lvqcl
2016-Apr-26 16:55 UTC
[flac-dev] [PATCH] image embedding can result in flac file corruption
Currently it's possible to corrupt FLAC file with flac and metaflac tools. If image filesize is just slightly less than 2^24 bytes then the size of PICTURE metadata block will be more that this limit. The first patch (fix1.patch) adds additional check in /share/grabbag/picture.c/read_file() and removes rather useless check from FLAC__metadata_object_picture_set_data(). It's enough to fix the command-line tools, but I think that it also makes sense to add additional checks into libFLAC library; so fix2.patch adds two checks of metadata block length. -------------- next part -------------- A non-text attachment was scrubbed... Name: fix1.patch Type: application/octet-stream Size: 1753 bytes Desc: not available URL: <http://lists.xiph.org/pipermail/flac-dev/attachments/20160426/926dc79c/attachment.obj> -------------- next part -------------- A non-text attachment was scrubbed... Name: fix2.patch Type: application/octet-stream Size: 1244 bytes Desc: not available URL: <http://lists.xiph.org/pipermail/flac-dev/attachments/20160426/926dc79c/attachment-0001.obj>
Erik de Castro Lopo
2016-May-01 11:25 UTC
[flac-dev] [PATCH] image embedding can result in flac file corruption
lvqcl wrote:> Currently it's possible to corrupt FLAC file with flac and metaflac tools. > If image filesize is just slightly less than 2^24 bytes then the size of > PICTURE metadata block will be more that this limit. > > The first patch (fix1.patch) adds additional check in /share/grabbag/picture.c/read_file() > and removes rather useless check from FLAC__metadata_object_picture_set_data(). > > It's enough to fix the command-line tools, but I think that it also makes > sense to add additional checks into libFLAC library; so fix2.patch adds > two checks of metadata block length.Applied. Thanks. Erik -- ---------------------------------------------------------------------- Erik de Castro Lopo http://www.mega-nerd.com/