On Sat, Dec 13, 2008 at 04:30:52PM +0100, Kurt Roeckx wrote: > tags 508133 + patch security > thanks > > On Tue, Dec 09, 2008 at 06:59:08AM +0100, Max Kellermann wrote: > > > > It's a raw PCM file (16 bit stereo, 44.1 or 48 kHz). The crash is > > reproducible by invoking "audacity libmad-crash-test". > > I've attached a diff that fixes it for me. But I'm not really > happy with it. > > I'm abusing the MAD_ERROR_LOSTSYNC which make it an existing > recoverable error. I should probably create new errors instead. > > I'm also not sure that the changes I've made in layer12.c also > don't affect layer3.c. I just didn't see such problems in layer3.c > with your test file. >
An other comment is that the checks in layer12.c might not be completly correct and that it only gives an error 1 byte after frame has ended. But I think it shouldn't be a problem because of the MAD_BUFFER_GUARD. Kurt -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
