Left shift if a negative integer such that the sign bit is affected is
(according to the C spec) undefined behaviour and the residual
calculations using the shift operator were hitting this.
Fortunately these same calculations using plain multiplication do not
invoke UB and according to benchmarking (on x86_64 linux) have the same
performance as the bit shift version.
In the case where seek_table->num_points is zero, seek_table->points
will be NULL and passing that to qsort() invokes undefined behaviour.
Since seek_table->num_points is zero, the only sensible thing to do
is to short circuit return 0.
The function FLAC__bitreader_read_raw_int32() triggered undefined behaviour
when sign extending an unsigned value. The Stanford Grahpics bithacks page
provided an alternative that avoided UB.
The new function wraps, realloc() and if the realloc() fails, it
free()s the old pointer.
This is an improvement on the potential realloc() memory leak that
was fixed in 15a9062609.
Still needs fuzzing to validate it.
The american-fuzzy-lop fuzzer found a couple of instances of double
free() resulting from commit 15a9062609.
The problematic free() were the ones associated with use of the
safe_realloc_mul_2op_() function which can call realloc(ptr,0) which
according to the realloc manpage is already an implicit free().
The function get_utf8_argv() was calling LoadLibrary to load msvcrt.dll
but wasn't calling FreeLibrary() if GetProcAddress() fails.
Patch-from: lvqcl <lvqcl.mail@gmail.com>
The assert that was removed in bc5113007a, was a result of error
handling in read_metadata_vorbiscomment_() which set obj->num_comments
to zero, without freeing obj->comments and setting it to NULL.
This commit also restores the assert that was removed.
This asset was firing when the build was configured with --enable-debug
and the flac executable was then run under American Fuzzy Lop. Removing
the assert did not cause any other problems, even under AFL.
A malformed file (generated by AFL) had a 'samples_left_to_process' value
of greater than the actual numbe of samples. When re-encoding the decoder
would get to the end of the file and then continuously return a decode
status of FLAC__STREAM_DECODER_END_OF_STREAM, causing an infinite loop.
Solution is to break out of the loop on two consecutive end-of-stream
events.
To avoid crash caused by an unbound LPC decoding when predictor order is
larger than blocksize, the sanity check needs to be moved to the subframe
decoding functions.
Signed-off-by: Erik de Castro Lopo <erikd@mega-nerd.com>
Restrict number of seek points to 32768 total and a maximum of two per
second.
Ten hours of content is 36000 seconds which gives about one seek point
for every second for those ten hours. Also, having more than two seek
point per second makes little sense regardless of content length.
Without these restrictions flac-to-flac encoding of a malformed input
file (eg something generated with http://lcamtuf.coredump.cx/afl/)
can result in an attempt to generate a stupidly large number of seek
points and cause an allocation failure.
This commit fixes a typo in a console debug message encountered during
encoding. It also fixes a grammatical error in the same message.
Signed-off-by: Erik de Castro Lopo <erikd@mega-nerd.com>
Janne Hyvärinen reported a problem with seeking as a result of the
fix for CVE-2014-9028. This is a different solution to the issue
that should not adversely affect seeking.
This version of the fix for the above CVE has been extensively fuzz
tested using afl (http://lcamtuf.coredump.cx/afl/).
Reported-by: Janne Hyvärinen <cse@sci.fi>
The recent compression preset retuning improved upon most material
but it the few tracks that show regression are usually classical
music. This patch improves compression by improving the LPC order
guess, of which classical music benefits most.
Improvement is 0.007% on average but up to 0.1%. I haven't seen
regressions for any of my test samples.
Signed-off-by: Erik de Castro Lopo <erikd@mega-nerd.com>
The commit http://git.xiph.org/?p=flac.git;a=commit;h=e9d805dd4374
changed the that calculate autocorrelation. However, the new code
worked slightly (about 4%) slower on Core 2, but with the new
presets the speed decrease can reach ~25%.
This patch enables both old and new functions and chooses between
them at runtime.
Patch-from: lvqcl <lvqcl.mail@gmail.com>
