From d4a72210467a526bab82fa0959ee8b2180acaebf Mon Sep 17 00:00:00 2001
From: Martijn van Beurden <mvanb1@gmail.com>
Date: Wed, 22 Dec 2021 15:37:02 +0100
Subject: Mark fixed subframes with bps > 24 as unparsable

Like 1fd178e, decoding fixed subframes with bps > 24 results in
integer overflow

Signed-off-by: Ralph Giles <giles@thaumas.net>
---
 src/libFLAC/stream_decoder.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/libFLAC/stream_decoder.c b/src/libFLAC/stream_decoder.c
index db430b85..143229bb 100644
--- a/src/libFLAC/stream_decoder.c
+++ b/src/libFLAC/stream_decoder.c
@@ -2528,6 +2528,12 @@ FLAC__bool read_subframe_(FLAC__StreamDecoder *decoder, uint32_t channel, uint32
 		return true;
 	}
 	else if(x <= 24) {
+		if(decoder->private_->frame.header.bits_per_sample > 24){
+			/* Decoder isn't equipped for fixed subframes with more than 24 bps */
+			send_error_to_client_(decoder, FLAC__STREAM_DECODER_ERROR_STATUS_UNPARSEABLE_STREAM);
+			decoder->protected_->state = FLAC__STREAM_DECODER_SEARCH_FOR_FRAME_SYNC;
+			return true;
+		}
 		if(!read_subframe_fixed_(decoder, channel, bps, (x>>1)&7, do_full_decode))
 			return false;
 		if(decoder->protected_->state == FLAC__STREAM_DECODER_SEARCH_FOR_FRAME_SYNC) /* means bad sync or got corruption */
-- 
cgit v1.2.1