Update to 0.16.2

This commit is contained in:
Leigh Scott 2022-09-02 09:58:14 +01:00
parent 7c61f5c152
commit d4b697c065
10 changed files with 27 additions and 1202 deletions

11
Add_unversioned_so.patch Normal file
View File

@ -0,0 +1,11 @@
--- a/CMakeLists).txt 2022-06-22 23:48:45.000000000 +0100
+++ b/CMakeLists.txt 2022-09-02 09:37:02.647923806 +0100
@@ -35,7 +35,7 @@ endif()
set_target_properties(mad PROPERTIES
VERSION ${CMAKE_PROJECT_VERSION}
- SOVERSION ${CMAKE_PROJECT_VERSION}
+ SOVERSION 0
)
#

View File

@ -1,34 +0,0 @@
From: Dave Martin
Subject: "rsc" doesnt exist anymore in thumb2
diff --git a/fixed.h b/fixed.h
index 4b58abf..ba4bc26 100644
--- a/fixed.h
+++ b/fixed.h
@@ -275,12 +275,25 @@ mad_fixed_t mad_f_mul_inline(mad_fixed_t x, mad_fixed_t y)
: "+r" (lo), "+r" (hi) \
: "%r" (x), "r" (y))
+#ifdef __thumb__
+/* In Thumb-2, the RSB-immediate instruction is only allowed with a zero
+ operand. If needed this code can also support Thumb-1
+ (simply append "s" to the end of the second two instructions). */
+# define MAD_F_MLN(hi, lo) \
+ asm ("rsbs %0, %0, #0\n\t" \
+ "sbc %1, %1, %1\n\t" \
+ "sub %1, %1, %2" \
+ : "+&r" (lo), "=&r" (hi) \
+ : "r" (hi) \
+ : "cc")
+#else /* ! __thumb__ */
# define MAD_F_MLN(hi, lo) \
asm ("rsbs %0, %2, #0\n\t" \
"rsc %1, %3, #0" \
- : "=r" (lo), "=r" (hi) \
+ : "=&r" (lo), "=r" (hi) \
: "0" (lo), "1" (hi) \
: "cc")
+#endif /* __thumb__ */
# define mad_f_scale64(hi, lo) \
({ mad_fixed_t __result; \

