When doing a flac to flac conversion, bad data read from the input file
was making it all the way through the encoder to cause a read past the
end of the buffer in the CRC calculation.
Fix had two parts:
* bitwriter.c: Make a debug only assert (assert bits < 32) into a proper
failure.
* stream_encoder.c: Catch the error condition of wasted bits being greater
that bits_pers_sample and limit it to the bits_per_sample value.
Found using the American Fuzzy Lop fuzzer.
Left shift if a negative integer such that the sign bit is affected is
(according to the C spec) undefined behaviour and the residual
calculations using the shift operator were hitting this.
Fortunately these same calculations using plain multiplication do not
invoke UB and according to benchmarking (on x86_64 linux) have the same
performance as the bit shift version.
In the case where seek_table->num_points is zero, seek_table->points
will be NULL and passing that to qsort() invokes undefined behaviour.
Since seek_table->num_points is zero, the only sensible thing to do
is to short circuit return 0.
The function FLAC__bitreader_read_raw_int32() triggered undefined behaviour
when sign extending an unsigned value. The Stanford Grahpics bithacks page
provided an alternative that avoided UB.
The new function wraps, realloc() and if the realloc() fails, it
free()s the old pointer.
This is an improvement on the potential realloc() memory leak that
was fixed in 15a9062609.
Still needs fuzzing to validate it.
The american-fuzzy-lop fuzzer found a couple of instances of double
free() resulting from commit 15a9062609.
The problematic free() were the ones associated with use of the
safe_realloc_mul_2op_() function which can call realloc(ptr,0) which
according to the realloc manpage is already an implicit free().
The function get_utf8_argv() was calling LoadLibrary to load msvcrt.dll
but wasn't calling FreeLibrary() if GetProcAddress() fails.
Patch-from: lvqcl <lvqcl.mail@gmail.com>
According to MSDN, stricmp and strnicmp functions are deprecated
since MSVC 2005 and _stricmp/_strnicmp should be used instead.
Patch-from: lvqcl <lvqcl.mail@gmail.com>
For some reason, the build fails when using GCC 4.7 due to the implicit
-finline-functions option passed to the compiler when -O3 is enabled,
which does not happen in newer versions of GCC, probably due to some of
the "General Optimizer Improvements" included in 4.8 (see [1]).
Fortunately, we don't need to disable -finline-functions completely but
just do it for "small functions", which is what this patch does.
[1] https://gcc.gnu.org/gcc-4.8/changes.html
Closes: https://sourceforge.net/p/flac/bugs/429/
Signed-off-by: Erik de Castro Lopo <erikd@mega-nerd.com>
The assert that was removed in bc5113007a, was a result of error
handling in read_metadata_vorbiscomment_() which set obj->num_comments
to zero, without freeing obj->comments and setting it to NULL.
This commit also restores the assert that was removed.
This asset was firing when the build was configured with --enable-debug
and the flac executable was then run under American Fuzzy Lop. Removing
the assert did not cause any other problems, even under AFL.
