• Max Kellermann's avatar
    stream_decoder: check state==ABORTED after process_single() for seek · 0a49fe77
    Max Kellermann authored
    FLAC__stream_decoder_process_single() ignores frame_sync_() errors,
    which means the caller cannot rely solely on the boolean return value,
    it is also required to check the new "state".
    
    After FLAC__stream_decoder_process_until_end_of_metadata(),
    state==SEARCH_FOR_FRAME_SYNC and
    last_frame.header.number_type==FRAME_NUMBER.  When an application
    seeks at this time, but an I/O error occurs, then
    FLAC__stream_decoder_process_single() returns true, but no frame has
    been read yet, i.e. last_frame.header.number_type is still
    FRAME_NUMBER.  This triggers the assertion in
    seek_to_absolute_sample_():
    
     FLAC__ASSERT(decoder->private_->last_frame.header.number_type == FLAC__FRAME_NUMBER_TYPE_SAMPLE_NUMBER);
    
    So what needs to be done is check for state==ABORTED after the
    FLAC__stream_decoder_process_single() call.
    
    This bug can be triggered remotely with the Music Player Daemon
    (https://www.musicpd.org/
    
    ), and crashes the process.
    Signed-off-by: Erik de Castro Lopo's avatarErik de Castro Lopo <erikd@mega-nerd.com>
    Closes: https://github.com/xiph/flac/pull/12
    0a49fe77
stream_decoder.c 131 KB