View File

@ -1,817 +0,0 @@
From: Kurt Roeckx <kurt@roeckx.be>
Date: Sun, 28 Jan 2018 19:26:36 +0100
Subject: Check the size before reading with mad_bit_read
There are various cases where it attemps to read past the end of the buffer
using mad_bit_read(). Most functions didn't even know the size of the buffer
they were reading from.
Index: libmad-0.15.1b/bit.c
===================================================================
--- libmad-0.15.1b.orig/bit.c
+++ libmad-0.15.1b/bit.c
@@ -138,6 +138,9 @@ unsigned long mad_bit_read(struct mad_bi
{
register unsigned long value;
+ if (len == 0)
+ return 0;
+
if (bitptr->left == CHAR_BIT)
bitptr->cache = *bitptr->byte;
Index: libmad-0.15.1b/frame.c
===================================================================
--- libmad-0.15.1b.orig/frame.c
+++ libmad-0.15.1b/frame.c
@@ -120,11 +120,18 @@ static
int decode_header(struct mad_header *header, struct mad_stream *stream)
{
unsigned int index;
+ struct mad_bitptr bufend_ptr;
header->flags = 0;
header->private_bits = 0;
+ mad_bit_init(&bufend_ptr, stream->bufend);
+
/* header() */
+ if (mad_bit_length(&stream->ptr, &bufend_ptr) < 32) {
+ stream->error = MAD_ERROR_BUFLEN;
+ return -1;
+ }
/* syncword */
mad_bit_skip(&stream->ptr, 11);
@@ -225,8 +232,13 @@ int decode_header(struct mad_header *hea
/* error_check() */
/* crc_check */
- if (header->flags & MAD_FLAG_PROTECTION)
+ if (header->flags & MAD_FLAG_PROTECTION) {
+ if (mad_bit_length(&stream->ptr, &bufend_ptr) < 16) {
+ stream->error = MAD_ERROR_BUFLEN;
+ return -1;
+ }
header->crc_target = mad_bit_read(&stream->ptr, 16);
+ }
return 0;
}
@@ -338,7 +350,7 @@ int mad_header_decode(struct mad_header
stream->error = MAD_ERROR_BUFLEN;
goto fail;
}
- else if (!(ptr[0] == 0xff && (ptr[1] & 0xe0) == 0xe0)) {
+ else if ((end - ptr >= 2) && !(ptr[0] == 0xff && (ptr[1] & 0xe0) == 0xe0)) {
/* mark point where frame sync word was expected */
stream->this_frame = ptr;
stream->next_frame = ptr + 1;
@@ -361,6 +373,8 @@ int mad_header_decode(struct mad_header
ptr = mad_bit_nextbyte(&stream->ptr);
}
+ stream->error = MAD_ERROR_NONE;
+
/* begin processing */
stream->this_frame = ptr;
stream->next_frame = ptr + 1; /* possibly bogus sync word */
@@ -413,7 +427,7 @@ int mad_header_decode(struct mad_header
/* check that a valid frame header follows this frame */
ptr = stream->next_frame;
- if (!(ptr[0] == 0xff && (ptr[1] & 0xe0) == 0xe0)) {
+ if ((end - ptr >= 2) && !(ptr[0] == 0xff && (ptr[1] & 0xe0) == 0xe0)) {
ptr = stream->next_frame = stream->this_frame + 1;
goto sync;
}
Index: libmad-0.15.1b/layer12.c
===================================================================
--- libmad-0.15.1b.orig/layer12.c
+++ libmad-0.15.1b/layer12.c
@@ -72,10 +72,18 @@ mad_fixed_t const linear_table[14] = {
* DESCRIPTION: decode one requantized Layer I sample from a bitstream
*/
static
-mad_fixed_t I_sample(struct mad_bitptr *ptr, unsigned int nb)
+mad_fixed_t I_sample(struct mad_bitptr *ptr, unsigned int nb, struct mad_stream *stream)
{
mad_fixed_t sample;
+ struct mad_bitptr frameend_ptr;
+ mad_bit_init(&frameend_ptr, stream->next_frame);
+
+ if (mad_bit_length(ptr, &frameend_ptr) < nb) {
+ stream->error = MAD_ERROR_LOSTSYNC;
+ stream->sync = 0;
+ return 0;
+ }
sample = mad_bit_read(ptr, nb);
/* invert most significant bit, extend sign, then scale to fixed format */
@@ -106,6 +114,10 @@ int mad_layer_I(struct mad_stream *strea
struct mad_header *header = &frame->header;
unsigned int nch, bound, ch, s, sb, nb;
unsigned char allocation[2][32], scalefactor[2][32];
+ struct mad_bitptr bufend_ptr, frameend_ptr;
+
+ mad_bit_init(&bufend_ptr, stream->bufend);
+ mad_bit_init(&frameend_ptr, stream->next_frame);
nch = MAD_NCHANNELS(header);
@@ -118,6 +130,11 @@ int mad_layer_I(struct mad_stream *strea
/* check CRC word */
if (header->flags & MAD_FLAG_PROTECTION) {
+ if (mad_bit_length(&stream->ptr, &bufend_ptr)
+ < 4 * (bound * nch + (32 - bound))) {
+ stream->error = MAD_ERROR_BADCRC;
+ return -1;
+ }
header->crc_check =
mad_bit_crc(stream->ptr, 4 * (bound * nch + (32 - bound)),
header->crc_check);
@@ -133,6 +150,11 @@ int mad_layer_I(struct mad_stream *strea
for (sb = 0; sb < bound; ++sb) {
for (ch = 0; ch < nch; ++ch) {
+ if (mad_bit_length(&stream->ptr, &frameend_ptr) < 4) {
+ stream->error = MAD_ERROR_LOSTSYNC;
+ stream->sync = 0;
+ return -1;
+ }
nb = mad_bit_read(&stream->ptr, 4);
if (nb == 15) {
@@ -145,6 +167,11 @@ int mad_layer_I(struct mad_stream *strea
}
for (sb = bound; sb < 32; ++sb) {
+ if (mad_bit_length(&stream->ptr, &frameend_ptr) < 4) {
+ stream->error = MAD_ERROR_LOSTSYNC;
+ stream->sync = 0;
+ return -1;
+ }
nb = mad_bit_read(&stream->ptr, 4);
if (nb == 15) {
@@ -161,6 +188,11 @@ int mad_layer_I(struct mad_stream *strea
for (sb = 0; sb < 32; ++sb) {
for (ch = 0; ch < nch; ++ch) {
if (allocation[ch][sb]) {
+ if (mad_bit_length(&stream->ptr, &frameend_ptr) < 6) {
+ stream->error = MAD_ERROR_LOSTSYNC;
+ stream->sync = 0;
+ return -1;
+ }
scalefactor[ch][sb] = mad_bit_read(&stream->ptr, 6);
# if defined(OPT_STRICT)
@@ -185,8 +217,10 @@ int mad_layer_I(struct mad_stream *strea
for (ch = 0; ch < nch; ++ch) {
nb = allocation[ch][sb];
frame->sbsample[ch][s][sb] = nb ?
- mad_f_mul(I_sample(&stream->ptr, nb),
+ mad_f_mul(I_sample(&stream->ptr, nb, stream),
sf_table[scalefactor[ch][sb]]) : 0;
+ if (stream->error != 0)
+ return -1;
}
}
@@ -194,7 +228,14 @@ int mad_layer_I(struct mad_stream *strea
if ((nb = allocation[0][sb])) {
mad_fixed_t sample;
- sample = I_sample(&stream->ptr, nb);
+ if (mad_bit_length(&stream->ptr, &frameend_ptr) < nb) {
