2014-12-11 16:31 GMT+01:00 lvqcl <lvqcl.m...@gmail.com>: > > Martijn van Beurden wrote: > > > For example, it could be checked whether the sample > > rate, blocksize, number of channels and sample size in the frame > > header match with those in the stream info, and whether the > > sample or framenumber is in a sane range. This gives less > > security than fully decoding the frame, but it ensures the seek > > process will no longer fail because of these CVE sanity checks. > > > IIRC flake encoder is able to create FLAC files with variable blocksizes. > So it's better to assume that blocksize is not constant.
The STREAMINFO lists a minimum and maximum blocksize used in the stream, those bounds can be checked for.
_______________________________________________ flac-dev mailing list flac-dev@xiph.org http://lists.xiph.org/mailman/listinfo/flac-dev
