An output file was being set to read only and hence could not be
overwritten by a later test. Not sure why this only affected the
'make distcheck' target.
A malformed file (generated by AFL) had a 'samples_left_to_process' value
of greater than the actual numbe of samples. When re-encoding the decoder
would get to the end of the file and then continuously return a decode
status of FLAC__STREAM_DECODER_END_OF_STREAM, causing an infinite loop.
Solution is to break out of the loop on two consecutive end-of-stream
events.
To avoid crash caused by an unbound LPC decoding when predictor order is
larger than blocksize, the sanity check needs to be moved to the subframe
decoding functions.
Signed-off-by: Erik de Castro Lopo <erikd@mega-nerd.com>
Restrict number of seek points to 32768 total and a maximum of two per
second.
Ten hours of content is 36000 seconds which gives about one seek point
for every second for those ten hours. Also, having more than two seek
point per second makes little sense regardless of content length.
Without these restrictions flac-to-flac encoding of a malformed input
file (eg something generated with http://lcamtuf.coredump.cx/afl/)
can result in an attempt to generate a stupidly large number of seek
points and cause an allocation failure.
* Pipe un-needed strerr output to /dev/null.
* Pass --silent and --no-seektable to the flac executable.
* When generating tones, use --output-name=....
This commit fixes a typo in a console debug message encountered during
encoding. It also fixes a grammatical error in the same message.
Signed-off-by: Erik de Castro Lopo <erikd@mega-nerd.com>
Janne Hyvärinen reported a problem with seeking as a result of the
fix for CVE-2014-9028. This is a different solution to the issue
that should not adversely affect seeking.
This version of the fix for the above CVE has been extensively fuzz
tested using afl (http://lcamtuf.coredump.cx/afl/).
Reported-by: Janne Hyvärinen <cse@sci.fi>
The recent compression preset retuning improved upon most material
but it the few tracks that show regression are usually classical
music. This patch improves compression by improving the LPC order
guess, of which classical music benefits most.
Improvement is 0.007% on average but up to 0.1%. I haven't seen
regressions for any of my test samples.
Signed-off-by: Erik de Castro Lopo <erikd@mega-nerd.com>
The commit http://git.xiph.org/?p=flac.git;a=commit;h=e9d805dd4374
changed the that calculate autocorrelation. However, the new code
worked slightly (about 4%) slower on Core 2, but with the new
presets the speed decrease can reach ~25%.
This patch enables both old and new functions and chooses between
them at runtime.
Patch-from: lvqcl <lvqcl.mail@gmail.com>
The '-g' was in-correctly getting zapped from all CFLAGS expressions
including eg:
-mfloat-gprs=double (for powerpc e500) -> -mfloatprs=double.
Reported-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
If a file says it contains a stupidly large number of vorbis comments,
the stream decoder would try to allocate enough memory which would fail
returning NULL and then write to that pointer anyway. The solution is
to set a hard limit of 10000 vorbis comments and force num_comments to
zero if the number is too large.
Problem found using the afl (american fuzzy lop) fuzzer.
Closes: https://sourceforge.net/p/flac/bugs/421/
Reported-by : Hanno Böck <hanno@hboeck.de>
This fix is closely related to the fix for CVE-2014-9028. When that
fix went public Miroslav Lichvar noticed a similar potential problem
spot in the same function and was able to craft a file to trigger a
heap write overflow.
Reported-by : Miroslav Lichvar <mlichvar@redhat.com>
Jan Stary reported that on OpenBSD bash isn't located in /bin/
which means that the test fail. He also noted that there didn't
seem to be anything bash specific in the tests.
This patch takes some suggestions from Jan, plus a few fixes tested
on Debian using the bin/sh provided by bash and dash.
Suggested-by: Jan Stary <hans@stare.cz>
This updates one rather important mention of the copyright year
(the encoding/decoding progress display) and a few in the
documentation. Furthermore, it updates the open bug list
Signed-off-by: Erik de Castro Lopo <erikd@mega-nerd.com>
On Mac OSX, the 'wc -c' command returns a number with leading whitespace
which then results in a syntax error when the shell parser expects a
number when it really has a string containing a number. The easy fix is
to use string interpolation.
Closes: https://sourceforge.net/p/flac/bugs/420/
Reported-by: Mark Harris <mark.hsj@gmail.com>