[flac-dev] Two new CVEs against FLAC
Miroslav Lichvar
mlichvar at redhat.com
Thu Dec 11 05:34:16 PST 2014
On Thu, Dec 11, 2014 at 11:12:25AM +0100, Martijn van Beurden wrote:
> Op 11-12-14 om 10:53 schreef Martijn van Beurden:
> > Op 11-12-14 om 10:05 schreef Miroslav Lichvar:
> >> but I'd rather see the real seeking bug fixed instead
> >
> > I think I might have a fix [...]
So the problem is that FLAC__stream_decoder_process_single returns
error before it finds a valid frame?
> Another solution might be to 'just try again' somewhere else
> when seeking fails, but maybe there are good reasons not to do
> so? The decoder might get stuck in a loop?
I think that would be a reasonable solution.
In one iteration of the root-finding algorithm, don't give up when
decoding fails, but try also a limited number of different positions
(say 10) dividing the interval between the lower and upper bound
evenly. Does that make sense?
--
Miroslav Lichvar
More information about the flac-dev
mailing list