Validate ATRAC1 decoder input and skip malformed framesHEAD master

The decoder now skips an invalid frame and emits silence.
author: Daniil Cherednik <[email protected]> 2026-06-26 23:32:56 +0200
committer: Daniil Cherednik <[email protected]> 2026-06-27 10:11:47 +0200
commit: 75b3d391652e8cb61a98685fcfc5185891007429 (patch)
tree: ffd320927df61382d18edf650069cf3db2bbe7cd /src/lib
parent: e9434fe78a4bb68199409e523990d31322e48c7b (diff)
1 files changed, 10 insertions, 1 deletions
diff --git a/src/lib/bitstream/bitstream.cpp b/src/lib/bitstream/bitstream.cpp
index ddff907..f731c0a 100644
--- a/src/lib/bitstream/bitstream.cpp
+++ b/src/lib/bitstream/bitstream.cpp
@@ -16,6 +16,7 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
  */
 #include <cstdint>
+#include <stdexcept>
 #include "bitstream.h"
 
 #ifndef BIGENDIAN_ORDER
@@ -67,8 +68,16 @@ uint32_t TBitStream::Read(int n) {
     const int bytesPos = ReadPos / 8;
     const int overlap = ReadPos % 8;
 
+    // A malformed frame can request more bits than it actually contains.
+    // Reading past the end of the buffer would be out-of-bounds access.
+    if (ReadPos + n > (int)Buf.size() * 8)
+        throw std::runtime_error("read past the end of the bitstream");
+
+    // Number of bytes the requested value actually spans, starting at bytesPos.
+    const int bytesToRead = (overlap + n + 7) / 8;
+
     UBytes t;
-    for (int i = 0; i < n/8 + (overlap ? 2 : 1); ++i) {
+    for (int i = 0; i < bytesToRead; ++i) {
 #ifdef NBITSTREAM__LITTLE_ENDIAN_CPU
         t.bytes[3-i] = (uint8_t)Buf[bytesPos+i];
 #else
author	Daniil Cherednik <[email protected]>	2026-06-26 23:32:56 +0200
committer	Daniil Cherednik <[email protected]>	2026-06-27 10:11:47 +0200
commit	75b3d391652e8cb61a98685fcfc5185891007429 (patch)
tree	ffd320927df61382d18edf650069cf3db2bbe7cd /src/lib
parent	e9434fe78a4bb68199409e523990d31322e48c7b (diff)