1. 14 Jul, 2016 1 commit
    • Max Kellermann's avatar
      stream_decoder: fix memory leak after seek table read error · f7491f97
      Max Kellermann authored
      When read_metadata_seektable_() fails, the has_seek_table flag is
      never set to true, and thus free() is never called.
      Example valgrind output:
       11,185,464 bytes in 1 blocks are definitely lost in loss record 62 of 62
          at 0x4C2BC0F: malloc (vg_replace_malloc.c:299)
          by 0x4C2DE6F: realloc (vg_replace_malloc.c:785)
          by 0x40A7880: safe_realloc_ (alloc.h:159)
          by 0x40A7911: safe_realloc_mul_2op_ (alloc.h:205)
          by 0x40AB6B5: read_metadata_seektable_ (stream_decoder.c:1654)
          by 0x40AAB2D: read_metadata_ (stream_decoder.c:1422)
          by 0x40A9C79: FLAC__stream_decoder_process_until_end_of_metadata (stream_decoder.c:1055)
      It is easy to craft a FLAC file which leaks megabytes of memory on
      every attempt to open the file.
      This patch fixes the problem by removing checks which are unnecessary
      (and harmful).  Checking the has_seek_table flag is not enough, as
      described above.  The NULL check is not harmful, but is not helpful
      either, because free(NULL) is documented to be legal.
      After running this code block, we're in a well-known safe state, no
      matter how inconsistent pointer and flag may have been before, for
      whatever reasons.
      Signed-off-by: Erik de Castro Lopo's avatarErik de Castro Lopo <erikd@mega-nerd.com>
  2. 13 Jul, 2016 1 commit
  3. 09 Jul, 2016 2 commits
    • Max Kellermann's avatar
      stream_decoder: fix integer underflow due to malformed wasted_bits · 9949ce15
      Max Kellermann authored
      It is pretty easy for a malformed FLAC file to underflow the "bps"
      variable.  In the debug build, this results in an assertion failure in
          FLAC__ASSERT(bits <= 32);
      In non-debug builds, this simply makes
      FLAC__bitreader_read_raw_uint32() fail because
      bitreader_read_from_client_() doesn't find enough buffer space for
      2**32-1 bits.  But since the failing FLAC_ASSERT() is reasonable, this
      should be caught in the FLAC__bitreader_read_raw_uint32() caller.
      Signed-off-by: Erik de Castro Lopo's avatarErik de Castro Lopo <erikd@mega-nerd.com>
      Closes: https://github.com/xiph/flac/pull/13
    • Max Kellermann's avatar
      stream_decoder: check state==ABORTED after process_single() for seek · 0a49fe77
      Max Kellermann authored
      FLAC__stream_decoder_process_single() ignores frame_sync_() errors,
      which means the caller cannot rely solely on the boolean return value,
      it is also required to check the new "state".
      After FLAC__stream_decoder_process_until_end_of_metadata(),
      state==SEARCH_FOR_FRAME_SYNC and
      last_frame.header.number_type==FRAME_NUMBER.  When an application
      seeks at this time, but an I/O error occurs, then
      FLAC__stream_decoder_process_single() returns true, but no frame has
      been read yet, i.e. last_frame.header.number_type is still
      FRAME_NUMBER.  This triggers the assertion in
       FLAC__ASSERT(decoder->private_->last_frame.header.number_type == FLAC__FRAME_NUMBER_TYPE_SAMPLE_NUMBER);
      So what needs to be done is check for state==ABORTED after the
      FLAC__stream_decoder_process_single() call.
      This bug can be triggered remotely with the Music Player Daemon
      ), and crashes the process.
      Signed-off-by: Erik de Castro Lopo's avatarErik de Castro Lopo <erikd@mega-nerd.com>
      Closes: https://github.com/xiph/flac/pull/12
  4. 20 Jun, 2016 1 commit
  5. 20 Mar, 2016 4 commits
  6. 08 Feb, 2016 1 commit
  7. 24 Aug, 2015 1 commit
  8. 22 Aug, 2015 1 commit
    • Erik de Castro Lopo's avatar
      libFLAC/stream_decoder: Fix double free · 684fb3d5
      Erik de Castro Lopo authored
      The american-fuzzy-lop fuzzer found a couple of instances of double
      free() resulting from commit 15a90626.
      The problematic free() were the ones associated with use of the
      safe_realloc_mul_2op_() function which can call realloc(ptr,0) which
      according to the realloc manpage is already an implicit free().
  9. 09 Aug, 2015 1 commit
  10. 08 Aug, 2015 1 commit
  11. 13 Jul, 2015 1 commit
  12. 05 Jul, 2015 2 commits
    • Erik de Castro Lopo's avatar
      libFLAC: More comment validation · ff50779e
      Erik de Castro Lopo authored
      When the allocation for obj->comment fails, set obj->num_comments
      to zero.
      Patch-from: lvqcl <lvqcl.mail@gmail.com>
    • Erik de Castro Lopo's avatar
      libFLAC: Improve fix in bc511300 · d939b44a
      Erik de Castro Lopo authored
      The assert that was removed in bc511300, was a result of error
      handling in read_metadata_vorbiscomment_() which set obj->num_comments
      to zero, without freeing obj->comments and setting it to NULL.
      This commit also restores the assert that was removed.
  13. 24 Apr, 2015 1 commit
  14. 18 Feb, 2015 1 commit
  15. 21 Dec, 2014 1 commit
  16. 11 Dec, 2014 2 commits
  17. 29 Nov, 2014 1 commit
  18. 27 Nov, 2014 1 commit
  19. 26 Nov, 2014 1 commit
  20. 25 Nov, 2014 2 commits
  21. 20 Nov, 2014 1 commit
  22. 26 Sep, 2014 1 commit
  23. 20 Sep, 2014 2 commits
  24. 17 Sep, 2014 1 commit
    • Erik de Castro Lopo's avatar
      Remove old/broken PPC/Altivec code. · b60f16bb
      Erik de Castro Lopo authored
      * Removes FLAC__lpc_restore_signal_asm_ppc_altivec_16*
        from lpc.h and stream_decoder.c
      * Removes PPC-specific code from cpu.c and cpu.h
      * Removes PPC stuff from libFLAC/Makefile.lite and build/*.mk
      * Removes as/gas/PPC-specific stuff from configure.ac and
      * Removes libFLAC/ppc folder and remove "src/libFLAC/ppc*/Makefile"
        lines from configure.ac
      Patch-from: lvqcl <lvqcl.mail@gmail.com>
  25. 27 Jul, 2014 1 commit
  26. 06 Jul, 2014 1 commit
  27. 03 Jul, 2014 1 commit
  28. 27 Jun, 2014 1 commit
  29. 14 May, 2014 1 commit
  30. 09 Apr, 2014 1 commit
    • Erik de Castro Lopo's avatar
      Fix clang compiler warnings. · 3f5208c3
      Erik de Castro Lopo authored
      These were most arising from -Wenum-conversion where an enum of
      one type was being assigned to a variable on another.
      Originally reported by Lenny Maiorani <lenny@colorado.edu> on the
      flac-dev mailing list.
  31. 24 Mar, 2014 1 commit
  32. 14 Mar, 2014 1 commit