flac: fix crash on corrupt metadata (CVE-2017-15371)

author: Mans Rullgard <mans@mansr.com> 2017-11-05 15:57:48 +0000
committer: Mans Rullgard <mans@mansr.com> 2017-11-05 17:04:34 +0000
commit: 818bdd0ccc1e5b6cae742c740c17fd414935cf39 (patch)
tree: 774cebf4948788fc907c8878d26f360ee0c95f1c
parent: 600c291ab00f4afb2941cd93f69942fe395f3e8a (diff)
download: sox-818bdd0ccc1e5b6cae742c740c17fd.tar.gz
1 files changed, 5 insertions, 3 deletions
diff --git a/src/flac.c b/src/flac.c
index 0d7829ec..07f45c1b 100644
--- a/src/flac.c
+++ b/src/flac.c
@@ -119,9 +119,10 @@ static void decoder_metadata_callback(FLAC__StreamDecoder const * const flac, FL
      p->total_samples = metadata->data.stream_info.total_samples;
    }
    else if (metadata->type == FLAC__METADATA_TYPE_VORBIS_COMMENT) {
+    const FLAC__StreamMetadata_VorbisComment *vc = &metadata->data.vorbis_comment;
      size_t i;
  
-    if (metadata->data.vorbis_comment.num_comments == 0)
+    if (vc->num_comments == 0)
        return;
  
      if (ft->oob.comments != NULL) {
@@ -129,8 +130,9 @@ static void decoder_metadata_callback(FLAC__StreamDecoder const * const flac, FL
        return;
      }
  
-    for (i = 0; i < metadata->data.vorbis_comment.num_comments; ++i)
-      sox_append_comment(&ft->oob.comments, (char const *) metadata->data.vorbis_comment.comments[i].entry);
+    for (i = 0; i < vc->num_comments; ++i)
+      if (vc->comments[i].entry)
+        sox_append_comment(&ft->oob.comments, (char const *) vc->comments[i].entry);
    }
  }
author	Mans Rullgard <mans@mansr.com>	2017-11-05 15:57:48 +0000
committer	Mans Rullgard <mans@mansr.com>	2017-11-05 17:04:34 +0000
commit	818bdd0ccc1e5b6cae742c740c17fd414935cf39 (patch)
tree	774cebf4948788fc907c8878d26f360ee0c95f1c
parent	600c291ab00f4afb2941cd93f69942fe395f3e8a (diff)
download	sox-818bdd0ccc1e5b6cae742c740c17fd.tar.gz