summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorErik de Castro Lopo <erikd@mega-nerd.com>2014-12-17 19:02:26 +1100
committerJessica Wagantall <jwagantall@cyngn.com>2016-09-08 14:15:27 -0700
commit0c661332ddf5909891e7bc197f3ba749265b7ac4 (patch)
tree175f591b37fa736add00fb3484d314428755aece
parent7c5a1c2e794a3582038d5733e2e2b766d825f92e (diff)
downloadandroid_external_flac-stable/cm-13.0-ZNH2KB.tar.gz
android_external_flac-stable/cm-13.0-ZNH2KB.tar.bz2
android_external_flac-stable/cm-13.0-ZNH2KB.zip
src/libFLAC/stream_decoder.c : Fix NULL de-reference.stable/cm-13.0-ZNH2KB
NULL de-reference can really only happen on a malformed file. Found using afl (http://lcamtuf.coredump.cx/afl/). CYNGNOS-3235 Bug: 27211885 Change-Id: Iad7ced634d417df475050c8f379e0e95ec36b115 (cherry picked from commit 83a817d2002b2b439ed85c002b18666b4dcb6cfd) (cherry picked from commit 34c30dca716361fcf20d21b3acf8b65e14d58909)
Diffstat
-rw-r--r--libFLAC/stream_decoder.c4
1 files changed, 3 insertions, 1 deletions
diff --git a/libFLAC/stream_decoder.c b/libFLAC/stream_decoder.c
index d3ff9ee..9e27667 100644
--- a/libFLAC/stream_decoder.c
+++ b/libFLAC/stream_decoder.c
@@ -1755,8 +1755,10 @@ FLAC__bool read_metadata_vorbiscomment_(FLAC__StreamDecoder *decoder, FLAC__Stre
}
else
length -= 4;
- if (!FLAC__bitreader_read_uint32_little_endian(decoder->private_->input, &obj->comments[i].length))
+ if (!FLAC__bitreader_read_uint32_little_endian(decoder->private_->input, &obj->comments[i].length)) {
+ obj->num_comments = i;
return false; /* read_callback_ sets the state for us */
+ }
if (obj->comments[i].length > 0) {
if (length < obj->comments[i].length) {
obj->num_comments = i;
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-24 22:57:45 +0000