+ stream->error = MAD_ERROR_LOSTSYNC;
+ stream->sync = 0;
+ return -1;
+ }
+ sample = I_sample(&stream->ptr, nb, stream);
+ if (stream->error != 0)
+ return -1;
for (ch = 0; ch < nch; ++ch) {
frame->sbsample[ch][s][sb] =
@@ -280,13 +321,21 @@ struct quantclass {
static
void II_samples(struct mad_bitptr *ptr,
struct quantclass const *quantclass,
- mad_fixed_t output[3])
+ mad_fixed_t output[3], struct mad_stream *stream)
{
unsigned int nb, s, sample[3];
+ struct mad_bitptr frameend_ptr;
+
+ mad_bit_init(&frameend_ptr, stream->next_frame);
if ((nb = quantclass->group)) {
unsigned int c, nlevels;
+ if (mad_bit_length(ptr, &frameend_ptr) < quantclass->bits) {
+ stream->error = MAD_ERROR_LOSTSYNC;
+ stream->sync = 0;
+ return;
+ }
/* degrouping */
c = mad_bit_read(ptr, quantclass->bits);
nlevels = quantclass->nlevels;
@@ -299,8 +348,14 @@ void II_samples(struct mad_bitptr *ptr,
else {
nb = quantclass->bits;
- for (s = 0; s < 3; ++s)
+ for (s = 0; s < 3; ++s) {
+ if (mad_bit_length(ptr, &frameend_ptr) < nb) {
+ stream->error = MAD_ERROR_LOSTSYNC;
+ stream->sync = 0;
+ return;
+ }
sample[s] = mad_bit_read(ptr, nb);
+ }
}
for (s = 0; s < 3; ++s) {
@@ -336,6 +391,9 @@ int mad_layer_II(struct mad_stream *stre
unsigned char const *offsets;
unsigned char allocation[2][32], scfsi[2][32], scalefactor[2][32][3];
mad_fixed_t samples[3];
+ struct mad_bitptr frameend_ptr;
+
+ mad_bit_init(&frameend_ptr, stream->next_frame);
nch = MAD_NCHANNELS(header);
@@ -402,13 +460,24 @@ int mad_layer_II(struct mad_stream *stre
for (sb = 0; sb < bound; ++sb) {
nbal = bitalloc_table[offsets[sb]].nbal;
- for (ch = 0; ch < nch; ++ch)
+ for (ch = 0; ch < nch; ++ch) {
+ if (mad_bit_length(&stream->ptr, &frameend_ptr) < nbal) {
+ stream->error = MAD_ERROR_LOSTSYNC;
+ stream->sync = 0;
+ return -1;
+ }
allocation[ch][sb] = mad_bit_read(&stream->ptr, nbal);
+ }
}
for (sb = bound; sb < sblimit; ++sb) {
nbal = bitalloc_table[offsets[sb]].nbal;
+ if (mad_bit_length(&stream->ptr, &frameend_ptr) < nbal) {
+ stream->error = MAD_ERROR_LOSTSYNC;
+ stream->sync = 0;
+ return -1;
+ }
allocation[0][sb] =
allocation[1][sb] = mad_bit_read(&stream->ptr, nbal);
}
@@ -417,8 +486,14 @@ int mad_layer_II(struct mad_stream *stre
for (sb = 0; sb < sblimit; ++sb) {
for (ch = 0; ch < nch; ++ch) {
- if (allocation[ch][sb])
+ if (allocation[ch][sb]) {
+ if (mad_bit_length(&stream->ptr, &frameend_ptr) < 2) {
+ stream->error = MAD_ERROR_LOSTSYNC;
+ stream->sync = 0;
+ return -1;
+ }
scfsi[ch][sb] = mad_bit_read(&stream->ptr, 2);
+ }
}
}
@@ -441,6 +516,11 @@ int mad_layer_II(struct mad_stream *stre
for (sb = 0; sb < sblimit; ++sb) {
for (ch = 0; ch < nch; ++ch) {
if (allocation[ch][sb]) {
+ if (mad_bit_length(&stream->ptr, &frameend_ptr) < 6) {
+ stream->error = MAD_ERROR_LOSTSYNC;
+ stream->sync = 0;
+ return -1;
+ }
scalefactor[ch][sb][0] = mad_bit_read(&stream->ptr, 6);
switch (scfsi[ch][sb]) {
@@ -451,11 +531,21 @@ int mad_layer_II(struct mad_stream *stre
break;
case 0:
+ if (mad_bit_length(&stream->ptr, &frameend_ptr) < 6) {
+ stream->error = MAD_ERROR_LOSTSYNC;
+ stream->sync = 0;
+ return -1;
+ }
scalefactor[ch][sb][1] = mad_bit_read(&stream->ptr, 6);
/* fall through */
case 1:
case 3:
+ if (mad_bit_length(&stream->ptr, &frameend_ptr) < 6) {
+ stream->error = MAD_ERROR_LOSTSYNC;
+ stream->sync = 0;
+ return -1;
+ }
scalefactor[ch][sb][2] = mad_bit_read(&stream->ptr, 6);
}
@@ -487,7 +577,9 @@ int mad_layer_II(struct mad_stream *stre
if ((index = allocation[ch][sb])) {
index = offset_table[bitalloc_table[offsets[sb]].offset][index - 1];
- II_samples(&stream->ptr, &qc_table[index], samples);
+ II_samples(&stream->ptr, &qc_table[index], samples, stream);
+ if (stream->error != 0)
+ return -1;
for (s = 0; s < 3; ++s) {
frame->sbsample[ch][3 * gr + s][sb] =
@@ -505,7 +597,9 @@ int mad_layer_II(struct mad_stream *stre
if ((index = allocation[0][sb])) {
index = offset_table[bitalloc_table[offsets[sb]].offset][index - 1];
- II_samples(&stream->ptr, &qc_table[index], samples);
+ II_samples(&stream->ptr, &qc_table[index], samples, stream);
+ if (stream->error != 0)
+ return -1;
for (ch = 0; ch < nch; ++ch) {
for (s = 0; s < 3; ++s) {
Index: libmad-0.15.1b/layer3.c
===================================================================
--- libmad-0.15.1b.orig/layer3.c
+++ libmad-0.15.1b/layer3.c
@@ -598,7 +598,8 @@ enum mad_error III_sideinfo(struct mad_b
static
unsigned int III_scalefactors_lsf(struct mad_bitptr *ptr,
struct channel *channel,
- struct channel *gr1ch, int mode_extension)
+ struct channel *gr1ch, int mode_extension,
+ unsigned int bits_left, unsigned int *part2_length)
{
struct mad_bitptr start;
unsigned int scalefac_compress, index, slen[4], part, n, i;
@@ -644,8 +645,12 @@ unsigned int III_scalefactors_lsf(struct
n = 0;
for (part = 0; part < 4; ++part) {
- for (i = 0; i < nsfb[part]; ++i)
+ for (i = 0; i < nsfb[part]; ++i) {
+ if (bits_left < slen[part])
+ return MAD_ERROR_BADSCFSI;
channel->scalefac[n++] = mad_bit_read(ptr, slen[part]);
+ bits_left -= slen[part];
+ }
}
while (n < 39)
@@ -690,7 +695,10 @@ unsigned int III_scalefactors_lsf(struct
max = (1 << slen[part]) - 1;
for (i = 0; i < nsfb[part]; ++i) {
+ if (bits_left < slen[part])
+ return MAD_ERROR_BADSCFSI;
is_pos = mad_bit_read(ptr, slen[part]);
+ bits_left -= slen[part];
channel->scalefac[n] = is_pos;
gr1ch->scalefac[n++] = (is_pos == max);
@@ -703,7 +711,8 @@ unsigned int III_scalefactors_lsf(struct
}
}
- return mad_bit_length(&start, ptr);
+ *part2_length = mad_bit_length(&start, ptr);
+ return MAD_ERROR_NONE;
}
/*
@@ -712,7 +721,8 @@ unsigned int III_scalefactors_lsf(struct
