Instead of segfault, report OP_EFAULT if ogg_sync_buffer returns
a null pointer. This allows more graceful recovery by the caller
in the unlikely event of a fallable ogg_malloc call.

We do check the return value elsewhere in the code, so the new
checks make the code more consistent.

Thanks to https://github.com/xiph/opusfile/issues/36 for reporting.
---
 src/opusfile.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/opusfile.c b/src/opusfile.c
index ca219b2..3c3c81e 100644
--- a/src/opusfile.c
+++ b/src/opusfile.c
@@ -148,6 +148,7 @@ static int op_get_data(OggOpusFile *_of,int _nbytes){
   int            nbytes;
   OP_ASSERT(_nbytes>0);
   buffer=(unsigned char *)ogg_sync_buffer(&_of->oy,_nbytes);
+  if(OP_UNLIKELY(buffer==NULL))return OP_EFAULT;
   nbytes=(int)(*_of->callbacks.read)(_of->stream,buffer,_nbytes);
   OP_ASSERT(nbytes<=_nbytes);
   if(OP_LIKELY(nbytes>0))ogg_sync_wrote(&_of->oy,nbytes);
@@ -1527,6 +1528,7 @@ static int op_open1(OggOpusFile *_of,
   if(_initial_bytes>0){
     char *buffer;
     buffer=ogg_sync_buffer(&_of->oy,(long)_initial_bytes);
+    if(OP_UNLIKELY(buffer==NULL))return OP_EFAULT;
     memcpy(buffer,_initial_data,_initial_bytes*sizeof(*buffer));
     ogg_sync_wrote(&_of->oy,(long)_initial_bytes);
   }