Bug#777159: malformed wav causes floating point exception (integer divide by zero)
Fabian Greffrath
fabian at greffrath.com
Fri Feb 6 08:52:43 UTC 2015
Hi all,
fortunately, this is all in the frontend code in
frontend/get_audio.c:parse_wave_header() and not in the library. The
bits_per_sample value is read from the corrupted file and is 0 in the
case at hand. It is then used without further sanity checking in the
following call
lame_set_num_samples(gfp, data_length / (channels * ((bits_per_sample +
7) / 8)));
in which "bits_per_sample + 7" is 7, divided by 8 is 0, times "channels"
remains 0. Unfortunately, this is the denominator of the division. Maybe
we should "return -1" early if (bits_per_sample < 1).
- Fabian
More information about the pkg-multimedia-maintainers
mailing list