From 23dce21647b6b7f3f9ddcb9ad267decf2c7388f0 Mon Sep 17 00:00:00 2001 From: Max Kellermann Date: Thu, 21 Aug 2014 12:37:20 +0200 Subject: [PATCH] decoer/dsf: fix endless loop on malformed file When the data chunk size is not a multiple of the frame size, the last partial frame lead to an endless loop. We fix this by checking chunk_sze>=frame instead of chunk_sze>0. This way, the partial frame is simply skipped. --- NEWS | 1 + src/decoder/DsfDecoderPlugin.cxx | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/NEWS b/NEWS index e28d2f121..208462999 100644 --- a/NEWS +++ b/NEWS @@ -1,5 +1,6 @@ ver 0.18.13 (not yet released) * decoder + - dsf: fix endless loop on malformed file - ffmpeg: support ffmpeg/libav version 11 ver 0.18.12 (2014/07/30) diff --git a/src/decoder/DsfDecoderPlugin.cxx b/src/decoder/DsfDecoderPlugin.cxx index ad5483c32..9fbfe9cda 100644 --- a/src/decoder/DsfDecoderPlugin.cxx +++ b/src/decoder/DsfDecoderPlugin.cxx @@ -238,7 +238,7 @@ dsf_decode_chunk(Decoder &decoder, InputStream &is, const unsigned buffer_samples = buffer_frames * frame_size; const size_t buffer_size = buffer_samples * sample_size; - while (chunk_size > 0) { + while (chunk_size >= frame_size) { /* see how much aligned data from the remaining chunk fits into the local buffer */ size_t now_size = buffer_size;