*/
static
unsigned int III_scalefactors(struct mad_bitptr *ptr, struct channel *channel,
- struct channel const *gr0ch, unsigned int scfsi)
+ struct channel const *gr0ch, unsigned int scfsi,
+ unsigned int bits_left, unsigned int *part2_length)
{
struct mad_bitptr start;
unsigned int slen1, slen2, sfbi;
@@ -728,12 +738,20 @@ unsigned int III_scalefactors(struct mad
sfbi = 0;
nsfb = (channel->flags & mixed_block_flag) ? 8 + 3 * 3 : 6 * 3;
- while (nsfb--)
+ while (nsfb--) {
+ if (bits_left < slen1)
+ return MAD_ERROR_BADSCFSI;
channel->scalefac[sfbi++] = mad_bit_read(ptr, slen1);
+ bits_left -= slen1;
+ }
nsfb = 6 * 3;
- while (nsfb--)
+ while (nsfb--) {
+ if (bits_left < slen2)
+ return MAD_ERROR_BADSCFSI;
channel->scalefac[sfbi++] = mad_bit_read(ptr, slen2);
+ bits_left -= slen2;
+ }
nsfb = 1 * 3;
while (nsfb--)
@@ -745,8 +763,12 @@ unsigned int III_scalefactors(struct mad
channel->scalefac[sfbi] = gr0ch->scalefac[sfbi];
}
else {
- for (sfbi = 0; sfbi < 6; ++sfbi)
+ for (sfbi = 0; sfbi < 6; ++sfbi) {
+ if (bits_left < slen1)
+ return MAD_ERROR_BADSCFSI;
channel->scalefac[sfbi] = mad_bit_read(ptr, slen1);
+ bits_left -= slen1;
+ }
}
if (scfsi & 0x4) {
@@ -754,8 +776,12 @@ unsigned int III_scalefactors(struct mad
channel->scalefac[sfbi] = gr0ch->scalefac[sfbi];
}
else {
- for (sfbi = 6; sfbi < 11; ++sfbi)
+ for (sfbi = 6; sfbi < 11; ++sfbi) {
+ if (bits_left < slen1)
+ return MAD_ERROR_BADSCFSI;
channel->scalefac[sfbi] = mad_bit_read(ptr, slen1);
+ bits_left -= slen1;
+ }
}
if (scfsi & 0x2) {
@@ -763,8 +789,12 @@ unsigned int III_scalefactors(struct mad
channel->scalefac[sfbi] = gr0ch->scalefac[sfbi];
}
else {
- for (sfbi = 11; sfbi < 16; ++sfbi)
+ for (sfbi = 11; sfbi < 16; ++sfbi) {
+ if (bits_left < slen2)
+ return MAD_ERROR_BADSCFSI;
channel->scalefac[sfbi] = mad_bit_read(ptr, slen2);
+ bits_left -= slen2;
+ }
}
if (scfsi & 0x1) {
@@ -772,14 +802,19 @@ unsigned int III_scalefactors(struct mad
channel->scalefac[sfbi] = gr0ch->scalefac[sfbi];
}
else {
- for (sfbi = 16; sfbi < 21; ++sfbi)
+ for (sfbi = 16; sfbi < 21; ++sfbi) {
+ if (bits_left < slen2)
+ return MAD_ERROR_BADSCFSI;
channel->scalefac[sfbi] = mad_bit_read(ptr, slen2);
+ bits_left -= slen2;
+ }
}
channel->scalefac[21] = 0;
}
- return mad_bit_length(&start, ptr);
+ *part2_length = mad_bit_length(&start, ptr);
+ return MAD_ERROR_NONE;
}
/*
@@ -933,19 +968,17 @@ static
enum mad_error III_huffdecode(struct mad_bitptr *ptr, mad_fixed_t xr[576],
struct channel *channel,
unsigned char const *sfbwidth,
- unsigned int part2_length)
+ signed int part3_length)
{
signed int exponents[39], exp;
signed int const *expptr;
struct mad_bitptr peek;
- signed int bits_left, cachesz;
+ signed int bits_left, cachesz, fakebits;
register mad_fixed_t *xrptr;
mad_fixed_t const *sfbound;
register unsigned long bitcache;
- bits_left = (signed) channel->part2_3_length - (signed) part2_length;
- if (bits_left < 0)
- return MAD_ERROR_BADPART3LEN;
+ bits_left = part3_length;
III_exponents(channel, sfbwidth, exponents);
@@ -956,8 +989,12 @@ enum mad_error III_huffdecode(struct mad
cachesz = mad_bit_bitsleft(&peek);
cachesz += ((32 - 1 - 24) + (24 - cachesz)) & ~7;
+ if (bits_left < cachesz) {
+ cachesz = bits_left;
+ }
bitcache = mad_bit_read(&peek, cachesz);
bits_left -= cachesz;
+ fakebits = 0;
xrptr = &xr[0];
@@ -986,7 +1023,7 @@ enum mad_error III_huffdecode(struct mad
big_values = channel->big_values;
- while (big_values-- && cachesz + bits_left > 0) {
+ while (big_values-- && cachesz + bits_left - fakebits > 0) {
union huffpair const *pair;
unsigned int clumpsz, value;
register mad_fixed_t requantized;
@@ -1023,10 +1060,19 @@ enum mad_error III_huffdecode(struct mad
unsigned int bits;
bits = ((32 - 1 - 21) + (21 - cachesz)) & ~7;
+ if (bits_left < bits) {
+ bits = bits_left;
+ }
bitcache = (bitcache << bits) | mad_bit_read(&peek, bits);
cachesz += bits;
bits_left -= bits;
}
+ if (cachesz < 21) {
+ unsigned int bits = 21 - cachesz;
+ bitcache <<= bits;
+ cachesz += bits;
+ fakebits += bits;
+ }
/* hcod (0..19) */
@@ -1041,6 +1087,8 @@ enum mad_error III_huffdecode(struct mad
}
cachesz -= pair->value.hlen;
+ if (cachesz < fakebits)
+ return MAD_ERROR_BADHUFFDATA;
if (linbits) {
/* x (0..14) */
@@ -1054,10 +1102,15 @@ enum mad_error III_huffdecode(struct mad
case 15:
if (cachesz < linbits + 2) {
- bitcache = (bitcache << 16) | mad_bit_read(&peek, 16);
- cachesz += 16;
- bits_left -= 16;
+ unsigned int bits = 16;
+ if (bits_left < 16)
+ bits = bits_left;
+ bitcache = (bitcache << bits) | mad_bit_read(&peek, bits);
+ cachesz += bits;
+ bits_left -= bits;
}
+ if (cachesz - fakebits < linbits)
+ return MAD_ERROR_BADHUFFDATA;
value += MASK(bitcache, cachesz, linbits);
cachesz -= linbits;
@@ -1074,6 +1127,8 @@ enum mad_error III_huffdecode(struct mad
}
x_final:
+ if (cachesz - fakebits < 1)
+ return MAD_ERROR_BADHUFFDATA;
xrptr[0] = MASK1BIT(bitcache, cachesz--) ?
-requantized : requantized;
}
@@ -1089,10 +1144,15 @@ enum mad_error III_huffdecode(struct mad
case 15:
if (cachesz < linbits + 1) {
- bitcache = (bitcache << 16) | mad_bit_read(&peek, 16);
- cachesz += 16;
- bits_left -= 16;
+ unsigned int bits = 16;
+ if (bits_left < 16)
+ bits = bits_left;
+ bitcache = (bitcache << bits) | mad_bit_read(&peek, bits);
+ cachesz += bits;
+ bits_left -= bits;
}
+ if (cachesz - fakebits < linbits)
+ return MAD_ERROR_BADHUFFDATA;
value += MASK(bitcache, cachesz, linbits);
cachesz -= linbits;
@@ -1109,6 +1169,8 @@ enum mad_error III_huffdecode(struct mad
}
y_final:
+ if (cachesz - fakebits < 1)
+ return MAD_ERROR_BADHUFFDATA;
xrptr[1] = MASK1BIT(bitcache, cachesz--) ?
