#192 Buffer overrun during FLAC encoding

closed-fixed
nobody
None
5
2013-01-04
2012-01-17
Anonymous
No

I experience this issue with a simple sox_read/sox_write loop with libsox.

"write_samples" in flac.c doesn't check if "len" is greater than the size of the allocated buffer "decoded_samples." If so, a buffer overrun can occur. "decoded_samples" is set to sox_globals.bufsiz, so any call to sox_write with a length of more than sox_globals.bufsize will overrun the buffer.

I've attached a not-very-well tested potential patch that clamps the input length to the size of the buffer.

Discussion

  • eric_wong
    eric_wong
    2012-05-30

    I think it's slightly better to grow/allocate the buffer on demand (since the buffer is rarely resized).
    It's easier for a SoX newbie like myself to understand, at least.

    Here's a patch for git-am:
    http://bogomips.org/sox.git/patch/?id=2f70ed3966fb6762b1e958ebe9a21ecfef50c4c7

    Also available via git pull:
    git pull git://bogomips.org/sox.git flac-encoder-overrun-3474924

     
  • Ulrich Klauer
    Ulrich Klauer
    2013-01-04

    • status: open --> closed-fixed
     
  • Ulrich Klauer
    Ulrich Klauer
    2013-01-04

    Included Eric’s fix.