libFLAC: Add metadata size checks to FLAC library
authorErik de Castro Lopo <erikd@mega-nerd.com>
Sun, 1 May 2016 10:34:26 +0000 (20:34 +1000)
committerErik de Castro Lopo <erikd@mega-nerd.com>
Sun, 1 May 2016 10:36:43 +0000 (20:36 +1000)
This follows on from the previous patch.

Patch-from: lvqcl <lvqcl.mail@gmail.com>

src/libFLAC/metadata_iterators.c
src/libFLAC/stream_encoder_framing.c

index 9356416..1acb19c 100644 (file)
@@ -2536,6 +2536,9 @@ FLAC__bool write_metadata_block_header_cb_(FLAC__IOHandle handle, FLAC__IOCallba
        FLAC__byte buffer[FLAC__STREAM_METADATA_HEADER_LENGTH];
 
        FLAC__ASSERT(block->length < (1u << FLAC__STREAM_METADATA_LENGTH_LEN));
+       /* double protection */
+       if(block->length >= (1u << FLAC__STREAM_METADATA_LENGTH_LEN))
+               return false;
 
        buffer[0] = (block->is_last? 0x80 : 0) | (FLAC__byte)block->type;
        pack_uint32_(block->length, buffer + 1, 3);
index 9faadd2..84e5ae1 100644 (file)
@@ -65,6 +65,9 @@ FLAC__bool FLAC__add_metadata_block(const FLAC__StreamMetadata *metadata, FLAC__
                i += vendor_string_length;
        }
        FLAC__ASSERT(i < (1u << FLAC__STREAM_METADATA_LENGTH_LEN));
+       /* double protection */
+       if(i >= (1u << FLAC__STREAM_METADATA_LENGTH_LEN))
+               return false;
        if(!FLAC__bitwriter_write_raw_uint32(bw, i, FLAC__STREAM_METADATA_LENGTH_LEN))
                return false;