Left shift if a negative integer such that the sign bit is affected is
(according to the C spec) undefined behaviour and the residual
calculations using the shift operator were hitting this.
Fortunately these same calculations using plain multiplication do not
invoke UB and according to benchmarking (on x86_64 linux) have the same
performance as the bit shift version.
In the case where seek_table->num_points is zero, seek_table->points
will be NULL and passing that to qsort() invokes undefined behaviour.
Since seek_table->num_points is zero, the only sensible thing to do
is to short circuit return 0.
The function FLAC__bitreader_read_raw_int32() triggered undefined behaviour
when sign extending an unsigned value. The Stanford Grahpics bithacks page
provided an alternative that avoided UB.
The new function wraps, realloc() and if the realloc() fails, it
free()s the old pointer.
This is an improvement on the potential realloc() memory leak that
was fixed in 15a9062609.
Still needs fuzzing to validate it.
The american-fuzzy-lop fuzzer found a couple of instances of double
free() resulting from commit 15a9062609.
The problematic free() were the ones associated with use of the
safe_realloc_mul_2op_() function which can call realloc(ptr,0) which
according to the realloc manpage is already an implicit free().
The function get_utf8_argv() was calling LoadLibrary to load msvcrt.dll
but wasn't calling FreeLibrary() if GetProcAddress() fails.
Patch-from: lvqcl <lvqcl.mail@gmail.com>
According to MSDN, stricmp and strnicmp functions are deprecated
since MSVC 2005 and _stricmp/_strnicmp should be used instead.
Patch-from: lvqcl <lvqcl.mail@gmail.com>
For some reason, the build fails when using GCC 4.7 due to the implicit
-finline-functions option passed to the compiler when -O3 is enabled,
which does not happen in newer versions of GCC, probably due to some of
the "General Optimizer Improvements" included in 4.8 (see [1]).
Fortunately, we don't need to disable -finline-functions completely but
just do it for "small functions", which is what this patch does.
[1] https://gcc.gnu.org/gcc-4.8/changes.html
Closes: https://sourceforge.net/p/flac/bugs/429/
Signed-off-by: Erik de Castro Lopo <erikd@mega-nerd.com>
The assert that was removed in bc5113007a, was a result of error
handling in read_metadata_vorbiscomment_() which set obj->num_comments
to zero, without freeing obj->comments and setting it to NULL.
This commit also restores the assert that was removed.
This asset was firing when the build was configured with --enable-debug
and the flac executable was then run under American Fuzzy Lop. Removing
the assert did not cause any other problems, even under AFL.
The x32 architecture uses and ILP32 (32 bit ints, longs and pointers)
on an x86_64 CPU. Since the CPU is x86_64 we need to set FLAC__CPU_X86_64
even though the pointer size is 32 bits.
Patch-from: Stuart Shelton
Closes: https://sourceforge.net/p/flac/bugs/427/
* Correct definition of FLAC__HAS_X86INTRIN in config.h file.
* Correct comparison of sse_os with 'true' instead of 'yes'.
Patch-from: lvqcl <lvqcl.mail@gmail.com>
An output file was being set to read only and hence could not be
overwritten by a later test. Not sure why this only affected the
'make distcheck' target.
A malformed file (generated by AFL) had a 'samples_left_to_process' value
of greater than the actual numbe of samples. When re-encoding the decoder
would get to the end of the file and then continuously return a decode
status of FLAC__STREAM_DECODER_END_OF_STREAM, causing an infinite loop.
Solution is to break out of the loop on two consecutive end-of-stream
events.