-requantized : requantized;
}
@@ -1128,6 +1190,8 @@ enum mad_error III_huffdecode(struct mad
requantized = reqcache[value] = III_requantize(value, exp);
}
+ if (cachesz - fakebits < 1)
+ return MAD_ERROR_BADHUFFDATA;
xrptr[0] = MASK1BIT(bitcache, cachesz--) ?
-requantized : requantized;
}
@@ -1146,6 +1210,8 @@ enum mad_error III_huffdecode(struct mad
requantized = reqcache[value] = III_requantize(value, exp);
}
+ if (cachesz - fakebits < 1)
+ return MAD_ERROR_BADHUFFDATA;
xrptr[1] = MASK1BIT(bitcache, cachesz--) ?
-requantized : requantized;
}
@@ -1155,9 +1221,6 @@ enum mad_error III_huffdecode(struct mad
}
}
- if (cachesz + bits_left < 0)
- return MAD_ERROR_BADHUFFDATA; /* big_values overrun */
-
/* count1 */
{
union huffquad const *table;
@@ -1167,15 +1230,24 @@ enum mad_error III_huffdecode(struct mad
requantized = III_requantize(1, exp);
- while (cachesz + bits_left > 0 && xrptr <= &xr[572]) {
+ while (cachesz + bits_left - fakebits > 0 && xrptr <= &xr[572]) {
union huffquad const *quad;
/* hcod (1..6) */
if (cachesz < 10) {
- bitcache = (bitcache << 16) | mad_bit_read(&peek, 16);
- cachesz += 16;
- bits_left -= 16;
+ unsigned int bits = 16;
+ if (bits_left < 16)
+ bits = bits_left;
+ bitcache = (bitcache << bits) | mad_bit_read(&peek, bits);
+ cachesz += bits;
+ bits_left -= bits;
+ }
+ if (cachesz < 10) {
+ unsigned int bits = 10 - cachesz;
+ bitcache <<= bits;
+ cachesz += bits;
+ fakebits += bits;
}
quad = &table[MASK(bitcache, cachesz, 4)];
@@ -1188,6 +1260,11 @@ enum mad_error III_huffdecode(struct mad
MASK(bitcache, cachesz, quad->ptr.bits)];
}
+ if (cachesz - fakebits < quad->value.hlen + quad->value.v
+ + quad->value.w + quad->value.x + quad->value.y)
+ /* We don't have enough bits to read one more entry, consider them
+ * stuffing bits. */
+ break;
cachesz -= quad->value.hlen;
if (xrptr == sfbound) {
@@ -1236,22 +1313,8 @@ enum mad_error III_huffdecode(struct mad
xrptr += 2;
}
-
- if (cachesz + bits_left < 0) {
-# if 0 && defined(DEBUG)
- fprintf(stderr, "huffman count1 overrun (%d bits)\n",
- -(cachesz + bits_left));
-# endif
-
- /* technically the bitstream is misformatted, but apparently
- some encoders are just a bit sloppy with stuffing bits */
-
- xrptr -= 4;
- }
}
- assert(-bits_left <= MAD_BUFFER_GUARD * CHAR_BIT);
-
# if 0 && defined(DEBUG)
if (bits_left < 0)
fprintf(stderr, "read %d bits too many\n", -bits_left);
@@ -2348,10 +2411,11 @@ void III_freqinver(mad_fixed_t sample[18
*/
static
enum mad_error III_decode(struct mad_bitptr *ptr, struct mad_frame *frame,
- struct sideinfo *si, unsigned int nch)
+ struct sideinfo *si, unsigned int nch, unsigned int md_len)
{
struct mad_header *header = &frame->header;
unsigned int sfreqi, ngr, gr;
+ int bits_left = md_len * CHAR_BIT;
{
unsigned int sfreq;
@@ -2383,6 +2447,7 @@ enum mad_error III_decode(struct mad_bit
for (ch = 0; ch < nch; ++ch) {
struct channel *channel = &granule->ch[ch];
unsigned int part2_length;
+ unsigned int part3_length;
sfbwidth[ch] = sfbwidth_table[sfreqi].l;
if (channel->block_type == 2) {
@@ -2391,18 +2456,30 @@ enum mad_error III_decode(struct mad_bit
}
if (header->flags & MAD_FLAG_LSF_EXT) {
- part2_length = III_scalefactors_lsf(ptr, channel,
+ error = III_scalefactors_lsf(ptr, channel,
ch == 0 ? 0 : &si->gr[1].ch[1],
- header->mode_extension);
+ header->mode_extension, bits_left, &part2_length);
}
else {
- part2_length = III_scalefactors(ptr, channel, &si->gr[0].ch[ch],
- gr == 0 ? 0 : si->scfsi[ch]);
+ error = III_scalefactors(ptr, channel, &si->gr[0].ch[ch],
+ gr == 0 ? 0 : si->scfsi[ch], bits_left, &part2_length);
}
+ if (error)
+ return error;
+
+ bits_left -= part2_length;
- error = III_huffdecode(ptr, xr[ch], channel, sfbwidth[ch], part2_length);
+ if (part2_length > channel->part2_3_length)
+ return MAD_ERROR_BADPART3LEN;
+
+ part3_length = channel->part2_3_length - part2_length;
+ if (part3_length > bits_left)
+ return MAD_ERROR_BADPART3LEN;
+
+ error = III_huffdecode(ptr, xr[ch], channel, sfbwidth[ch], part3_length);
if (error)
return error;
+ bits_left -= part3_length;
}
/* joint stereo processing */
@@ -2519,11 +2596,13 @@ int mad_layer_III(struct mad_stream *str
unsigned int nch, priv_bitlen, next_md_begin = 0;
unsigned int si_len, data_bitlen, md_len;
unsigned int frame_space, frame_used, frame_free;
- struct mad_bitptr ptr;
+ struct mad_bitptr ptr, bufend_ptr;
struct sideinfo si;
enum mad_error error;
int result = 0;
+ mad_bit_init(&bufend_ptr, stream->bufend);
+
/* allocate Layer III dynamic structures */
if (stream->main_data == 0) {
@@ -2587,14 +2666,15 @@ int mad_layer_III(struct mad_stream *str
unsigned long header;
mad_bit_init(&peek, stream->next_frame);
+ if (mad_bit_length(&peek, &bufend_ptr) >= 57) {
+ header = mad_bit_read(&peek, 32);
+ if ((header & 0xffe60000L) /* syncword | layer */ == 0xffe20000L) {
+ if (!(header & 0x00010000L)) /* protection_bit */
+ mad_bit_skip(&peek, 16); /* crc_check */
- header = mad_bit_read(&peek, 32);
- if ((header & 0xffe60000L) /* syncword | layer */ == 0xffe20000L) {
- if (!(header & 0x00010000L)) /* protection_bit */
- mad_bit_skip(&peek, 16); /* crc_check */
-
- next_md_begin =
- mad_bit_read(&peek, (header & 0x00080000L) /* ID */ ? 9 : 8);
+ next_md_begin =
+ mad_bit_read(&peek, (header & 0x00080000L) /* ID */ ? 9 : 8);
+ }
}
mad_bit_finish(&peek);
@@ -2653,7 +2733,7 @@ int mad_layer_III(struct mad_stream *str
/* decode main_data */
if (result == 0) {
- error = III_decode(&ptr, frame, &si, nch);
+ error = III_decode(&ptr, frame, &si, nch, md_len);
if (error) {
stream->error = error;
result = -1;

