Menu

#316 assertion failed in bitreader.c

1.3.0
closed-fixed
Erik
libFLAC (59)
5
2015-10-04
2007-12-02
Anonymous
No

In libFLAC 1.2.1 , if the stream decoder callback does not fill completely the supplied buffer, then a sync error is quickly reported by flac. If compiled with --enable-debug, I get an "../../../src/libFLAC/bitreader.c:1074: failed assertion `cbits < 32'"

Bug can be reproduced easily by patch test_libFLAC:

static FLAC__StreamDecoderReadStatus stream_decoder_read_callback_(const FLAC__StreamDecoder *decoder, FLAC__byte buffer[], size_t *bytes, void *client_data)
{
StreamDecoderClientData *dcd = (StreamDecoderClientData*)client_data;
- const size_t requested_bytes = *bytes;
+ size_t requested_bytes = *bytes;
+
+ if (requested_bytes > 3 && (rand() % 3)==0)
+ requested_bytes = requested_bytes/3;

(void)decoder;

I am transitionning from flac 1.1.2, so the only thing I am sure is that it used to work in 1.1.2

Platform is Darwin, configure option are:
../configure --with-pic --disable-ogg --disable-asm-optimizations --enable-debug

--
Julien ( hules@free.fr )

Discussion

  • Josh Coalson

    Josh Coalson - 2007-12-02
    • assigned_to: nobody --> jcoalson
     

  • Richard Nixon

    Richard Nixon - 2008-06-19

    Logged In: YES
    user_id=2123080
    Originator: NO

    I'm not an expert on flac by any means but looking logically at what FLAC__bitreader_read_rice_signed_block() is trying to do when dealing with trailing bytes shouldn't the code read something like ...

                else \{
                uval += end - cbits;

    >>> cbits = end;
    FLAC__ASSERT(cbits < FLAC__BITS_PER_WORD);
    /* didn't find stop bit yet, have to keep going... */
    }

    ... when this state occurs should cbits either be set to 'end' or 0 rather than 'cbits += end'.

    I have to confess I've got little idea about what on earth this function is doing though.

     

  • Richard Nixon

    Richard Nixon - 2008-06-19

    Logged In: YES
    user_id=2123080
    Originator: NO

    I should have said in my previous comment that I've tried both 0 and 'end' (in the non-_MSC_VER version). Both values make the assertion disappear and the music still sounds the same for both. Mmmm.

     

  • Richard Nixon

    Richard Nixon - 2008-06-19

    Logged In: YES
    user_id=2123080
    Originator: NO

    I should have said in my previous comment that I've tried both 0 and 'end' (in the non-_MSC_VER version). Both values make the assertion disappear and the music still sounds the same for both. Mmmm.

     

  • Erik

    Erik - 2014-03-21
    • status: open --> open-works-for-me
    • assigned_to: Josh Coalson --> Erik
    • Group: --> 1.3.0
     

  • Erik

    Erik - 2014-03-21

    Is this still a problem?

     

  • Erik

    Erik - 2015-03-12

    Inspired by this ticket, I tried running flac compiled with assertions on under the american-fuzzy-lop fuzzer. Immediately found some assertions being triggered.

     

  • Erik

    Erik - 2015-10-04

    A whole bunch of bugs were found and fixed during fuzzing. Assuming this one has also been fixed.

     

  • Erik

    Erik - 2015-10-04
    • status: open-works-for-me --> closed-fixed
     

Log in to post a comment.