If a file says it contains a stupidly large number of vorbis comments,
the stream decoder would try to allocate enough memory which would fail
returning NULL and then write to that pointer anyway. The solution is
to set a hard limit of 10000 vorbis comments and force num_comments to
zero if the number is too large.
Problem found using the afl (american fuzzy lop) fuzzer.
Closes: https://sourceforge.net/p/flac/bugs/421/
Reported-by : Hanno Böck <hanno@hboeck.de>
This fix is closely related to the fix for CVE-2014-9028. When that
fix went public Miroslav Lichvar noticed a similar potential problem
spot in the same function and was able to craft a file to trigger a
heap write overflow.
Reported-by : Miroslav Lichvar <mlichvar@redhat.com>
This updates one rather important mention of the copyright year
(the encoding/decoding progress display) and a few in the
documentation. Furthermore, it updates the open bug list
Signed-off-by: Erik de Castro Lopo <erikd@mega-nerd.com>
A file provided by the reporters caused the stream decoder to write to
un-allocated heap space resulting in a segfault. The solution is to
error out (by returning false from read_residual_partitioned_rice_())
instead of trying to continue to decode.
Fixes: CVE-2014-9028
Reported-by: Michele Spagnuolo,
Google Security Team <mikispag@google.com>
This fixes two problems with handling of out-of-bounds arguments
for the window functions, one of which involving an infinite loop
Signed-off-by: Erik de Castro Lopo <erikd@mega-nerd.com>
This patch changes a the settings associated with compression
levels 6, 7 and 8. With this patch, -e is no longer used, but
instead apodization functions are added. This should improve
compression with at least 95% of all material while not changing
the speed much. Decoding ways, 6 and 8 stay the same, and 7 is
slowed a bit, which makes it as fast as 8.
Signed-off-by: Erik de Castro Lopo <erikd@mega-nerd.com>
On Windows, decoding flac files is also prone to producing fragmented
files. Avoid fragmentation on NTFS by using Windows specific functions to
tell Windows the size of the file beforehand.
Patch-from: Janne Hyvärinen <cse@sci.fi>
Windows in particular can experience slow encoding speeds on highly
fragmented disks. Using setvbuf to increase the size of the buffer to
10Meg.
This is probably not needed on Linux/Unix, but is very unlikely to
to cause any negative effects.
Patch-from: Janne Hyvärinen <cse@sci.fi>
* Changes flac_snprintf (in src/share/grabbag/snprintf.c) and its copy
local_snprintf (src/libFLAC/metadata_iterators.c) to be almost sane.
* Adds flac_vsnprintf (src/share/grabbag/snprintf.c) and its copy
local_vsnprintf (src/share/win_utf8_io/win_utf8_io.c).
* Changes stats_print_info in src/flac/utils.c so it uses flac_vsnprintf
instead of vsnprintf. This makes return value checking unnecessary.
Patch-from: lvqcl <lvqcl.mail@gmail.com>
Adds two new apodization functions that seem to perform better than
the apodization functions currently in the codebase and fixes three
existing windows as well.
Its important to note that this patch only affects the encoder stage
that evaluates various possible predictors. Audio encoded with these
new windows will still decode with existing legacy decoders.
= Theory =
These functions are used to window the audio data at the predictor
stage. These news functions enable the use of only part of the signal
to generate a predictor. This helps because short transients can
introduce noise into the predictor. The predictor becomes very good
at prediciting one part of the signal, instead of mediocre for the
whole block.
Signed-off-by: Erik de Castro Lopo <erikd@mega-nerd.com>
* Removes FLAC__lpc_restore_signal_asm_ppc_altivec_16*
from lpc.h and stream_decoder.c
* Removes PPC-specific code from cpu.c and cpu.h
* Removes PPC stuff from libFLAC/Makefile.lite and build/*.mk
* Removes as/gas/PPC-specific stuff from configure.ac and
libFLAC/Makefile.am*
* Removes libFLAC/ppc folder and remove "src/libFLAC/ppc*/Makefile"
lines from configure.ac
Patch-from: lvqcl <lvqcl.mail@gmail.com>
