Explicitly allow overflow on subtract

This does not happen for valid FLAC files, but the library should not panic in debug mode. Found using libfuzzer and cargo-fuzz.
ruuda · Feb 22, 2017 · 483eda3 · 483eda3
1 parent 7e26815
commit 483eda3
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 2 deletions.
diff --git a/src/frame.rs b/src/frame.rs
@@ -319,8 +319,11 @@ fn decode_left_side(buffer: &mut [i32]) {
         let side = *snd;
 
         // Left is correct already, only the right channel needs to be decoded.
-        // side = left - right => right = left - side.
-        let right = left - side;
+        // side = left - right => right = left - side. A valid FLAC file will
+        // never overflow here. If we do have an overflow then we decode
+        // garbage, but at least Rust does not panic in debug mode due to
+        // overflow.
+        let right = left.wrapping_sub(side);
         *snd = right;
     }
 }

diff --git a/testsamples/fuzz/1cc7059cbdac01b75e91eef8e826895cdfbaccca.flac b/testsamples/fuzz/1cc7059cbdac01b75e91eef8e826895cdfbaccca.flac