src/libFLAC/stream_decoder.c : Fail safely to avoid a heap overflow.

This fix is closely related to the fix for CVE-2014-9028. When that fix went public Miroslav Lichvar noticed a similar potential problem spot in the same function and was able to craft a file to trigger a heap write overflow. Reported-by : Miroslav Lichvar <mlichvar@redhat.com>
author: Erik de Castro Lopo <erikd@mega-nerd.com> 2014-11-27 11:55:11 +1100
committer: Erik de Castro Lopo <erikd@mega-nerd.com> 2014-11-27 13:40:37 +1100
commit: 5a365996d739bdf4711af51d9c2c71c8a5e14660 (patch)
tree: ac3b63dd49f4add337e16e9e5536512d74805cf2
parent: 71b5c028708349e1d698498c54b842a5741dae0f (diff)
download: flac-5a365996d739bdf4711af51d9c2c71c8a5e14660.tar.gz
1 files changed, 2 insertions, 1 deletions
diff --git a/src/libFLAC/stream_decoder.c b/src/libFLAC/stream_decoder.c
index 15647800..6632d312 100644
--- a/src/libFLAC/stream_decoder.c
+++ b/src/libFLAC/stream_decoder.c
@@ -2744,7 +2744,8 @@ FLAC__bool read_residual_partitioned_rice_(FLAC__StreamDecoder *decoder, unsigne
 		if(partition_samples < predictor_order) {
 			send_error_to_client_(decoder, FLAC__STREAM_DECODER_ERROR_STATUS_LOST_SYNC);
 			decoder->protected_->state = FLAC__STREAM_DECODER_SEARCH_FOR_FRAME_SYNC;
-			return true;
+			/* We have received a potentially malicious bit stream. All we can do is error out to avoid a heap overflow. */
+			return false;
 		}
 	}
author	Erik de Castro Lopo <erikd@mega-nerd.com>	2014-11-27 11:55:11 +1100
committer	Erik de Castro Lopo <erikd@mega-nerd.com>	2014-11-27 13:40:37 +1100
commit	5a365996d739bdf4711af51d9c2c71c8a5e14660 (patch)
tree	ac3b63dd49f4add337e16e9e5536512d74805cf2
parent	71b5c028708349e1d698498c54b842a5741dae0f (diff)
download	flac-5a365996d739bdf4711af51d9c2c71c8a5e14660.tar.gz