diff options
author | Erik de Castro Lopo <erikd@mega-nerd.com> | 2014-12-17 19:02:26 +1100 |
---|---|---|
committer | Jessica Wagantall <jwagantall@cyngn.com> | 2016-09-12 15:07:26 -0700 |
commit | ade03b9dcb71d7d8dd29e1f4d02a415cee8fa074 (patch) | |
tree | 0fca9dda1b27f50b1f8c97616b2edde71841c0fe | |
parent | 3b2bf998826bf754e27d0e78b6511763aca2addb (diff) | |
download | android_external_flac-stable/cm-12.1-YOG4P.tar.gz android_external_flac-stable/cm-12.1-YOG4P.tar.bz2 android_external_flac-stable/cm-12.1-YOG4P.zip |
src/libFLAC/stream_decoder.c : Fix NULL de-reference.stable/cm-12.1-YOG4P
NULL de-reference can really only happen on a malformed file.
Found using afl (http://lcamtuf.coredump.cx/afl/).
CYNGNOS-3235
Bug: 27211885
Change-Id: Iad7ced634d417df475050c8f379e0e95ec36b115
(cherry picked from commit 83a817d2002b2b439ed85c002b18666b4dcb6cfd)
-rw-r--r-- | libFLAC/stream_decoder.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/libFLAC/stream_decoder.c b/libFLAC/stream_decoder.c index d3ff9ee..9e27667 100644 --- a/libFLAC/stream_decoder.c +++ b/libFLAC/stream_decoder.c @@ -1755,8 +1755,10 @@ FLAC__bool read_metadata_vorbiscomment_(FLAC__StreamDecoder *decoder, FLAC__Stre } else length -= 4; - if (!FLAC__bitreader_read_uint32_little_endian(decoder->private_->input, &obj->comments[i].length)) + if (!FLAC__bitreader_read_uint32_little_endian(decoder->private_->input, &obj->comments[i].length)) { + obj->num_comments = i; return false; /* read_callback_ sets the state for us */ + } if (obj->comments[i].length > 0) { if (length < obj->comments[i].length) { obj->num_comments = i; |