1. 21 Dec, 2016 3 commits
  2. 11 Dec, 2016 3 commits
  3. 06 Dec, 2016 5 commits
  4. 05 Dec, 2016 2 commits
  5. 04 Dec, 2016 7 commits
  6. 02 Dec, 2016 1 commit
  7. 27 Oct, 2016 1 commit
  8. 04 Oct, 2016 4 commits
  9. 12 Sep, 2016 1 commit
  10. 11 Sep, 2016 1 commit
  11. 08 Sep, 2016 1 commit
  12. 14 Jul, 2016 2 commits
    • Max Kellermann's avatar
      stream_decoder: reset has_seek_table before read_metadata_seektable_() · a52177b0
      Max Kellermann authored
      If a seek table has already been read successfully, then the
      has_seek_table flag is true.  Now imagine the file comes with another
      seek table, which doesn't make sense, but libFLAC accepts it happily.
      If reading this second seek table fails (for example allocation
      failure), read_metadata_seektable_() returns false, but the
      has_seek_table flag is still true.  If the calling application happens
      to ignore this failure, and at some point tries to seek, the process
      will crash due to NULL pointer dereference.  This would sure be an
      application bug that needs to be fixed, but libFLAC's internal state
      is inconsistent, so let's fix this up.
      Signed-off-by: Erik de Castro Lopo's avatarErik de Castro Lopo <erikd@mega-nerd.com>
    • Max Kellermann's avatar
      stream_decoder: fix memory leak after seek table read error · f7491f97
      Max Kellermann authored
      When read_metadata_seektable_() fails, the has_seek_table flag is
      never set to true, and thus free() is never called.
      Example valgrind output:
       11,185,464 bytes in 1 blocks are definitely lost in loss record 62 of 62
          at 0x4C2BC0F: malloc (vg_replace_malloc.c:299)
          by 0x4C2DE6F: realloc (vg_replace_malloc.c:785)
          by 0x40A7880: safe_realloc_ (alloc.h:159)
          by 0x40A7911: safe_realloc_mul_2op_ (alloc.h:205)
          by 0x40AB6B5: read_metadata_seektable_ (stream_decoder.c:1654)
          by 0x40AAB2D: read_metadata_ (stream_decoder.c:1422)
          by 0x40A9C79: FLAC__stream_decoder_process_until_end_of_metadata (stream_decoder.c:1055)
      It is easy to craft a FLAC file which leaks megabytes of memory on
      every attempt to open the file.
      This patch fixes the problem by removing checks which are unnecessary
      (and harmful).  Checking the has_seek_table flag is not enough, as
      described above.  The NULL check is not harmful, but is not helpful
      either, because free(NULL) is documented to be legal.
      After running this code block, we're in a well-known safe state, no
      matter how inconsistent pointer and flag may have been before, for
      whatever reasons.
      Signed-off-by: Erik de Castro Lopo's avatarErik de Castro Lopo <erikd@mega-nerd.com>
  13. 13 Jul, 2016 2 commits
  14. 10 Jul, 2016 2 commits
  15. 09 Jul, 2016 3 commits
    • Max Kellermann's avatar
      stream_decoder: fix integer underflow due to malformed wasted_bits · 9949ce15
      Max Kellermann authored
      It is pretty easy for a malformed FLAC file to underflow the "bps"
      variable.  In the debug build, this results in an assertion failure in
          FLAC__ASSERT(bits <= 32);
      In non-debug builds, this simply makes
      FLAC__bitreader_read_raw_uint32() fail because
      bitreader_read_from_client_() doesn't find enough buffer space for
      2**32-1 bits.  But since the failing FLAC_ASSERT() is reasonable, this
      should be caught in the FLAC__bitreader_read_raw_uint32() caller.
      Signed-off-by: Erik de Castro Lopo's avatarErik de Castro Lopo <erikd@mega-nerd.com>
      Closes: https://github.com/xiph/flac/pull/13
    • Max Kellermann's avatar
      stream_decoder: check state==ABORTED after process_single() for seek · 0a49fe77
      Max Kellermann authored
      FLAC__stream_decoder_process_single() ignores frame_sync_() errors,
      which means the caller cannot rely solely on the boolean return value,
      it is also required to check the new "state".
      After FLAC__stream_decoder_process_until_end_of_metadata(),
      state==SEARCH_FOR_FRAME_SYNC and
      last_frame.header.number_type==FRAME_NUMBER.  When an application
      seeks at this time, but an I/O error occurs, then
      FLAC__stream_decoder_process_single() returns true, but no frame has
      been read yet, i.e. last_frame.header.number_type is still
      FRAME_NUMBER.  This triggers the assertion in
       FLAC__ASSERT(decoder->private_->last_frame.header.number_type == FLAC__FRAME_NUMBER_TYPE_SAMPLE_NUMBER);
      So what needs to be done is check for state==ABORTED after the
      FLAC__stream_decoder_process_single() call.
      This bug can be triggered remotely with the Music Player Daemon
      ), and crashes the process.
      Signed-off-by: Erik de Castro Lopo's avatarErik de Castro Lopo <erikd@mega-nerd.com>
      Closes: https://github.com/xiph/flac/pull/12
    • Erik de Castro Lopo's avatar
      flac++.pc.in: Make flac a private requires · 82797787
      Erik de Castro Lopo authored
      Patch pulled from Debian package.
      Chain::Status::as_cstring uses FLAC__Metadata_ChainStatusString which
      is in libFLAC. Since the function is inline, every program calling
      this function must also link with -lflac, but this is missing in
      Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=713645
  16. 30 Jun, 2016 1 commit
  17. 28 Jun, 2016 1 commit