View File

@ -1,12 +0,0 @@
diff -Naur libmad-0.15.1b-orig/configure.ac libmad-0.15.1b/configure.ac
--- libmad-0.15.1b-orig/configure.ac 2007-07-01 12:58:13.000000000 -0600
+++ libmad-0.15.1b/configure.ac 2007-07-01 12:59:13.000000000 -0600
@@ -105,7 +105,7 @@
shift
;;
-O2)
- optimize="-O"
+ optimize="-O2"
shift
;;
-fomit-frame-pointer)

View File

@ -1,146 +0,0 @@
diff -Naur libmad-0.15.1b-orig/configure.ac libmad-0.15.1b/configure.ac
--- libmad-0.15.1b-orig/configure.ac 2007-06-30 20:22:31.000000000 -0600
+++ libmad-0.15.1b/configure.ac 2007-06-30 20:25:31.000000000 -0600
@@ -122,74 +122,74 @@
esac
done
-if test "$GCC" = yes
-then
- if test -z "$arch"
- then
- case "$host" in
- i386-*) ;;
- i?86-*) arch="-march=i486" ;;
- arm*-empeg-*) arch="-march=armv4 -mtune=strongarm1100" ;;
- armv4*-*) arch="-march=armv4 -mtune=strongarm" ;;
- powerpc-*) ;;
- mips*-agenda-*) arch="-mcpu=vr4100" ;;
- mips*-luxsonor-*) arch="-mips1 -mcpu=r3000 -Wa,-m4010" ;;
- esac
- fi
-
- case "$optimize" in
- -O|"-O "*)
- optimize="-O"
- optimize="$optimize -fforce-mem"
- optimize="$optimize -fforce-addr"
- : #x optimize="$optimize -finline-functions"
- : #- optimize="$optimize -fstrength-reduce"
- optimize="$optimize -fthread-jumps"
- optimize="$optimize -fcse-follow-jumps"
- optimize="$optimize -fcse-skip-blocks"
- : #x optimize="$optimize -frerun-cse-after-loop"
- : #x optimize="$optimize -frerun-loop-opt"
- : #x optimize="$optimize -fgcse"
- optimize="$optimize -fexpensive-optimizations"
- optimize="$optimize -fregmove"
- : #* optimize="$optimize -fdelayed-branch"
- : #x optimize="$optimize -fschedule-insns"
- optimize="$optimize -fschedule-insns2"
- : #? optimize="$optimize -ffunction-sections"
- : #? optimize="$optimize -fcaller-saves"
- : #> optimize="$optimize -funroll-loops"
- : #> optimize="$optimize -funroll-all-loops"
- : #x optimize="$optimize -fmove-all-movables"
- : #x optimize="$optimize -freduce-all-givs"
- : #? optimize="$optimize -fstrict-aliasing"
- : #* optimize="$optimize -fstructure-noalias"
-
- case "$host" in
- arm*-*)
- optimize="$optimize -fstrength-reduce"
- ;;
- mips*-*)
- optimize="$optimize -fstrength-reduce"
- optimize="$optimize -finline-functions"
- ;;
- i?86-*)
- optimize="$optimize -fstrength-reduce"
- ;;
- powerpc-apple-*)
- # this triggers an internal compiler error with gcc2
- : #optimize="$optimize -fstrength-reduce"
-
- # this is really only beneficial with gcc3
- : #optimize="$optimize -finline-functions"
- ;;
- *)
- # this sometimes provokes bugs in gcc 2.95.2
- : #optimize="$optimize -fstrength-reduce"
- ;;
- esac
- ;;
- esac
-fi
+#if test "$GCC" = yes
+#then
+# if test -z "$arch"
+# then
+# case "$host" in
+# i386-*) ;;
+# i?86-*) arch="-march=i486" ;;
+# arm*-empeg-*) arch="-march=armv4 -mtune=strongarm1100" ;;
+# armv4*-*) arch="-march=armv4 -mtune=strongarm" ;;
+# powerpc-*) ;;
+# mips*-agenda-*) arch="-mcpu=vr4100" ;;
+# mips*-luxsonor-*) arch="-mips1 -mcpu=r3000 -Wa,-m4010" ;;
+# esac
+# fi
+#
+# case "$optimize" in
+# -O|"-O "*)
+# optimize="-O"
+# optimize="$optimize -fforce-mem"
+# optimize="$optimize -fforce-addr"
+# : #x optimize="$optimize -finline-functions"
+# : #- optimize="$optimize -fstrength-reduce"
+# optimize="$optimize -fthread-jumps"
+# optimize="$optimize -fcse-follow-jumps"
+# optimize="$optimize -fcse-skip-blocks"
+# : #x optimize="$optimize -frerun-cse-after-loop"
+# : #x optimize="$optimize -frerun-loop-opt"
+# : #x optimize="$optimize -fgcse"
+# optimize="$optimize -fexpensive-optimizations"
+# optimize="$optimize -fregmove"
+# : #* optimize="$optimize -fdelayed-branch"
+# : #x optimize="$optimize -fschedule-insns"
+# optimize="$optimize -fschedule-insns2"
+# : #? optimize="$optimize -ffunction-sections"
+# : #? optimize="$optimize -fcaller-saves"
+# : #> optimize="$optimize -funroll-loops"
+# : #> optimize="$optimize -funroll-all-loops"
+# : #x optimize="$optimize -fmove-all-movables"
+# : #x optimize="$optimize -freduce-all-givs"
+# : #? optimize="$optimize -fstrict-aliasing"
+# : #* optimize="$optimize -fstructure-noalias"
+#
+# case "$host" in
+# arm*-*)
+# optimize="$optimize -fstrength-reduce"
+# ;;
+# mips*-*)
+# optimize="$optimize -fstrength-reduce"
+# optimize="$optimize -finline-functions"
+# ;;
+# i?86-*)
+# optimize="$optimize -fstrength-reduce"
+# ;;
+# powerpc-apple-*)
+# # this triggers an internal compiler error with gcc2
+# : #optimize="$optimize -fstrength-reduce"
+#
+# # this is really only beneficial with gcc3
+# : #optimize="$optimize -finline-functions"
+# ;;
+# *)
+# # this sometimes provokes bugs in gcc 2.95.2
+# : #optimize="$optimize -fstrength-reduce"
+# ;;
+# esac
+# ;;
+# esac
+#fi
case "$host" in
mips*-agenda-*)

