From abdd1967ad55bdc939aea619f3b6a12eb4fb00d7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= Date: Thu, 28 Sep 2023 18:03:31 +0300 Subject: [PATCH] flacenc: Correctly handle up to 255 cue entries The counter was using a signed 8 bit integer, which was overflowing after 127 entries. That was then passed as an unsigned 32 bit integer to libflac, which caused it to be converted to a huge unsigned number. That then caused an invalid memory access inside libflac. As a bonus, signed integer overflow is undefined behaviour. Instead, use an unsigned 8 bit integer. Once this overflows the existing code already catches it and stops adding the cue. While FLAC__metadata_object_cuesheet_insert_track() takes an unsigned 32 bit integer for the track number, FLAC__StreamMetadata_CueSheet_Track is limiting it to an unsigned 8 bit integer. Fixes https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/2921 Part-of: --- subprojects/gst-plugins-good/ext/flac/gstflacenc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/subprojects/gst-plugins-good/ext/flac/gstflacenc.c b/subprojects/gst-plugins-good/ext/flac/gstflacenc.c index ce91231624..266c69fc83 100644 --- a/subprojects/gst-plugins-good/ext/flac/gstflacenc.c +++ b/subprojects/gst-plugins-good/ext/flac/gstflacenc.c @@ -484,7 +484,7 @@ static gboolean add_cuesheet (const GstToc * toc, guint sample_rate, FLAC__StreamMetadata * cuesheet) { - gint8 track_num = 0; + guint8 track_num = 0; gint64 start, stop; gchar *isrc = NULL; const gchar *is_legal;