Hi all, fortunately, this is all in the frontend code in frontend/get_audio.c:parse_wave_header() and not in the library. The bits_per_sample value is read from the corrupted file and is 0 in the case at hand. It is then used without further sanity checking in the following call
lame_set_num_samples(gfp, data_length / (channels * ((bits_per_sample + 7) / 8))); in which "bits_per_sample + 7" is 7, divided by 8 is 0, times "channels" remains 0. Unfortunately, this is the denominator of the division. Maybe we should "return -1" early if (bits_per_sample < 1). - Fabian _______________________________________________ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
