Commit 5a365996 authored by Erik de Castro Lopo's avatar Erik de Castro Lopo
Browse files

src/libFLAC/stream_decoder.c : Fail safely to avoid a heap overflow.

This fix is closely related to the fix for CVE-2014-9028. When that
fix went public Miroslav Lichvar noticed a similar potential problem
spot in the same function and was able to craft a file to trigger a
heap write overflow.

Reported-by : Miroslav Lichvar <mlichvar@redhat.com>
parent 71b5c028
......@@ -2744,7 +2744,8 @@ FLAC__bool read_residual_partitioned_rice_(FLAC__StreamDecoder *decoder, unsigne
if(partition_samples < predictor_order) {
send_error_to_client_(decoder, FLAC__STREAM_DECODER_ERROR_STATUS_LOST_SYNC);
decoder->protected_->state = FLAC__STREAM_DECODER_SEARCH_FOR_FRAME_SYNC;
return true;
/* We have received a potentially malicious bit stream. All we can do is error out to avoid a heap overflow. */
return false;
}
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment