On Tue, Dec 09, 2014 at 11:33:39AM -0800, Erik de Castro Lopo wrote: > Janne Hyvärinen wrote: > > I think it would be better to let the decoder > > continue its work when possible and perform input validation where it's > > relevant. > > I also completely agree with this. > > I will take a look at these CVE fixes over the next couple of days. > Feel free to ping me if you don't hear anythng by early next week.
I think the CVE fixes are good, even if there were no security implications. A function that reads residuals can't return success if it didn't read any residuals. If it breaks seeking, it means there is a bug somewhere else. A reproducer would be useful. -- Miroslav Lichvar _______________________________________________ flac-dev mailing list flac-dev@xiph.org http://lists.xiph.org/mailman/listinfo/flac-dev