diff options
author | Martin Panter <vadmium à gmail·com> | 2012-04-23 12:34:48 +0000 |
---|---|---|
committer | waker <wakeroid@gmail.com> | 2012-05-03 21:11:09 +0200 |
commit | 58e74616a1fd2a66b9ffcd053174e049d5019b77 (patch) | |
tree | e44690e35befbfa6a07e3a3d985ceca262dfb010 /plugins/aac | |
parent | 0b2aa0745cd2187035de1ff28577c5286f9c2d28 (diff) |
Check for reading past end before calling mp4ff_read_sample()
Previously errors like the following would occasionally be reported at the end
of an AAC file:
mp4ff_read_sample: malloc failure (tried to alloc -2147483648 bytes). possible mp4ff bug or memleak! please report a bug to deadbeef developers (i'm serious).
This was because the value of “sample” passed to mp4ff_audio_frame_size()
caused that function to read just off the end of an array.
Bug reported at https://sourceforge.net/support/tracker.php?aid=3321066
Fix inspired by https://bugs.launchpad.net/bugs/40043 “Crash (SIGSEGV) in
memcpy using libfaad2”
Diffstat (limited to 'plugins/aac')
-rw-r--r-- | plugins/aac/aac.c | 11 |
1 files changed, 5 insertions, 6 deletions
diff --git a/plugins/aac/aac.c b/plugins/aac/aac.c index b3417879..2f2755f0 100644 --- a/plugins/aac/aac.c +++ b/plugins/aac/aac.c @@ -878,11 +878,16 @@ aac_read (DB_fileinfo_t *_info, char *bytes, int size) { char *samples = NULL; if (info->mp4file) { + if (info->mp4sample >= info->mp4samples) { + break; + } + unsigned char *buffer = NULL; int buffer_size = 0; #ifdef USE_MP4FF int rc = mp4ff_read_sample (info->mp4file, info->mp4track, info->mp4sample, &buffer, &buffer_size); if (rc == 0) { + trace ("mp4ff_read_sample failed\n"); info->eof = 1; break; } @@ -902,12 +907,6 @@ aac_read (DB_fileinfo_t *_info, char *bytes, int size) { u_int64_t myDuration = MP4ConvertFromTrackDuration (info->mp4file, info->mp4track, sampleDuration, MP4_MSECS_TIME_SCALE); #endif - if (info->mp4sample >= info->mp4samples) { - if (buffer) { - free (buffer); - } - break; - } info->mp4sample++; samples = NeAACDecDecode(info->dec, &info->frame_info, buffer, buffer_size); |