Skip to content

FAAD2 2.11.0
Compare
Choose a tag to compare
@fabiangreffrath fabiangreffrath released this 07 Nov 08:39
· 18 commits to master since this release
2.11.0
09b3c85

[ Eugène Filin ]

  • Fix incorrect variable initialization

[ Eugene Kliuchnikov ]

  • CI/CD, build, etc

    • setup GitHub workflows; test build under MSVC, OSX, MSYS2, Linux
    • add CMake build system
    • additionally add Bazel build
    • remove automake and MSVC project files
    • add fuzzers that cover almost all decoder code
    • setup fuzzing for various builds: (no-)FIXED_POINT / (no-)DRM
    • remove dead code
    • address differes compilers warnings
    • move version to distingished place that different build systems can read

  • "Safe" bugs

    "Safe" means that it is unlikely to be exploited; those affect the decoded
    result for (most likely) extreme inputs. Some fixes are useful only for
    "FIXED_POINT" build, since it has more restrictions on intermediate values.

    • "negative range" in estimate_current_envelope
    • integer overflow in channel downmixing
    • integer overflow in estimate_envelope
    • integer overflows caused by "practical infinite" gain
    • integer overflows in HF adjustment code
    • several "left shift of negative value"
    • priming RNG to avoid using values that does not look random at all
    • do not drop the first frame of output; other decoders don't do this
    • touching uninitialized values in lt_update_state
    • touching uninitialized values in bit-reader buffers

  • "Almost Safe" bugs

    "Almost safe" means that those are unlinkly to be exploited; if those surface
    depends on build options / environment.

    • division by zero in HF (noise?) generator and scale factor adjustment
    • division by zero gen_rand_vector

  • "Unsafe" bugs

    "Unsafe" means that those can cause crash, or could somehow else be exploited.

    • CLI: accessing unallocated memory in mp4info (corrupted / zero-samples input) (CVE-2023-38857)
    • CLI: out-of-bounds when parsing mp4 header
    • CLI: crash because of wrong mp4 frame offset calculation (CVE-2023-38857)
    • error handling rvlc_decode_scale_factors (CPU bomb?)
    • null pointer dereference (in DRM + PS build)
    • index-out-of-bounds / stack-buffer-overflow in decode_sce_lfe
      (for streams with PCE)
    • stack-buffer-overflow in pns_decode
    • null pointer derefernce (when channels change their type in the middle
      of the stream)
    • infinite loop on currupted stream
    • add practial limits for scale factors; otherwise calculated NaN/Inf values
      could confuse further logic, resulting in access-out-of-bounds
    • check sf_index in window_grouping_info to avoid access-out-of-bounds
    • clamp bs_pointer values to avoid access-out-of-bounds
    • infinite loop in fill_element
    • sanitize input values in ps_mix_phase to avoid access-out-of-bounds
    • fix internal decoder buffer size calculation to avoid heap-out-of-bounds
    • calculate channel length multiplier even if main channel is already allocated
      to avoid heap-out-of-bounds
    • reserve enough slots for channels in decode_sce_lfe
      to avoid heap-out-of-bounds

[ David Korczynski ]

  • Fuzzing integration with oss-fuzz

[ Steveice10 ]

  • Add define option to disable SBR/PS support
  • Fix coefficient table selection in tns_decode_coef
Assets 2