1. 14 Jul, 2016 1 commit
    • Max Kellermann's avatar
      stream_decoder: fix memory leak after seek table read error · f7491f97
      Max Kellermann authored
      When read_metadata_seektable_() fails, the has_seek_table flag is
      never set to true, and thus free() is never called.
      Example valgrind output:
       11,185,464 bytes in 1 blocks are definitely lost in loss record 62 of 62
          at 0x4C2BC0F: malloc (vg_replace_malloc.c:299)
          by 0x4C2DE6F: realloc (vg_replace_malloc.c:785)
          by 0x40A7880: safe_realloc_ (alloc.h:159)
          by 0x40A7911: safe_realloc_mul_2op_ (alloc.h:205)
          by 0x40AB6B5: read_metadata_seektable_ (stream_decoder.c:1654)
          by 0x40AAB2D: read_metadata_ (stream_decoder.c:1422)
          by 0x40A9C79: FLAC__stream_decoder_process_until_end_of_metadata (stream_decoder.c:1055)
      It is easy to craft a FLAC file which leaks megabytes of memory on
      every attempt to open the file.
      This patch fixes the problem by removing checks which are unnecessary
      (and harmful).  Checking the has_seek_table flag is not enough, as
      described above.  The NULL check is not harmful, but is not helpful
      either, because free(NULL) is documented to be legal.
      After running this code block, we're in a well-known safe state, no
      matter how inconsistent pointer and flag may have been before, for
      whatever reasons.
      Signed-off-by: Erik de Castro Lopo's avatarErik de Castro Lopo <erikd@mega-nerd.com>
  2. 13 Jul, 2016 2 commits
  3. 10 Jul, 2016 2 commits
  4. 09 Jul, 2016 2 commits
    • Max Kellermann's avatar
      stream_decoder: fix integer underflow due to malformed wasted_bits · 9949ce15
      Max Kellermann authored
      It is pretty easy for a malformed FLAC file to underflow the "bps"
      variable.  In the debug build, this results in an assertion failure in
          FLAC__ASSERT(bits <= 32);
      In non-debug builds, this simply makes
      FLAC__bitreader_read_raw_uint32() fail because
      bitreader_read_from_client_() doesn't find enough buffer space for
      2**32-1 bits.  But since the failing FLAC_ASSERT() is reasonable, this
      should be caught in the FLAC__bitreader_read_raw_uint32() caller.
      Signed-off-by: Erik de Castro Lopo's avatarErik de Castro Lopo <erikd@mega-nerd.com>
      Closes: https://github.com/xiph/flac/pull/13
    • Max Kellermann's avatar
      stream_decoder: check state==ABORTED after process_single() for seek · 0a49fe77
      Max Kellermann authored
      FLAC__stream_decoder_process_single() ignores frame_sync_() errors,
      which means the caller cannot rely solely on the boolean return value,
      it is also required to check the new "state".
      After FLAC__stream_decoder_process_until_end_of_metadata(),
      state==SEARCH_FOR_FRAME_SYNC and
      last_frame.header.number_type==FRAME_NUMBER.  When an application
      seeks at this time, but an I/O error occurs, then
      FLAC__stream_decoder_process_single() returns true, but no frame has
      been read yet, i.e. last_frame.header.number_type is still
      FRAME_NUMBER.  This triggers the assertion in
       FLAC__ASSERT(decoder->private_->last_frame.header.number_type == FLAC__FRAME_NUMBER_TYPE_SAMPLE_NUMBER);
      So what needs to be done is check for state==ABORTED after the
      FLAC__stream_decoder_process_single() call.
      This bug can be triggered remotely with the Music Player Daemon
      ), and crashes the process.
      Signed-off-by: Erik de Castro Lopo's avatarErik de Castro Lopo <erikd@mega-nerd.com>
      Closes: https://github.com/xiph/flac/pull/12
  5. 30 Jun, 2016 1 commit
  6. 28 Jun, 2016 9 commits
  7. 26 Jun, 2016 6 commits
  8. 25 Jun, 2016 1 commit
  9. 20 Jun, 2016 2 commits
  10. 13 Jun, 2016 1 commit
  11. 22 May, 2016 1 commit
    • Erik de Castro Lopo's avatar
      libFLAC: More metadata_iterators fixes · fdc1ccf2
      Erik de Castro Lopo authored
      The previous fixes for metadata_iterators didn't completely fix the problem.
