diff options
author | Martijn van Beurden <mvanb1@gmail.com> | 2022-05-20 14:55:43 +0200 |
---|---|---|
committer | Martijn van Beurden <mvanb1@gmail.com> | 2022-05-20 19:38:56 +0200 |
commit | 69cf76c58e797d093cea73b1f8ad1ff55ec2786d (patch) | |
tree | 309dbafa7baf8abf79712e598071d95eaa355539 /src/libFLAC | |
parent | 43b6b64cad5e38de2101296f4154b69f693664ae (diff) | |
download | flac-69cf76c58e797d093cea73b1f8ad1ff55ec2786d.tar.gz |
Fix use of undefined value
The mechanism to improve metadata reading added in 0077d3b overrides
a FLAC__STREAM_DECODER_ABORTED with
FLAC__STREAM_DECODER_SEARCH_FOR_FRAME_SYNC causing the decoder to
overread a buffer into an uninitialized part. A check is added that
ensures searching for frame sync is only set when the decoder is
still in a valid state
Credit: Oss-Fuzz
Issue: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47525
Diffstat (limited to 'src/libFLAC')
-rw-r--r-- | src/libFLAC/stream_decoder.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/src/libFLAC/stream_decoder.c b/src/libFLAC/stream_decoder.c index afc3923a..f085e3be 100644 --- a/src/libFLAC/stream_decoder.c +++ b/src/libFLAC/stream_decoder.c @@ -1525,7 +1525,8 @@ FLAC__bool read_metadata_(FLAC__StreamDecoder *decoder) * We cannot know whether the length or the content was * corrupt, so stop parsing metadata */ send_error_to_client_(decoder, FLAC__STREAM_DECODER_ERROR_STATUS_BAD_METADATA); - decoder->protected_->state = FLAC__STREAM_DECODER_SEARCH_FOR_FRAME_SYNC; + if(decoder->protected_->state == FLAC__STREAM_DECODER_READ_METADATA) + decoder->protected_->state = FLAC__STREAM_DECODER_SEARCH_FOR_FRAME_SYNC; ok = false; } FLAC__bitreader_remove_limit(decoder->private_->input); |