mirrors
/
flac
mirror of https://github.com/xiph/flac
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

stream_decoder: fix integer underflow due to malformed wasted_bits 

It is pretty easy for a malformed FLAC file to underflow the "bps"
variable.  In the debug build, this results in an assertion failure in
FLAC__bitreader_read_raw_uint32():

    FLAC__ASSERT(bits <= 32);

In non-debug builds, this simply makes
FLAC__bitreader_read_raw_uint32() fail because
bitreader_read_from_client_() doesn't find enough buffer space for
2**32-1 bits.  But since the failing FLAC_ASSERT() is reasonable, this
should be caught in the FLAC__bitreader_read_raw_uint32() caller.

Signed-off-by: Erik de Castro Lopo <erikd@mega-nerd.com>
Closes: https://github.com/xiph/flac/pull/13
This commit is contained in:
Max Kellermann 2016-07-08 21:29:41 +02:00 committed by Erik de Castro Lopo
parent 0a49fe7788
commit 9949ce15f6
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/libFLAC/stream_decoder.c
View File

@ -2481,6 +2481,8 @@ FLAC__bool read_subframe_(FLAC__StreamDecoder *decoder, unsigned channel, unsign
if(!FLAC__bitreader_read_unary_unsigned(decoder->private_->input, &u))
return false; /* read_callback_ sets the state for us */
decoder->private_->frame.subframes[channel].wasted_bits = u+1;
if (decoder->private_->frame.subframes[channel].wasted_bits >= bps)
return false;
bps -= decoder->private_->frame.subframes[channel].wasted_bits;
}
else