In libFLAC 1.2.1 , if the stream decoder callback does not fill completely the supplied buffer, then a sync error is quickly reported by flac. If compiled with --enable-debug, I get an "../../../src/libFLAC/bitreader.c:1074: failed assertion `cbits < 32'"
Bug can be reproduced easily by patch test_libFLAC:
static FLAC__StreamDecoderReadStatus stream_decoder_read_callback_(const FLAC__StreamDecoder *decoder, FLAC__byte buffer[], size_t *bytes, void *client_data)
{
StreamDecoderClientData *dcd = (StreamDecoderClientData*)client_data;
- const size_t requested_bytes = *bytes;
+ size_t requested_bytes = *bytes;
+
+ if (requested_bytes > 3 && (rand() % 3)==0)
+ requested_bytes = requested_bytes/3;
(void)decoder;
I am transitionning from flac 1.1.2, so the only thing I am sure is that it used to work in 1.1.2
Platform is Darwin, configure option are:
../configure --with-pic --disable-ogg --disable-asm-optimizations --enable-debug
--
Julien ( hules@free.fr )
Logged In: YES
user_id=2123080
Originator: NO
I'm not an expert on flac by any means but looking logically at what FLAC__bitreader_read_rice_signed_block() is trying to do when dealing with trailing bytes shouldn't the code read something like ...
>>> cbits = end;
FLAC__ASSERT(cbits < FLAC__BITS_PER_WORD);
/* didn't find stop bit yet, have to keep going... */
}
... when this state occurs should cbits either be set to 'end' or 0 rather than 'cbits += end'.
I have to confess I've got little idea about what on earth this function is doing though.
Logged In: YES
user_id=2123080
Originator: NO
I should have said in my previous comment that I've tried both 0 and 'end' (in the non-_MSC_VER version). Both values make the assertion disappear and the music still sounds the same for both. Mmmm.
Logged In: YES
user_id=2123080
Originator: NO
I should have said in my previous comment that I've tried both 0 and 'end' (in the non-_MSC_VER version). Both values make the assertion disappear and the music still sounds the same for both. Mmmm.
Is this still a problem?
At least FLAC__bitreader_read_rice_signed_block() was heavily modified in the commit http://git.xiph.org/?p=flac.git;a=commitdiff;h=8d9e5c6e8e532207b839231a3dc6592272685d5a
P.S. see also https://sourceforge.net/p/flac/bugs/362/
Last edit: lvqcl 2015-03-01
Inspired by this ticket, I tried running flac compiled with assertions on under the american-fuzzy-lop fuzzer. Immediately found some assertions being triggered.
A whole bunch of bugs were found and fixed during fuzzing. Assuming this one has also been fixed.