Commit 9949ce15 authored by Max Kellermann's avatar Max Kellermann Committed by Erik de Castro Lopo

stream_decoder: fix integer underflow due to malformed wasted_bits

It is pretty easy for a malformed FLAC file to underflow the "bps"
variable.  In the debug build, this results in an assertion failure in
FLAC__bitreader_read_raw_uint32():

    FLAC__ASSERT(bits <= 32);

In non-debug builds, this simply makes
FLAC__bitreader_read_raw_uint32() fail because
bitreader_read_from_client_() doesn't find enough buffer space for
2**32-1 bits.  But since the failing FLAC_ASSERT() is reasonable, this
should be caught in the FLAC__bitreader_read_raw_uint32() caller.
Signed-off-by: Erik de Castro Lopo's avatarErik de Castro Lopo <erikd@mega-nerd.com>
Closes: https://github.com/xiph/flac/pull/13
parent 0a49fe77
......@@ -2481,6 +2481,8 @@ FLAC__bool read_subframe_(FLAC__StreamDecoder *decoder, unsigned channel, unsign
if(!FLAC__bitreader_read_unary_unsigned(decoder->private_->input, &u))
return false; /* read_callback_ sets the state for us */
decoder->private_->frame.subframes[channel].wasted_bits = u+1;
if (decoder->private_->frame.subframes[channel].wasted_bits >= bps)
return false;
bps -= decoder->private_->frame.subframes[channel].wasted_bits;
}
else
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment