The function FLAC__bitreader_read_raw_int32() triggered undefined behaviour
when sign extending an unsigned value. The Stanford Grahpics bithacks page
provided an alternative that avoided UB.
The new function wraps, realloc() and if the realloc() fails, it
free()s the old pointer.
This is an improvement on the potential realloc() memory leak that
was fixed in 15a9062609.
Still needs fuzzing to validate it.
The american-fuzzy-lop fuzzer found a couple of instances of double
free() resulting from commit 15a9062609.
The problematic free() were the ones associated with use of the
safe_realloc_mul_2op_() function which can call realloc(ptr,0) which
according to the realloc manpage is already an implicit free().
The function get_utf8_argv() was calling LoadLibrary to load msvcrt.dll
but wasn't calling FreeLibrary() if GetProcAddress() fails.
Patch-from: lvqcl <lvqcl.mail@gmail.com>
According to MSDN, stricmp and strnicmp functions are deprecated
since MSVC 2005 and _stricmp/_strnicmp should be used instead.
Patch-from: lvqcl <lvqcl.mail@gmail.com>
For some reason, the build fails when using GCC 4.7 due to the implicit
-finline-functions option passed to the compiler when -O3 is enabled,
which does not happen in newer versions of GCC, probably due to some of
the "General Optimizer Improvements" included in 4.8 (see [1]).
Fortunately, we don't need to disable -finline-functions completely but
just do it for "small functions", which is what this patch does.
[1] https://gcc.gnu.org/gcc-4.8/changes.html
Closes: https://sourceforge.net/p/flac/bugs/429/
Signed-off-by: Erik de Castro Lopo <erikd@mega-nerd.com>
The assert that was removed in bc5113007a, was a result of error
handling in read_metadata_vorbiscomment_() which set obj->num_comments
to zero, without freeing obj->comments and setting it to NULL.
This commit also restores the assert that was removed.
This asset was firing when the build was configured with --enable-debug
and the flac executable was then run under American Fuzzy Lop. Removing
the assert did not cause any other problems, even under AFL.
The x32 architecture uses and ILP32 (32 bit ints, longs and pointers)
on an x86_64 CPU. Since the CPU is x86_64 we need to set FLAC__CPU_X86_64
even though the pointer size is 32 bits.
Patch-from: Stuart Shelton
Closes: https://sourceforge.net/p/flac/bugs/427/
* Correct definition of FLAC__HAS_X86INTRIN in config.h file.
* Correct comparison of sse_os with 'true' instead of 'yes'.
Patch-from: lvqcl <lvqcl.mail@gmail.com>
An output file was being set to read only and hence could not be
overwritten by a later test. Not sure why this only affected the
'make distcheck' target.
A malformed file (generated by AFL) had a 'samples_left_to_process' value
of greater than the actual numbe of samples. When re-encoding the decoder
would get to the end of the file and then continuously return a decode
status of FLAC__STREAM_DECODER_END_OF_STREAM, causing an infinite loop.
Solution is to break out of the loop on two consecutive end-of-stream
events.
To avoid crash caused by an unbound LPC decoding when predictor order is
larger than blocksize, the sanity check needs to be moved to the subframe
decoding functions.
Signed-off-by: Erik de Castro Lopo <erikd@mega-nerd.com>
Restrict number of seek points to 32768 total and a maximum of two per
second.
Ten hours of content is 36000 seconds which gives about one seek point
for every second for those ten hours. Also, having more than two seek
point per second makes little sense regardless of content length.
Without these restrictions flac-to-flac encoding of a malformed input
file (eg something generated with http://lcamtuf.coredump.cx/afl/)
can result in an attempt to generate a stupidly large number of seek
points and cause an allocation failure.
