diff options
author | Erik de Castro Lopo <erikd@mega-nerd.com> | 2014-11-27 11:55:11 +1100 |
---|---|---|
committer | Erik de Castro Lopo <erikd@mega-nerd.com> | 2014-11-27 13:40:37 +1100 |
commit | 5a365996d739bdf4711af51d9c2c71c8a5e14660 (patch) | |
tree | ac3b63dd49f4add337e16e9e5536512d74805cf2 /src | |
parent | 71b5c028708349e1d698498c54b842a5741dae0f (diff) | |
download | flac-5a365996d739bdf4711af51d9c2c71c8a5e14660.tar.gz |
src/libFLAC/stream_decoder.c : Fail safely to avoid a heap overflow.
This fix is closely related to the fix for CVE-2014-9028. When that
fix went public Miroslav Lichvar noticed a similar potential problem
spot in the same function and was able to craft a file to trigger a
heap write overflow.
Reported-by : Miroslav Lichvar <mlichvar@redhat.com>
Diffstat (limited to 'src')
-rw-r--r-- | src/libFLAC/stream_decoder.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/src/libFLAC/stream_decoder.c b/src/libFLAC/stream_decoder.c index 15647800..6632d312 100644 --- a/src/libFLAC/stream_decoder.c +++ b/src/libFLAC/stream_decoder.c @@ -2744,7 +2744,8 @@ FLAC__bool read_residual_partitioned_rice_(FLAC__StreamDecoder *decoder, unsigne if(partition_samples < predictor_order) { send_error_to_client_(decoder, FLAC__STREAM_DECODER_ERROR_STATUS_LOST_SYNC); decoder->protected_->state = FLAC__STREAM_DECODER_SEARCH_FOR_FRAME_SYNC; - return true; + /* We have received a potentially malicious bit stream. All we can do is error out to avoid a heap overflow. */ + return false; } } |