mirrors/flac
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

libFLAC/bitreader.c: Fix OOB read

Browse Source 
Credit: OSS-Fuzz
Issue: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16457
Testcase: fuzzer_decoder-5076189185572864
This commit is contained in:
Erik de Castro Lopo 2019-08-25 16:14:53 +10:00
parent 04974d2715
commit c34c3459b5
1 changed files with 8 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
src/libFLAC/bitreader.c
View File

@ -131,16 +131,19 @@ static inline void crc16_update_block_(FLAC__BitReader *br)
if(br->consumed_words > br->crc16_offset && br->crc16_align)
crc16_update_word_(br, br->buffer[br->crc16_offset++]);
/* Prevent OOB read due to wrap-around. */
if (br->consumed_words > br->crc16_offset) {
#if FLAC__BYTES_PER_WORD == 4
br->read_crc16 = FLAC__crc16_update_words32(br->buffer + br->crc16_offset, br->consumed_words - br->crc16_offset, br->read_crc16);
br->read_crc16 = FLAC__crc16_update_words32(br->buffer + br->crc16_offset, br->consumed_words - br->crc16_offset, br->read_crc16);
#elif FLAC__BYTES_PER_WORD == 8
br->read_crc16 = FLAC__crc16_update_words64(br->buffer + br->crc16_offset, br->consumed_words - br->crc16_offset, br->read_crc16);
br->read_crc16 = FLAC__crc16_update_words64(br->buffer + br->crc16_offset, br->consumed_words - br->crc16_offset, br->read_crc16);
#else
unsigned i;
unsigned i;
for(i = br->crc16_offset; i < br->consumed_words; i++)
crc16_update_word_(br, br->buffer[i]);
for (i = br->crc16_offset; i < br->consumed_words; i++)
crc16_update_word_(br, br->buffer[i]);
#endif
}
br->crc16_offset = 0;
}