flacenc: Correctly handle up to 255 cue entries (!5420) · Merge requests · GStreamer / gstreamer

Sebastian Dröge requested to merge slomo/gstreamer:flacenc-no-crash-on-big-cue into main Sep 28, 2023

The counter was using a signed 8 bit integer, which was overflowing after 127 entries. That was then passed as an unsigned 32 bit integer to libflac, which caused it to be converted to a huge unsigned number. That then caused an invalid memory access inside libflac.

As a bonus, signed integer overflow is undefined behaviour.

Instead, use an unsigned 8 bit integer. Once this overflows the existing code already catches it and stops adding the cue. While FLAC__metadata_object_cuesheet_insert_track() takes an unsigned 32 bit integer for the track number, FLAC__StreamMetadata_CueSheet_Track is limiting it to an unsigned 8 bit integer.

Fixes #2921 (closed)

flacenc: Correctly handle up to 255 cue entries

Merge request reports