View File

@ -1,37 +0,0 @@
diff -up libmad-0.15.1b/Makefile.am.orig libmad-0.15.1b/Makefile.am
--- libmad-0.15.1b/Makefile.am.orig 2009-01-25 14:35:56.000000000 +0200
+++ libmad-0.15.1b/Makefile.am 2009-01-25 18:35:07.000000000 +0200
@@ -110,15 +110,28 @@ mad.h: config.status config.h Makefile.a
echo "# ifdef __cplusplus"; \
echo 'extern "C" {'; \
echo "# endif"; echo; \
- if [ ".$(FPM)" != "." ]; then \
- echo ".$(FPM)" | sed -e 's|^\.-D|# define |'; echo; \
- fi; \
+ echo "# ifdef __i386__"; \
+ echo "# define FPM_INTEL"; \
+ echo "# define SIZEOF_LONG 4"; \
+ echo "# endif"; \
+ echo "#ifdef __x86_64__";\
+ echo "# define FPM_64BIT"; \
+ echo "# define SIZEOF_LONG 8"; \
+ echo "# endif"; \
+ echo "#ifdef __powerpc__"; \
+ echo "#define FPM_PPC"; \
+ echo "#define SIZEOF_LONG 4"; \
+ echo "#endif"; \
+ echo "#ifdef __powerpc64__"; \
+ echo "#define FPM_PPC"; \
+ echo "#define SIZEOF_LONG 8"; \
+ echo "#endif"; echo; \
sed -ne 's/^# *define *\(HAVE_.*_ASM\).*/# define \1/p' \
config.h; echo; \
sed -ne 's/^# *define *OPT_\(SPEED\|ACCURACY\).*/# define OPT_\1/p' \
config.h; echo; \
- sed -ne 's/^# *define *\(SIZEOF_.*\)/# define \1/p' \
- config.h; echo; \
+ echo "# define SIZEOF_INT 4"; \
+ echo "# define SIZEOF_LONG_LONG 8"; echo; \
for header in $(exported_headers); do \
echo; \
sed -n -f $(srcdir)/mad.h.sed $(srcdir)/$$header; \

View File

@ -1,13 +0,0 @@
--- libmad-0.15.1b/fixed.h~ 2004-02-17 02:02:03.000000000 +0000
+++ libmad-0.15.1b/fixed.h 2009-07-19 13:03:08.000000000 +0100
@@ -379,8 +379,8 @@ mad_fixed_t mad_f_mul_inline(mad_fixed_t
asm ("addc %0,%2,%3\n\t" \
"adde %1,%4,%5" \
: "=r" (lo), "=r" (hi) \
- : "%r" (lo), "r" (__lo), \
- "%r" (hi), "r" (__hi) \
+ : "0" (lo), "r" (__lo), \
+ "1" (hi), "r" (__hi) \
: "xer"); \
})
# endif

