-
FLAC__stream_decoder_process_single() ignores frame_sync_() errors, which means the caller cannot rely solely on the boolean return value, it is also required to check the new "state". After FLAC__stream_decoder_process_until_end_of_metadata(), state==SEARCH_FOR_FRAME_SYNC and last_frame.header.number_type==FRAME_NUMBER. When an application seeks at this time, but an I/O error occurs, then FLAC__stream_decoder_process_single() returns true, but no frame has been read yet, i.e. last_frame.header.number_type is still FRAME_NUMBER. This triggers the assertion in seek_to_absolute_sample_(): FLAC__ASSERT(decoder->private_->last_frame.header.number_type == FLAC__FRAME_NUMBER_TYPE_SAMPLE_NUMBER); So what needs to be done is check for state==ABORTED after the FLAC__stream_decoder_process_single() call. This bug can be triggered remotely with the Music Player Daemon (https://www.musicpd.org/ ), and crashes the process. Signed-off-by: Erik de Castro Lopo <erikd@mega-nerd.com> Closes: https://github.com/xiph/flac/pull/12
0a49fe77