      The behavior of chain_prepare_for_write_() must always be the same as the
      behavior of FLAC__metadata_chain_check_if_tempfile_needed(). Before this
      fix, one check was missing in FLAC__metadata_chain_check_if_tempfile_needed(),
      and also chain_prepare_for_write_() checked the sizes of the metadata blocks
      *after* making the changes to the chain, while
      FLAC__metadata_chain_check_if_tempfile_needed() does it *before* the changes.
      This patch changes FLAC__metadata_chain_check_if_tempfile_needed() so that it
      keeps some info (lbs_state, lbs_size) about estimated changes and then uses
      it to check the block sizes.
      It also simplifies FLAC__metadata_chain_check_if_tempfile_needed() a little.
      Patch-from: lvqcl <lvqcl.mail@gmail.com>
  12. 11 May, 2016 1 commit
  13. 05 May, 2016 1 commit
    • Erik de Castro Lopo's avatar
      libFLAC: Add a workaround for a bug in MSVC2105 update2 · 94a61241
      Erik de Castro Lopo authored
      MSVC2105 update2 compiles the C code:
          abs_residual_partition_sums[partition] =
      into this:
          movq    QWORD PTR [rsi], xmm2
      while it should be:
          movd    eax, xmm2
          mov     QWORD PTR [rsi], rax
      With this patch, MSVC emits:
          movq    QWORD PTR [rsi], xmm2
          mov     DWORD PTR [rsi+4], r9d
      so the price of this workaround is 1 extra write instruction per
      Patch-from: lvqcl <lvqcl.mail@gmail.com>
  14. 01 May, 2016 5 commits
    • Erik de Castro Lopo's avatar
      metadata_iterators.c: Limit padding size · 387992bd
      Erik de Castro Lopo authored
      Without this fix, its possible for libFLAC to create an oversized
      padding metadata block when:
      a) it merges existing padding blocks
      b) it expands padding block during metadata changes
      resulting in a corrupt FLAC file.
      Patch-from: lvqcl <lvqcl.mail@gmail.com>
    • Erik de Castro Lopo's avatar
      Windows/MSVC: Add ENABLE_64_BIT_WORDS macro · 94ff346a
      Erik de Castro Lopo authored
      Allow setting of ENABLE_64_BIT_WORDS preprocessor variable for
      libFLAC_dynamic, libFLAC_static and test_libFLAC projects and x64
      Patch-from: lvqcl <lvqcl.mail@gmail.com>
    • Erik de Castro Lopo's avatar
      bitwrite.c: Tweaks · f3a16f85
      Erik de Castro Lopo authored
      * Removes unused FLAC__WORD_ALL_ONES definition.
      * Add comment that unused bits of accumulator can contain garbage.
      * Turn assert inside FLAC__bitwriter_write_utf8_uint32 into runtime
        check (similar to FLAC__bitwriter_write_utf8_uint64() function).
      Patch-from: lvqcl <lvqcl.mail@gmail.com>
    • Erik de Castro Lopo's avatar
      libFLAC: Add metadata size checks to FLAC library · 94386fde
      Erik de Castro Lopo authored
      This follows on from the previous patch.
      Patch-from: lvqcl <lvqcl.mail@gmail.com>
    • Erik de Castro Lopo's avatar
      flac/metaflac: Limit the size of metadata blocks · 516a7ad4
      Erik de Castro Lopo authored
      Limit allow image file size to slightly less than 2^24 bytes so that
      the file size plus extra house keeping data is strictly less that
      2^24 bytes in size.
      Patch-from: lvqcl <lvqcl.mail@gmail.com>
  15. 20 Mar, 2016 4 commits
  16. 14 Mar, 2016 1 commit