Displaying 3 results from an estimated 3 matches for "read_subframe_".
Did you mean:
read_subframe
2014 Dec 11
2
Two new CVEs against FLAC
On Thu, Dec 11, 2014 at 11:12:25AM +0100, Martijn van Beurden wrote:
> Op 11-12-14 om 10:53 schreef Martijn van Beurden:
> > Op 11-12-14 om 10:05 schreef Miroslav Lichvar:
> >> but I'd rather see the real seeking bug fixed instead
> >
> > I think I might have a fix [...]
So the problem is that FLAC__stream_decoder_process_single returns
error before it finds a
2014 Dec 11
0
Two new CVEs against FLAC
...o the problem is that FLAC__stream_decoder_process_single returns
> error before it finds a valid frame?
>
I'm not sure whether we mean the same thing, but I think the problem is
that seek_to_absolute_sample_ calls FLAC__stream_decoder_process_single,
which calls read_frame_, which calls read_subframe_, which calls either
read_subframe_fixed_ or read_subframe_lpc_, which call
read_residual_partitioned_rice_. The return false set there is propagated
all the way down.
So, because the decoding of the frame is aborted upon finding a situation
in which a heap overflow might be in order (but which wil...
2004 Sep 30
1
[don@donarmstrong.com: Bug#274301: libflac4 segfaults on corrupt flac files]
...dual_partitioned_rice_ (decoder=0x805ba58, predictor_order=3, partition_order=14, partitioned_rice_contents=0x805f478,
residual=0x807dd80) at stream_decoder.c:1975
rice_parameter = 9
i = 2
partition = 0
sample = 0
u = 4294967293
partitions = 16384
partition_samples = 0
#2 0x4021f01f in read_subframe_fixed_ (decoder=0x805ba58, channel=1, bps=16, order=3) at stream_decoder.c:1832
subframe = (FLAC__Subframe_Fixed *) 0x805f988
i32 = -31667
u32 = 14
u = 14
#3 0x4021ecd7 in read_subframe_ (decoder=0x805ba58, channel=1, bps=1) at stream_decoder.c:1751
x = 22
wasted_bits = 0
#4 0x4021e190 in re...