Please sign in to comment.
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Fixed bug 3894 - Fuzzing crashes for SDL_LoadWAV
Simon Hug I had a look at this and made some additions to SDL_wave.c. The attached patch adds many checks and error messages. For some reason I also added A-law and ?-law decoders. Forgot exactly why... but hey, they're small. The WAVE format is seriously underspecified (at least by the documents that are publicly available on the internet) and it's a shame Microsoft never put something better out there. The language used in them is so loose at times, it's not surprising the encoders and decoders behave very differently. The Windows Media Player doesn't even support MS ADPCM correctly. The patch also adds some hints to make the decoder more strict at the cost of compatibility with weird WAVE files. I still think it needs a bit of cleaning up (Not happy with the MultiplySize function. Don't like the name and other SDL code may want to use something like this too.) and some duplicated code may be folded together. It does work in this state and I have thrown all kinds of WAVE files at it. The AFL files also pass with it and some even play (obviously just noise). Crafty little fuzzer. Any critique would be welcome. I have a fork of SDL with a audio-loadwav branch over here if someone wants to use the commenting feature of Bitbucket: https://bitbucket.org/ChliHug/SDL I also cobbled some Lua scripts together to create WAVE test files: https://bitbucket.org/ChliHug/gendat
- Loading branch information
Showing with 2,217 additions and 616 deletions.
Oops, something went wrong.