It was reported [1] that in command-line flac encoder/decoder tool, bytes_to_read is not properly checked against the size of ucbuffer, which causes a stack overflow when performing fread in encoding. Codes related to the crash are in src/flac/encode.c, function flac__encode_file() PoC file can be found here: http://sourceforge.net/projects/pocfiles/files/libflac_stack.wav/download [1]: http://sourceforge.net/p/flac/bugs/425/
Created flac tracking bugs for this issue: Affects: fedora-all [bug 1193445]
This is a buffer overflow in flac__encode_file() (in older versions, similar code is in flac__encode_wav() and flac__encode_aif()). The buffer is static BSS based buffer. Overflow is caught by FORTIFY_SOURCE which mitigates impact to program abort. The flaw is in the flac command line tool rather than libFLAC library. Fixed upstream in: https://git.xiph.org/?p=flac.git;a=commitdiff;h=c06a44969c1145242a22f75fc8fb2e8b54c55303 Affects the currently latest upstream version 1.3.1.