[flac-dev] free() invalid pointer
Martijn van Beurden
mvanb1 at gmail.com
Thu Nov 13 12:10:03 PST 2014
Op 13-11-14 om 17:45 schreef lvqcl:
> FLAC__window_partial_tukey():
>
> Np = (FLAC__int32)(p / 2.0f * N) - 1;
>
> and Np can be equal to -1. So later in the code
>
> for (; n < (end_n-Np); n++)
> window[n] = 1.0f;
>
> libFLAC writes outside of window[] memory.
That does the trick indeed. I still wonder how it is possible
that this didn't trigger anything on x86_64? Now that I've taken
a better look, there are a few other problems with that code
actually. Here's a patch to fix the issue
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Add-more-checks-to-partial_tukey-and-punchout_tukey-.patch
Type: text/x-patch
Size: 0 bytes
Desc: not available
Url : http://lists.xiph.org/pipermail/flac-dev/attachments/20141113/2a8f3df2/attachment.bin
More information about the flac-dev
mailing list