Christian Weisgerber authored Jan 09, 2015 and Erik de Castro Lopo committed Feb 19, 2015

On BSD systems, the 64-bit x86 architecture is called "amd64".

Signed-off-by: Erik de Castro Lopo <erikd@mega-nerd.com>

Miroslav Lichvar authored Dec 15, 2014 and Erik de Castro Lopo committed Feb 18, 2015

To avoid crash caused by an unbound LPC decoding when predictor order is
larger than blocksize, the sanity check needs to be moved to the subframe
decoding functions.

Signed-off-by: Erik de Castro Lopo <erikd@mega-nerd.com>

Restrict number of seek points to 32768 total and a maximum of two per
second.

Ten hours of content is 36000 seconds which gives about one seek point
for every second for those ten hours. Also, having more than two seek
point per second makes little sense regardless of content length.

Without these restrictions flac-to-flac encoding of a malformed input
file (eg something generated with http://lcamtuf.coredump.cx/afl/)
can result in an attempt to generate a stupidly large number of seek
points and cause an allocation failure.

* flac/encode.c : Validate num_tracks field of cuesheet.
* libFLAC/stream_encoder.c : Add check for a NULL pointer.
* flac/encode.c : Improve bounds checking.

Closes: https://sourceforge.net/p/flac/bugs/425/

These warning are supposed to occur for files with noise-like
characteristics and some of the tests use files containing noise.

These are needed for running some of the tests when building out
of tree.

* Pipe un-needed strerr output to /dev/null.
* Pass --silent and --no-seektable to the flac executable.
* When generating tones, use --output-name=....

NULL de-reference can really only happen on a malformed file.
Found using afl (http://lcamtuf.coredump.cx/afl/).

Patch-by: lvqcl <lvqcl.mail@gmail.com>

Karthik Periagaram authored Dec 13, 2014 and Erik de Castro Lopo committed Dec 14, 2014

Signed-off-by: Erik de Castro Lopo <erikd@mega-nerd.com>

Karthik Periagaram authored Dec 13, 2014 and Erik de Castro Lopo committed Dec 14, 2014

This commit fixes a typo in a console debug message encountered during
encoding. It also fixes a grammatical error in the same message.

Signed-off-by: Erik de Castro Lopo <erikd@mega-nerd.com>

Found using afl (http://lcamtuf.coredump.cx/afl/).

Janne Hyvärinen reported a problem with seeking as a result of the
fix for CVE-2014-9028. This is a different solution to the issue
that should not adversely affect seeking.

This version of the fix for the above CVE has been extensively fuzz
tested using afl (http://lcamtuf.coredump.cx/afl/

).

Reported-by: Janne Hyvärinen <cse@sci.fi>

Patch-from: Jan Stary <hans@stare.cz>

Patch-from: lvqcl <lvqcl.mail@gmail.com>

Martijn van Beurden authored Dec 03, 2014 and Erik de Castro Lopo committed Dec 05, 2014

The recent compression preset retuning improved upon most material
but it the few tracks that show regression are usually classical
music. This patch improves compression by improving the LPC order
guess, of which classical music benefits most.

Improvement is 0.007% on average but up to 0.1%. I haven't seen
regressions for any of my test samples.

Signed-off-by: Erik de Castro Lopo <erikd@mega-nerd.com>

The commit http://git.xiph.org/?p=flac.git;a=commit;h=e9d805dd4374
changed the that calculate autocorrelation. However, the new code
worked slightly (about 4%) slower on Core 2, but with the new
presets the speed decrease can reach ~25%.

This patch enables both old and new functions and chooses between
them at runtime.

Patch-from: lvqcl <lvqcl.mail@gmail.com>

Requested-by: lvqcl <lvqcl.mail@gmail.com>

Zoë Blade authored Dec 01, 2014 and Erik de Castro Lopo committed Dec 03, 2014

Signed-off-by: Erik de Castro Lopo <erikd@mega-nerd.com>

Suggested-by: Jan Stary <hans@stare.cz>

The '-g' was in-correctly getting zapped from all CFLAGS expressions
including eg:

    -mfloat-gprs=double (for powerpc e500) -> -mfloatprs=double.

Reported-by: Gustavo Zacarias <gustavo@zacarias.com.ar>

If a file says it contains a stupidly large number of vorbis comments,
the stream decoder would try to allocate enough memory which would fail
returning NULL and then write to that pointer anyway. The solution is
to set a hard limit of 10000 vorbis comments and force num_comments to
zero if the number is too large.

Problem found using the afl (american fuzzy lop) fuzzer.

Closes: https://sourceforge.net/p/flac/bugs/421/
Reported-by : Hanno Böck <hanno@hboeck.de>

This fix is closely related to the fix for CVE-2014-9028. When that
fix went public Miroslav Lichvar noticed a similar potential problem
spot in the same function and was able to craft a file to trigger a
heap write overflow.

Reported-by : Miroslav Lichvar <mlichvar@redhat.com>

Jan Stary reported that on OpenBSD bash isn't located in /bin/
which means that the test fail. He also noted that there didn't
seem to be anything bash specific in the tests.

This patch takes some suggestions from Jan, plus a few fixes tested
on Debian using the bin/sh provided by bash and dash.

Suggested-by: Jan Stary <hans@stare.cz>

This will make it easier to simply search and replace.

Martijn van Beurden authored Nov 26, 2014 and Erik de Castro Lopo committed Nov 27, 2014

This updates one rather important mention of the copyright year
(the encoding/decoding progress display) and a few in the
documentation. Furthermore, it updates the open bug list

Signed-off-by: Erik de Castro Lopo <erikd@mega-nerd.com>

On Mac OSX, the 'wc -c' command returns a number with leading whitespace
which then results in a syntax error when the shell parser expects a
number when it really has a string containing a number. The easy fix is
to use string interpolation.

Closes: https://sourceforge.net/p/flac/bugs/420/


Reported-by: Mark Harris <mark.hsj@gmail.com>