-
Erik de Castro Lopo authored
If a file says it contains a stupidly large number of vorbis comments, the stream decoder would try to allocate enough memory which would fail returning NULL and then write to that pointer anyway. The solution is to set a hard limit of 10000 vorbis comments and force num_comments to zero if the number is too large. Problem found using the afl (american fuzzy lop) fuzzer. Closes: https://sourceforge.net/p/flac/bugs/421/ Reported-by : Hanno Böck <hanno@hboeck.de>
43ba7ad0