[flac-dev] Two new CVEs against FLAC
Miroslav Lichvar
mlichvar at redhat.com
Wed Nov 26 05:01:51 PST 2014
On Tue, Nov 25, 2014 at 11:40:37AM -0800, Erik de Castro Lopo wrote:
> Miroslav Lichvar wrote:
> > I think the case with non-zero partition order may need to be fixed
> > too. For example, with partition order of 1, predictor order of 16 and
> > blocksize of 4, the function would return true and blocksize-order in
> > the caller would still underflow.
> >
> > --- a/src/libFLAC/stream_decoder.c
> > +++ b/src/libFLAC/stream_decoder.c
> > @@ -2744,7 +2744,7 @@ FLAC__bool read_residual_partitioned_rice_(FLAC__StreamDecoder *decoder, unsigne
> > if(partition_samples < predictor_order) {
> > send_error_to_client_(decoder, FLAC__STREAM_DECODER_ERROR_STATUS_LOST_SYNC);
> > decoder->protected_->state = FLAC__STREAM_DECODER_SEARCH_FOR_FRAME_SYNC;
> > - return true;
> > + return false;
> > }
> > }
> >
> > Thoughts?
>
> That may well be true. Is it possible to generate file that actually
> triggers this?
Yes, I have created one by patching the frame encoder. I'll send it to
you privately.
--
Miroslav Lichvar
More information about the flac-dev
mailing list