[flac-dev] [PATCH] image embedding can result in flac file corruption

Erik de Castro Lopo mle+la at mega-nerd.com
Sun May 1 11:25:22 UTC 2016


lvqcl wrote:

> Currently it's possible to corrupt FLAC file with flac and metaflac tools.
> If image filesize is just slightly less than 2^24 bytes then the size of
> PICTURE metadata block will be more that this limit.
> 
> The first patch (fix1.patch) adds additional check in /share/grabbag/picture.c/read_file()
> and removes rather useless check from FLAC__metadata_object_picture_set_data().
> 
> It's enough to fix the command-line tools, but I think that it also makes
> sense to add additional checks into libFLAC library; so fix2.patch adds
> two checks of metadata block length.

Applied. Thanks.

Erik
-- 
----------------------------------------------------------------------
Erik de Castro Lopo
http://www.mega-nerd.com/


More information about the flac-dev mailing list