ref: 43177ac5f60e96d7036ae0c4121cc51bf490d35f
parent: f24d425971c655276808cad248dc1c2c704e525e
author: Eric Wong <normalperson@yhbt.net>
date: Wed May 30 02:04:15 EDT 2012
flac: dynamically (re)size encoder buffer This avoids buffer overflows in an obvious way. In the common case, the malloc overhead is only incurred once as callers rarely (never?) resize buffers within a flow. ref: Buffer overrun during FLAC encoding - ID: 3474924 http://sourceforge.net/tracker/?func=detail&aid=3474924&group_id=10706&atid=110706
--- a/ChangeLog
+++ b/ChangeLog
@@ -23,6 +23,8 @@
o Fix Ogg Vorbis files with certain numbers of channels being
truncated. (Ulrich Klauer)
o Fix reading 64-bit float WAVs. [3481510] (nu774 and Ulrich Klauer)
+ o Fix potential buffer overrun when writing FLAC files directly via
+ sox_write(). [3474924] (Eric Wong)
Audio device drivers:
--- a/src/flac.c
+++ b/src/flac.c
@@ -359,7 +359,6 @@
lsx_fail_errno(ft, SOX_ENOMEM, "FLAC ERROR creating the encoder instance");
return SOX_EOF;
}
- p->decoded_samples = lsx_malloc(sox_globals.bufsiz * sizeof(FLAC__int32));
p->bits_per_sample = ft->encoding.bits_per_sample;
ft->signal.precision = ft->encoding.bits_per_sample;
@@ -479,6 +478,13 @@
{priv_t * p = (priv_t *)ft->priv;
unsigned i;
+
+ /* allocate or grow buffer */
+ if (p->number_of_samples < len) {+ p->number_of_samples = len;
+ free(p->decoded_samples);
+ p->decoded_samples = lsx_malloc(p->number_of_samples * sizeof(FLAC__int32));
+ }
for (i = 0; i < len; ++i) {SOX_SAMPLE_LOCALS;