View File

@ -1,29 +1,15 @@
Name: libmad
Version: 0.15.1b
Release: 34%{?dist}
Version: 0.16.2
Release: 1%{?dist}
Summary: MPEG audio decoder library
License: GPLv2+
URL: http://www.underbit.com/products/mad/
Source0: http://download.sourceforge.net/mad/%{name}-%{version}.tar.gz
#Create the same header on multilibs arches
Patch0: libmad-0.15.1b-multiarch.patch
Patch1: libmad-0.15.1b-ppc.patch
#https://bugs.launchpad.net/ubuntu/+source/libmad/+bug/534287
Patch2: Provide-Thumb-2-alternative-code-for-MAD_F_MLN.diff
#https://bugs.launchpad.net/ubuntu/+source/libmad/+bug/513734
Patch3: libmad.thumb.diff
Patch4: https://gitweb.gentoo.org/repo/gentoo.git/plain/media-libs/libmad/files/libmad-0.15.1b-cflags.patch
Patch5: https://gitweb.gentoo.org/repo/gentoo.git/plain/media-libs/libmad/files/libmad-0.15.1b-cflags-O2.patch
#Patches taken from debian - Kurt Roeckx <kurt@roeckx.be>
Patch6: length-check.patch
Patch7: md_size.diff
BuildRequires: automake
BuildRequires: autoconf
BuildRequires: libtool
BuildRequires: make
URL: https://github.com/tenacityteam/libmad
Source0: %url/archive/%{version}/%{name}-%{version}.tar.gz
Patch0: Add_unversioned_so.patch
BuildRequires: cmake
BuildRequires: gcc-c++
%description
MAD is a high-quality MPEG audio decoder. It currently supports MPEG-1
@ -34,67 +20,20 @@ and Layer III a.k.a. MP3) are fully implemented.
%package devel
Summary: MPEG audio decoder library development files
Requires: %{name}%{?_isa} = %{version}-%{release}
%if 0%{?el5}
Requires: pkgconfig
%endif
%description devel
%{summary}.
%prep
%setup -q
#Only relevant on multilibs arches
%ifarch %{ix86} x86_64 ppc ppc64
%patch0 -p1 -b .multiarch
%endif
%patch1 -p1 -b .ppc
%patch2 -p1 -b .alt_t2
%patch3 -p1 -b .thumb
%patch4 -p1 -b .cflags
%patch5 -p1 -b .02
%patch6 -p1 -b .lc
%patch7 -p1 -b .md_size
touch -r aclocal.m4 configure.ac NEWS AUTHORS ChangeLog
# Create an additional pkgconfig file
%{__cat} << EOF > mad.pc
prefix=%{_prefix}
exec_prefix=%{_prefix}
libdir=%{_libdir}
includedir=%{_includedir}
Name: mad
Description: MPEG Audio Decoder
Requires:
Version: %{version}
Libs: -L%{_libdir} -lmad -lm
Cflags: -I%{_includedir}
EOF
%autosetup -p1
%build
autoreconf -sfiv
%configure \
%if 0%{?__isa_bits} == 64
--enable-fpm=64bit \
%endif
%ifarch %{arm}
--enable-fpm=arm \
%endif
--disable-dependency-tracking \
--enable-accuracy \
--disable-static
%make_build
%cmake -DOPTIMIZE=ACCURACY
%cmake_build
%install
%make_install
%cmake_install
rm -f %{buildroot}%{_libdir}/*.la
install -D -p -m 0644 mad.pc %{buildroot}%{_libdir}/pkgconfig/mad.pc
touch -r mad.h.sed %{buildroot}/%{_includedir}/mad.h
%ldconfig_scriptlets
@ -107,11 +46,15 @@ touch -r mad.h.sed %{buildroot}/%{_includedir}/mad.h
%files devel
%{_libdir}/libmad.so
%{_libdir}/pkgconfig/mad.pc
%{_libdir}/cmake/mad/
%{_libdir}/pkgconfig/libmad.pc
%{_includedir}/mad.h
%changelog
* Fri Sep 02 2022 Leigh Scott <leigh123linux@gmail.com> - 0.16.2-1
- Update to 0.16.2
* Thu Jul 21 2022 Fedora Release Engineering <releng@fedoraproject.org> - 0.15.1b-34
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild

View File

@ -1,12 +0,0 @@
--- ./imdct_l_arm.S.orig 2010-02-25 13:25:23.000000000 +0100
+++ ./imdct_l_arm.S 2010-02-25 13:27:26.000000000 +0100
@@ -468,7 +468,7 @@
@----
- add r2, pc, #(imdct36_long_karray-.-8) @ r2 = base address of Knn array (PIC safe ?)
+ adr r2, imdct36_long_karray
loop:

View File

@ -1,58 +0,0 @@
From: Kurt Roeckx <kurt@roeckx.be>
Date: Sun, 28 Jan 2018 15:44:08 +0100
Subject: Check the size of the main data
The main data to decode a frame can come from the current frame and part of the
previous frame, the so called bit reservoir. si.main_data_begin is the part of
the previous frame we need for this frame. frame_space is the amount of main
data that can be in this frame, and next_md_begin is the part of this frame that
is going to be used for the next frame.
The maximum amount of data from a previous frame that the format allows is 511
bytes. The maximum frame size for the defined bitrates is at MPEG 2.5 layer 2
at 320 kbit/s and 8 kHz sample rate which gives 72 * (320000 / 8000) + 1 = 2881.
So those defines are not large enough:
# define MAD_BUFFER_GUARD 8
# define MAD_BUFFER_MDLEN (511 + 2048 + MAD_BUFFER_GUARD)
There is also support for a "free" bitrate which allows you to create any frame
size, which can be larger than the buffer.
Changing the defines is not an option since it's part of the ABI, so we check
that the main data fits in the bufer.
The previous frame data is stored in *stream->main_data and contains
stream->md_len bytes. If stream->md_len is larger than the data we
need from the previous frame (si.main_data_begin) it still wouldn't fit
in the buffer, so just keep the data that we need.
Index: libmad-0.15.1b/layer3.c
===================================================================
--- libmad-0.15.1b.orig/layer3.c
+++ libmad-0.15.1b/layer3.c
@@ -2608,6 +2608,11 @@ int mad_layer_III(struct mad_stream *str
next_md_begin = 0;
md_len = si.main_data_begin + frame_space - next_md_begin;
+ if (md_len + MAD_BUFFER_GUARD > MAD_BUFFER_MDLEN) {
+ stream->error = MAD_ERROR_LOSTSYNC;
+ stream->sync = 0;
+ return -1;
+ }
frame_used = 0;
@@ -2625,8 +2630,11 @@ int mad_layer_III(struct mad_stream *str
}
}
else {
- mad_bit_init(&ptr,
- *stream->main_data + stream->md_len - si.main_data_begin);
+ memmove(stream->main_data,
+ *stream->main_data + stream->md_len - si.main_data_begin,
+ si.main_data_begin);
+ stream->md_len = si.main_data_begin;
+ mad_bit_init(&ptr, *stream->main_data);
if (md_len > si.main_data_begin) {
assert(stream->md_len + md_len -