flacdec: Fix mono output.

In the write callback of the flac decoder we correctly allocate and
fill an output buffer of n * 2 bytes for mono streams, where n is the
block size stored in the frame header. However, later in this function
twice as many bytes are added to the buffer tree. This may result in
a segmentation fault due to reading beyond the allocated buffer.

Fix this by adding n * channels * 2 bytes, which is correct for both
mono and stereo files.

diff --git a/flacdec_filter.c b/flacdec_filter.c
index 4220b5d61db29b866063f1e6d1769589e1e67f23..b51ac3bdee671dba91dc444fdd333126a912677a 100644 (file)
--- a/flacdec_filter.c
+++ b/flacdec_filter.c
@@ -144,7 +144,7 @@ static FLAC__StreamDecoderWriteStatus write_cb(
                        write_int16_host_endian(outbuffer + 4 * k + 2, right);
                }
        }
-       btr_add_output(outbuffer, n * 4, btrn);
+       btr_add_output(outbuffer, n * channels * 2, btrn);
        flac_consume(fn);
        return FLAC__STREAM_DECODER_WRITE_STATUS_CONTINUE;
 }