Validate ATRAC1 decoder input and skip malformed framesHEAD master

The decoder now skips an invalid frame and emits silence.
author: Daniil Cherednik <[email protected]> 2026-06-26 23:32:56 +0200
committer: Daniil Cherednik <[email protected]> 2026-06-27 10:11:47 +0200
commit: 75b3d391652e8cb61a98685fcfc5185891007429 (patch)
tree: ffd320927df61382d18edf650069cf3db2bbe7cd /src/atrac/at1
parent: e9434fe78a4bb68199409e523990d31322e48c7b (diff)
1 files changed, 11 insertions, 0 deletions
diff --git a/src/atrac/at1/atrac1.cpp b/src/atrac/at1/atrac1.cpp
index b361ad5..fd11c66 100644
--- a/src/atrac/at1/atrac1.cpp
+++ b/src/atrac/at1/atrac1.cpp
@@ -19,6 +19,8 @@
 #include "atrac1.h"
 #include "bitstream/bitstream.h"
 
+#include <stdexcept>
+
 namespace NAtracDEnc {
 namespace NAtrac1 {
 
@@ -38,6 +40,15 @@ std::array<int, 3> TAtrac1Data::TBlockSizeMod::Parse(NBitStream::TBitStream* str
     tmp[1] = 2 - stream->Read(2);
     tmp[2] = 3 - stream->Read(2);
     stream->Read(2); //skip unused 2 bits
+
+    // LogCount is used as the shift count for the number of MDCT blocks
+    // (1 << LogCount). A malformed frame can encode a value that makes this
+    // negative, which is undefined behaviour and leads to out-of-bounds
+    // access during the (I)MDCT. Reject such frames.
+    for (int i = 0; i < 3; i++) {
+        if (tmp[i] < 0)
+            throw std::runtime_error("invalid ATRAC1 block size mode");
+    }
     return tmp;
 }
author	Daniil Cherednik <[email protected]>	2026-06-26 23:32:56 +0200
committer	Daniil Cherednik <[email protected]>	2026-06-27 10:11:47 +0200
commit	75b3d391652e8cb61a98685fcfc5185891007429 (patch)
tree	ffd320927df61382d18edf650069cf3db2bbe7cd /src/atrac/at1
parent	e9434fe78a4bb68199409e523990d31322e48c7b (diff)