Hi Rogerio,
would you apply the attached patch, courtesy of Maks Naumov, to LAME
upstream?
Thanks!
Cheers,
Fabian
Am Donnerstag, den 22.01.2015, 00:05 +0100 schrieb Jakub Wilk:
Package: lame
> Version: 3.99.5+repack1-5
> Usertags: afl
>
> lame crashes while trying compress the attached WAV file, which
> apparently has bogus sample rate:
>
> $ lame crash.wav
> LAME 3.99.5 32bits (http://lame.sf.net)
> CPU features: MMX (ASM used), 3DNow! (ASM used), SSE (ASM used), SSE2
> Resampling: input -2.14748e+06 kHz output 8 kHz
> Using polyphase lowpass filter, transition band: 3000 Hz - 3097 Hz
> Encoding crash.wav to crash.mp3
> Encoding as 8 kHz single-ch MPEG-2.5 Layer III (16x) 8 kbps qval=3
> Frame | CPU time/estim | REAL time/estim | play/CPU |
ETA
> 0/ ( 0%)| 0:00/ : | 0:00/ : | x|
> :
>
00:00------------------------------------------------------------------
> kbps % %
> 0.0 Segmentation fault
>
>
> This bug was found using American fuzzy lop:
> https://packages.debian.org/experimental/afl
>
> Disclaimer: I don't have spare CPU cycles, so I fuzzed only till the
> first crash (which took a few seconds). It's likely that extensive
> fuzzing would uncover more interesting crashers. I'd encourage LAME
> maintainers to perform fuzzing with AFL on their own. :-)
>
>
> -- System Information:
> Debian Release: 8.0
> APT prefers unstable
> APT policy: (990, 'unstable'), (500, 'experimental')
> Architecture: i386 (x86_64)
> Foreign Architectures: amd64
>
> Kernel: Linux 3.2.0-4-amd64 (SMP w/2 CPU cores)
> Locale: LANG=C, LC_CTYPE=pl_PL.UTF-8 (charmap=UTF-8)
> Shell: /bin/sh linked to /bin/dash
> Init: sysvinit (via /sbin/init)
>
> Versions of packages lame depends on:
> ii libc6 2.19-13
> ii libmp3lame0 3.99.5+repack1-5
> ii libncurses5 5.9+20140913-1+b1
> ii libtinfo5 5.9+20140913-1+b1
>
> _______________________________________________
> pkg-multimedia-maintainers mailing list
> pkg-multimedia-maintainers@lists.alioth.debian.org
>
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
>
-------- Weitergeleitete Nachricht --------
Von: Maks Naumov <maksq...@ukr.net>
Reply-to: Maks Naumov <maksq...@ukr.net>, 775...@bugs.debian.org
An: 775...@bugs.debian.org
Betreff: Bug#775959: Patch for this issue
Datum: Thu, 22 Jan 2015 16:22:50 +0200
Need to check for input sample rate.
From 1ea4eac3e7d57dbad42fb067a32ac1600a0397a0 Mon Sep 17 00:00:00 2001
From: Maks Naumov <maksqwe1@ukr.net>
Date: Thu, 22 Jan 2015 16:20:40 +0200
Subject: [PATCH] Add check for invalid input sample rate
Signed-off-by: Maks Naumov <maksqwe1@ukr.net>
---
libmp3lame/lame.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/libmp3lame/lame.c b/libmp3lame/lame.c
index 5989160..51d689c 100644
--- a/libmp3lame/lame.c
+++ b/libmp3lame/lame.c
@@ -822,6 +822,12 @@ lame_init_params(lame_global_flags * gfp)
}
#endif
+ if (gfp->samplerate_in < 0) {
+ freegfc(gfc);
+ gfp->internal_flags = NULL;
+ return -1;
+ }
+
cfg->disable_reservoir = gfp->disable_reservoir;
cfg->lowpassfreq = gfp->lowpassfreq;
cfg->highpassfreq = gfp->highpassfreq;
--
1.9.4.msysgit.1
_______________________________________________
pkg-multimedia-maintainers mailing list
pkg-multimedia-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
