Skip to content

flacenc: Correctly handle up to 255 cue entries

The counter was using a signed 8 bit integer, which was overflowing after 127 entries. That was then passed as an unsigned 32 bit integer to libflac, which caused it to be converted to a huge unsigned number. That then caused an invalid memory access inside libflac.

As a bonus, signed integer overflow is undefined behaviour.

Instead, use an unsigned 8 bit integer. Once this overflows the existing code already catches it and stops adding the cue. While FLAC__metadata_object_cuesheet_insert_track() takes an unsigned 32 bit integer for the track number, FLAC__StreamMetadata_CueSheet_Track is limiting it to an unsigned 8 bit integer.

Fixes #2921 (closed)

Merge request reports