Limit maximum size of bitwriter buffer

In the past, various bugs have triggered libFLAC to write enormous coded residuals. While these bugs have been fixed, this check is added to limit the impact of possible remaining or future bugs When a bitwriter is grown past the maximum sane size of a frame (8 channels of 65535 samples with 24 + 4 bits per sample) this indicates that such a bug was triggered. Instead of a possible crash or creating unreadable files, bitwriter_grow_ fails as if it could not allocate more memory.
2022-01-12 13:11:48 +01:00 · 2022-01-12 13:11:48 +01:00 · 21d0640ea9
parent 2e50ea341d
commit 21d0640ea9
1 changed files with 7 additions and 0 deletions
--- a/src/libFLAC/bitwriter.c
+++ b/src/libFLAC/bitwriter.c
@ -38,7 +38,9 @@
 #include <string.h>
 #include "private/bitwriter.h"
 #include "private/crc.h"
+#include "private/format.h"
 #include "private/macros.h"
+#include "private/stream_encoder.h"
 #include "FLAC/assert.h"
 #include "share/alloc.h"
 #include "share/compat.h"
@ -116,6 +118,11 @@ FLAC__bool bitwriter_grow_(FLAC__BitWriter *bw, uint32_t bits_to_add)
 	if(bw->capacity >= new_capacity)
 		return true;

+	if(new_capacity * sizeof(bwword) > FLAC__MAX_BLOCK_SIZE * FLAC__MAX_CHANNELS * (FLAC__REFERENCE_CODEC_MAX_BITS_PER_SAMPLE + FLAC__MAX_EXTRA_RESIDUAL_BPS) / 8)
+		/* Requested new capacity is larger than the largest sane framesize.
+		 * That means something went very wrong somewhere. To prevent chrashing, give up */
+		return false;
+
 	/* round up capacity increase to the nearest FLAC__BITWRITER_DEFAULT_INCREMENT */
 	if((new_capacity - bw->capacity) % FLAC__BITWRITER_DEFAULT_INCREMENT)
 		new_capacity += FLAC__BITWRITER_DEFAULT_INCREMENT - ((new_capacity - bw->capacity) % FLAC__BITWRITER_DEFAULT_INCREMENT);