Fixes use of uninitialized memory
Fixes: msan_uninit-mem_7f80bf9a259e_5774_id5_1.mp4
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
It seems the code assumed that when one out of multiple blocks fail
some span of time is correct, its not, its some channels
that are correct
Fixes use of uninitialized memory
Fixes: msan_uninit-mem_7f44a03ba3ce_5692_id5_1.mp4
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This fixes decoding, broken since 7e35037.
This is similar to what was done for the normal mp3 decoder in
f4a86bc9.
Signed-off-by: Martin Storsjö <martin@martin.st>
The CONFIG_ name-space is set by configure, so its better to use a
different prefix here.
This also unifies the encoder & decoder define that is used
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This is similar to the fix in 35cbc98b.
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>
The value should be always 3, as it follows from the specification.
Fix a stack buffer overflow in exponents_from_scale_factors as reported
by asan. Thanks to Dale Curtis for the sample vector.
I was sadly unable to find a non fuzzed mp3 that uses the
feature that contained the bug (and i searched hard ...), thus
while this fixes the security issue. It may or may not fix
mixed blocks in 8khz mp3s, i cant say due to lack of samples to test.
Security issue exists since: b37d945dd4
Reported-by: Dale Curtis <dalecurtis@google.com>
(Probably) Found-by: inferno@chromium.org
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
The assert can be false with some invalid inputs, the check is
too expensive to always do though for just a warning message.
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
MP3 fixed and floating point decoders are optimized
for MIPS architecture.
Signed-off-by: Nedeljko Babic <nbabic@mips.com>
Reviewed-by: Vitor Sessak <vitor1001@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
In hybrid frames long window part ends at 36 samples for most of the cases
but at 72 for 8kHz case. For some reason decoder assumed it's 48 or even 36
samples, which caused wrong bitstream decoding for such blocks.
l3_25207.mpg from conformance suite demonstrates it the best.
Looks like some LAME versions produce dual stereo mode MP3s with
flags for intensity and middle stereo set. In this mode those flags
should be ignored like the reference decoder and derived ones do.
In most places where it's used, it's as a pointless write-only field.
Only rv10 decoder actually reads from it, but it stores some internal
version info in it. There is no reason for it to be in a public field.
It appears there are corner cases with damaged input that can lead
to small overreads.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Michael Niedermayer
Martin Storsjö
Diego Biurrun
Paul B Mahol
Clément Bœsch
Anton Khirnov
Justin Ruggles
Ronald S. Bultje
Luca Barbato
Nedeljko Babic
Kostya Shishkov