[jackhill/guix/guix.git] / gnu / packages / patches / libmad-md_size.patch

Copied from Debian.

From: Kurt Roeckx <kurt@roeckx.be>
Date: Sun, 28 Jan 2018 15:44:08 +0100
Subject: Check the size of the main data

The main data to decode a frame can come from the current frame and part of the
previous frame, the so called bit reservoir. si.main_data_begin is the part of
the previous frame we need for this frame. frame_space is the amount of main
data that can be in this frame, and next_md_begin is the part of this frame that
is going to be used for the next frame.

The maximum amount of data from a previous frame that the format allows is 511
bytes. The maximum frame size for the defined bitrates is at MPEG 2.5 layer 2
at 320 kbit/s and 8 kHz sample rate which gives 72 * (320000 / 8000) + 1 = 2881.
So those defines are not large enough:
 # define MAD_BUFFER_GUARD      8
 # define MAD_BUFFER_MDLEN      (511 + 2048 + MAD_BUFFER_GUARD)

There is also support for a "free" bitrate which allows you to create any frame
size, which can be larger than the buffer.

Changing the defines is not an option since it's part of the ABI, so we check
that the main data fits in the bufer.

The previous frame data is stored in *stream->main_data and contains
stream->md_len bytes. If stream->md_len is larger than the data we
need from the previous frame (si.main_data_begin) it still wouldn't fit
in the buffer, so just keep the data that we need.

Index: libmad-0.15.1b/layer3.c
===================================================================
--- libmad-0.15.1b.orig/layer3.c
+++ libmad-0.15.1b/layer3.c
@@ -2608,6 +2608,11 @@ int mad_layer_III(struct mad_stream *str
     next_md_begin = 0;
 
   md_len = si.main_data_begin + frame_space - next_md_begin;
+  if (md_len + MAD_BUFFER_GUARD > MAD_BUFFER_MDLEN) {
+    stream->error = MAD_ERROR_LOSTSYNC;
+    stream->sync = 0;
+    return -1;
+  }
 
   frame_used = 0;
 
@@ -2625,8 +2630,11 @@ int mad_layer_III(struct mad_stream *str
       }
     }
     else {
-      mad_bit_init(&ptr,
-		   *stream->main_data + stream->md_len - si.main_data_begin);
+      memmove(stream->main_data,
+	*stream->main_data + stream->md_len - si.main_data_begin,
+	si.main_data_begin);
+      stream->md_len = si.main_data_begin;
+      mad_bit_init(&ptr, *stream->main_data);
 
       if (md_len > si.main_data_begin) {
 	assert(stream->md_len + md_len -
Commit	Line	Data
aac6c53a MW	1	Copied from Debian.
	2
	3	From: Kurt Roeckx <kurt@roeckx.be>
	4	Date: Sun, 28 Jan 2018 15:44:08 +0100
	5	Subject: Check the size of the main data
	6
	7	The main data to decode a frame can come from the current frame and part of the
	8	previous frame, the so called bit reservoir. si.main_data_begin is the part of
	9	the previous frame we need for this frame. frame_space is the amount of main
	10	data that can be in this frame, and next_md_begin is the part of this frame that
	11	is going to be used for the next frame.
	12
	13	The maximum amount of data from a previous frame that the format allows is 511
	14	bytes. The maximum frame size for the defined bitrates is at MPEG 2.5 layer 2
	15	at 320 kbit/s and 8 kHz sample rate which gives 72 * (320000 / 8000) + 1 = 2881.
	16	So those defines are not large enough:
	17	# define MAD_BUFFER_GUARD 8
	18	# define MAD_BUFFER_MDLEN (511 + 2048 + MAD_BUFFER_GUARD)
	19
	20	There is also support for a "free" bitrate which allows you to create any frame
	21	size, which can be larger than the buffer.
	22
	23	Changing the defines is not an option since it's part of the ABI, so we check
	24	that the main data fits in the bufer.
	25
	26	The previous frame data is stored in *stream->main_data and contains
	27	stream->md_len bytes. If stream->md_len is larger than the data we
	28	need from the previous frame (si.main_data_begin) it still wouldn't fit
	29	in the buffer, so just keep the data that we need.
	30
	31	Index: libmad-0.15.1b/layer3.c
	32	===================================================================
	33	--- libmad-0.15.1b.orig/layer3.c
	34	+++ libmad-0.15.1b/layer3.c
	35	@@ -2608,6 +2608,11 @@ int mad_layer_III(struct mad_stream *str
	36	next_md_begin = 0;
	37
	38	md_len = si.main_data_begin + frame_space - next_md_begin;
	39	+ if (md_len + MAD_BUFFER_GUARD > MAD_BUFFER_MDLEN) {
	40	+ stream->error = MAD_ERROR_LOSTSYNC;
	41	+ stream->sync = 0;
	42	+ return -1;
	43	+ }
	44
	45	frame_used = 0;
	46
	47	@@ -2625,8 +2630,11 @@ int mad_layer_III(struct mad_stream *str
	48	}
	49	}
	50	else {
	51	- mad_bit_init(&ptr,
	52	- *stream->main_data + stream->md_len - si.main_data_begin);
	53	+ memmove(stream->main_data,
	54	+ *stream->main_data + stream->md_len - si.main_data_begin,
	55	+ si.main_data_begin);
	56	+ stream->md_len = si.main_data_begin;
	57	+ mad_bit_init(&ptr, *stream->main_data);
	58
	59	if (md_len > si.main_data_begin) {
	60	assert(stream->md_len + md_len -