Bugs item #3474924, was opened at 2012-01-17 04:56 Message generated for change (Comment added) made by uklauer You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=110706&aid=3474924&group_id=10706
Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: None Group: None >Status: Closed >Resolution: Fixed Priority: 5 Private: No Submitted By: https://login.launchpad.net/+id () Assigned to: Nobody/Anonymous (nobody) Summary: Buffer overrun during FLAC encoding Initial Comment: I experience this issue with a simple sox_read/sox_write loop with libsox. "write_samples" in flac.c doesn't check if "len" is greater than the size of the allocated buffer "decoded_samples." If so, a buffer overrun can occur. "decoded_samples" is set to sox_globals.bufsiz, so any call to sox_write with a length of more than sox_globals.bufsize will overrun the buffer. I've attached a not-very-well tested potential patch that clamps the input length to the size of the buffer. ---------------------------------------------------------------------- >Comment By: Ulrich Klauer (uklauer) Date: 2013-01-04 15:43 Message: Included Eric’s fix. ---------------------------------------------------------------------- Comment By: eric_wong (eric_wong) Date: 2012-05-29 23:19 Message: I think it's slightly better to grow/allocate the buffer on demand (since the buffer is rarely resized). It's easier for a SoX newbie like myself to understand, at least. Here's a patch for git-am: http://bogomips.org/sox.git/patch/?id=2f70ed3966fb6762b1e958ebe9a21ecfef50c4c7 Also available via git pull: git pull git://bogomips.org/sox.git flac-encoder-overrun-3474924 ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=110706&aid=3474924&group_id=10706 ------------------------------------------------------------------------------ Master HTML5, CSS3, ASP.NET, MVC, AJAX, Knockout.js, Web API and much more. Get web development skills now with LearnDevNow - 350+ hours of step-by-step video tutorials by Microsoft MVPs and experts. SALE $99.99 this month only -- learn more at: http://p.sf.net/sfu/learnmore_122812 _______________________________________________ SoX-devel mailing list SoX-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/sox-devel
