Gitiles
Code Review Sign In
gerrit-public.fairphone.software / fp2-dev / platform / external / flac / 1d948ef7391c9e484658ba024d74433f4df37b3b
commit1d948ef7391c9e484658ba024d74433f4df37b3b[log] [tgz]
authorErik de Castro Lopo <erikd@mega-nerd.com>Wed Nov 19 19:35:59 2014 -0800
committerRobert Shih <robertshih@google.com>Wed Aug 19 17:09:34 2015 -0700
tree2aa37fbce870ebf7141e537a2652c9f7a32ff1dc
parent214b9dfabe821b7653bfe8db424942575fbd6167 [diff]
libFLAC/stream_decoder.c : Fail safely to avoid a heap overflow.

A file provided by the reporters caused the stream decoder to write to
un-allocated heap space resulting in a segfault. The solution is to
error out (by returning false from read_residual_partitioned_rice_())
instead of trying to continue to decode.

Fixes: CVE-2014-9028
Reported-by: Michele Spagnuolo,
             Google Security Team <mikispag@google.com>

Bug: 23238405
Change-Id: I5c000e3d85d884a92208efebe53aa6edaef8829e
1 file changed
tree: 2aa37fbce870ebf7141e537a2652c9f7a32ff1dc
  1. include/
  2. libFLAC/
  3. Android.mk
  4. config.h
  5. MODULE_LICENSE_BSD_LIKE
  6. NOTICE