[mpg123-users] mpg123 1.31.3 released (with security fix)
Brought to you by:
sobukus
Menu
▾
▴
[mpg123-users] mpg123 1.31.3 released (with security fix)
|
From: Thomas O. <tho...@or...> - 2023-03-19 21:50:29
|
Dear folks, there is a new bugfix release of mpg123 out: 1.31.3 ------ - build: -- Fix --disable-8bit. -- Fall back to generic decoder if no yasm for MSVC (bug 346). -- Fix some pedantic compiler warnings, avoid breaking libtool wrappers. - mpg123: -- Fix verbose position printout for new resampling outside libmpg123 (where output rate differs from decoding rate). - libsyn123: -- Fix reconfiguration of resampler to avoid double free when reducing decimator stages to zero (bug 350). Thanks to Youngseok Choi for reporting this fuzzed issue. The last one is triggered in mpg123 you enable resampling to a low sampling rate and have input that switches around input sampling rate on the fly, reducing the number of necessary decimator stages to zero. There is the same memory location freed two times in quick succession (without explicit allocations in between) and the decoding ends due to the failure to adapt the resampler. The corrected version adapts the resampler state to properly switch between down- and upsampling, even. Libmpg123 itself is not affected at all, just direct libsyn123 usage or the mpg123 binary. Alrighty then, Thomas |
