flac: fix crash on corrupt metadata (CVE-2017-15371)

mansr · Nov 5, 2017 · 818bdd0 · 818bdd0
1 parent 600c291
commit 818bdd0
Showing 1 changed file with 5 additions and 3 deletions.
diff --git a/src/flac.c b/src/flac.c
@@ -119,18 +119,20 @@ static void decoder_metadata_callback(FLAC__StreamDecoder const * const flac, FL
     p->total_samples = metadata->data.stream_info.total_samples;
   }
   else if (metadata->type == FLAC__METADATA_TYPE_VORBIS_COMMENT) {
+    const FLAC__StreamMetadata_VorbisComment *vc = &metadata->data.vorbis_comment;
     size_t i;
 
-    if (metadata->data.vorbis_comment.num_comments == 0)
+    if (vc->num_comments == 0)
       return;
 
     if (ft->oob.comments != NULL) {
       lsx_warn("multiple Vorbis comment block ignored");
       return;
     }
 
-    for (i = 0; i < metadata->data.vorbis_comment.num_comments; ++i)
-      sox_append_comment(&ft->oob.comments, (char const *) metadata->data.vorbis_comment.comments[i].entry);
+    for (i = 0; i < vc->num_comments; ++i)
+      if (vc->comments[i].entry)
+        sox_append_comment(&ft->oob.comments, (char const *) vc->comments[i].entry);
   }
 }