Hi Rogerio, would you apply the attached patch, courtesy of Maks Naumov, to LAME upstream?
Thanks! Cheers, Fabian Am Donnerstag, den 22.01.2015, 00:05 +0100 schrieb Jakub Wilk: Package: lame > Version: 3.99.5+repack1-5 > Usertags: afl > > lame crashes while trying compress the attached WAV file, which > apparently has bogus sample rate: > > $ lame crash.wav > LAME 3.99.5 32bits (http://lame.sf.net) > CPU features: MMX (ASM used), 3DNow! (ASM used), SSE (ASM used), SSE2 > Resampling: input -2.14748e+06 kHz output 8 kHz > Using polyphase lowpass filter, transition band: 3000 Hz - 3097 Hz > Encoding crash.wav to crash.mp3 > Encoding as 8 kHz single-ch MPEG-2.5 Layer III (16x) 8 kbps qval=3 > Frame | CPU time/estim | REAL time/estim | play/CPU | ETA > 0/ ( 0%)| 0:00/ : | 0:00/ : | x| > : > 00:00------------------------------------------------------------------ > kbps % % > 0.0 Segmentation fault > > > This bug was found using American fuzzy lop: > https://packages.debian.org/experimental/afl > > Disclaimer: I don't have spare CPU cycles, so I fuzzed only till the > first crash (which took a few seconds). It's likely that extensive > fuzzing would uncover more interesting crashers. I'd encourage LAME > maintainers to perform fuzzing with AFL on their own. :-) > > > -- System Information: > Debian Release: 8.0 > APT prefers unstable > APT policy: (990, 'unstable'), (500, 'experimental') > Architecture: i386 (x86_64) > Foreign Architectures: amd64 > > Kernel: Linux 3.2.0-4-amd64 (SMP w/2 CPU cores) > Locale: LANG=C, LC_CTYPE=pl_PL.UTF-8 (charmap=UTF-8) > Shell: /bin/sh linked to /bin/dash > Init: sysvinit (via /sbin/init) > > Versions of packages lame depends on: > ii libc6 2.19-13 > ii libmp3lame0 3.99.5+repack1-5 > ii libncurses5 5.9+20140913-1+b1 > ii libtinfo5 5.9+20140913-1+b1 > > _______________________________________________ > pkg-multimedia-maintainers mailing list > [email protected] > http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers > -------- Weitergeleitete Nachricht -------- Von: Maks Naumov <[email protected]> Reply-to: Maks Naumov <[email protected]>, [email protected] An: [email protected] Betreff: Bug#775959: Patch for this issue Datum: Thu, 22 Jan 2015 16:22:50 +0200 Need to check for input sample rate.
From 1ea4eac3e7d57dbad42fb067a32ac1600a0397a0 Mon Sep 17 00:00:00 2001 From: Maks Naumov <[email protected]> Date: Thu, 22 Jan 2015 16:20:40 +0200 Subject: [PATCH] Add check for invalid input sample rate Signed-off-by: Maks Naumov <[email protected]> --- libmp3lame/lame.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/libmp3lame/lame.c b/libmp3lame/lame.c index 5989160..51d689c 100644 --- a/libmp3lame/lame.c +++ b/libmp3lame/lame.c @@ -822,6 +822,12 @@ lame_init_params(lame_global_flags * gfp) } #endif + if (gfp->samplerate_in < 0) { + freegfc(gfc); + gfp->internal_flags = NULL; + return -1; + } + cfg->disable_reservoir = gfp->disable_reservoir; cfg->lowpassfreq = gfp->lowpassfreq; cfg->highpassfreq = gfp->highpassfreq; -- 1.9.4.msysgit.1

