From 23dce21647b6b7f3f9ddcb9ad267decf2c7388f0 Mon Sep 17 00:00:00 2001 From: Max Kellermann Date: Thu, 21 Aug 2014 12:37:20 +0200 Subject: [PATCH 1/2] decoer/dsf: fix endless loop on malformed file When the data chunk size is not a multiple of the frame size, the last partial frame lead to an endless loop. We fix this by checking chunk_sze>=frame instead of chunk_sze>0. This way, the partial frame is simply skipped. --- NEWS | 1 + src/decoder/DsfDecoderPlugin.cxx | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/NEWS b/NEWS index e28d2f121..208462999 100644 --- a/NEWS +++ b/NEWS @@ -1,5 +1,6 @@ ver 0.18.13 (not yet released) * decoder + - dsf: fix endless loop on malformed file - ffmpeg: support ffmpeg/libav version 11 ver 0.18.12 (2014/07/30) diff --git a/src/decoder/DsfDecoderPlugin.cxx b/src/decoder/DsfDecoderPlugin.cxx index ad5483c32..9fbfe9cda 100644 --- a/src/decoder/DsfDecoderPlugin.cxx +++ b/src/decoder/DsfDecoderPlugin.cxx @@ -238,7 +238,7 @@ dsf_decode_chunk(Decoder &decoder, InputStream &is, const unsigned buffer_samples = buffer_frames * frame_size; const size_t buffer_size = buffer_samples * sample_size; - while (chunk_size > 0) { + while (chunk_size >= frame_size) { /* see how much aligned data from the remaining chunk fits into the local buffer */ size_t now_size = buffer_size; From 78abcd7df7ad967c44c884773cc7d39cf3c811a9 Mon Sep 17 00:00:00 2001 From: Max Kellermann Date: Thu, 21 Aug 2014 12:48:03 +0200 Subject: [PATCH 2/2] decoer/dsdiff: fix endless loop on malformed file Same bug as in the previous commit. --- NEWS | 2 +- src/decoder/DsdiffDecoderPlugin.cxx | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/NEWS b/NEWS index 208462999..ee9240410 100644 --- a/NEWS +++ b/NEWS @@ -1,6 +1,6 @@ ver 0.18.13 (not yet released) * decoder - - dsf: fix endless loop on malformed file + - dsdiff, dsf: fix endless loop on malformed file - ffmpeg: support ffmpeg/libav version 11 ver 0.18.12 (2014/07/30) diff --git a/src/decoder/DsdiffDecoderPlugin.cxx b/src/decoder/DsdiffDecoderPlugin.cxx index 60b2e7624..767395215 100644 --- a/src/decoder/DsdiffDecoderPlugin.cxx +++ b/src/decoder/DsdiffDecoderPlugin.cxx @@ -377,7 +377,7 @@ dsdiff_decode_chunk(Decoder &decoder, InputStream &is, const unsigned buffer_samples = buffer_frames * frame_size; const size_t buffer_size = buffer_samples * sample_size; - while (chunk_size > 0) { + while (chunk_size >= frame_size) { /* see how much aligned data from the remaining chunk fits into the local buffer */ size_t now_size = buffer_size;