From ae3d45ae6f01e3278a4bfd8f79f7815e380b4bf6 Mon Sep 17 00:00:00 2001
From: Martijn van Beurden <mvanb1@gmail.com>
Date: Wed, 6 Mar 2024 13:49:30 +0100
Subject: [PATCH 1/4] Augment fuzzing to catch
 https://github.com/xiph/flac/pull/645

---
 oss-fuzz/encoder_v2.cc       | 2 ++
 src/libFLAC/stream_decoder.c | 6 +++---
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/oss-fuzz/encoder_v2.cc b/oss-fuzz/encoder_v2.cc
index 20e81ebd9a..3eb00f2ee6 100644
--- a/oss-fuzz/encoder_v2.cc
+++ b/oss-fuzz/encoder_v2.cc
@@ -54,6 +54,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
 	FLAC__bool encoder_valid = true;
 	FLAC__StreamEncoder *encoder = 0;
 	FLAC__StreamEncoderState state;
+	const char* state_string = "";
 	FLAC__StreamMetadata *metadata[16] = {NULL};
 	unsigned num_metadata = 0;
 	FLAC__StreamMetadata_VorbisComment_Entry VorbisCommentField;
@@ -320,6 +321,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
 	}
 
 	state = FLAC__stream_encoder_get_state(encoder);
+	state_string = FLAC__stream_encoder_get_resolved_state_string(encoder);
 	if(!(state == FLAC__STREAM_ENCODER_OK ||
 	     state == FLAC__STREAM_ENCODER_UNINITIALIZED ||
 	     state == FLAC__STREAM_ENCODER_CLIENT_ERROR ||
diff --git a/src/libFLAC/stream_decoder.c b/src/libFLAC/stream_decoder.c
index 1d08a052c6..00bc52513b 100644
--- a/src/libFLAC/stream_decoder.c
+++ b/src/libFLAC/stream_decoder.c
@@ -247,18 +247,18 @@ FLAC_API FLAC__StreamDecoder *FLAC__stream_decoder_new(void)
 
 	FLAC__ASSERT(sizeof(int) >= 4); /* we want to die right away if this is not true */
 
-	decoder = calloc(1, sizeof(FLAC__StreamDecoder));
+	decoder = safe_calloc_(1, sizeof(FLAC__StreamDecoder));
 	if(decoder == 0) {
 		return 0;
 	}
 
-	decoder->protected_ = calloc(1, sizeof(FLAC__StreamDecoderProtected));
+	decoder->protected_ = safe_calloc_(1, sizeof(FLAC__StreamDecoderProtected));
 	if(decoder->protected_ == 0) {
 		free(decoder);
 		return 0;
 	}
 
-	decoder->private_ = calloc(1, sizeof(FLAC__StreamDecoderPrivate));
+	decoder->private_ = safe_calloc_(1, sizeof(FLAC__StreamDecoderPrivate));
 	if(decoder->private_ == 0) {
 		free(decoder->protected_);
 		free(decoder);

From a9e444d1a1358e6ed77b67267e68541225128acc Mon Sep 17 00:00:00 2001
From: Miroslav Lichvar <mlichvar@redhat.com>
Date: Mon, 4 Sep 2023 15:24:16 +0200
Subject: [PATCH 2/4] Handle missing decoder in
 FLAC__stream_encoder_get_resolved_state_string()

Fix crash when trying to get the decoder's state string while the decoder
is missing due to a memory allocation error.
---
 src/libFLAC/stream_encoder.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/libFLAC/stream_encoder.c b/src/libFLAC/stream_encoder.c
index 7cf8dcf9b8..1c586eabce 100644
--- a/src/libFLAC/stream_encoder.c
+++ b/src/libFLAC/stream_encoder.c
@@ -2337,6 +2337,8 @@ FLAC_API const char *FLAC__stream_encoder_get_resolved_state_string(const FLAC__
 	FLAC__ASSERT(0 != encoder->protected_);
 	if(encoder->protected_->state != FLAC__STREAM_ENCODER_VERIFY_DECODER_ERROR)
 		return FLAC__StreamEncoderStateString[encoder->protected_->state];
+	else if(!encoder->private_->verify.decoder)
+		return FLAC__StreamEncoderStateString[FLAC__STREAM_ENCODER_MEMORY_ALLOCATION_ERROR];
 	else
 		return FLAC__stream_decoder_get_resolved_state_string(encoder->private_->verify.decoder);
 }

From 0eca0940dd9abc8efe38c6bf53b59188e9554781 Mon Sep 17 00:00:00 2001
From: Martijn van Beurden <mvanb1@gmail.com>
Date: Wed, 6 Mar 2024 14:04:45 +0100
Subject: [PATCH 3/4] Handle missing decoder in
 FLAC__stream_encoder_get_verify_decoder_state()

---
 src/libFLAC/stream_encoder.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/libFLAC/stream_encoder.c b/src/libFLAC/stream_encoder.c
index 1c586eabce..3163be1ccc 100644
--- a/src/libFLAC/stream_encoder.c
+++ b/src/libFLAC/stream_encoder.c
@@ -2325,7 +2325,10 @@ FLAC_API FLAC__StreamDecoderState FLAC__stream_encoder_get_verify_decoder_state(
 	FLAC__ASSERT(0 != encoder->private_);
 	FLAC__ASSERT(0 != encoder->protected_);
 	if(encoder->protected_->verify)
-		return FLAC__stream_decoder_get_state(encoder->private_->verify.decoder);
+		if(encoder->private_->verify.decoder == NULL)
+			return FLAC__STREAM_DECODER_MEMORY_ALLOCATION_ERROR;
+		else
+			return FLAC__stream_decoder_get_state(encoder->private_->verify.decoder);
 	else
 		return FLAC__STREAM_DECODER_UNINITIALIZED;
 }

From 27e75d5af628cf901b0df5c202fafb99683c177e Mon Sep 17 00:00:00 2001
From: Martijn van Beurden <mvanb1@gmail.com>
Date: Wed, 6 Mar 2024 19:28:09 +0100
Subject: [PATCH 4/4] Silence fuzzer_seek

---
 oss-fuzz/seek.cc | 1 -
 1 file changed, 1 deletion(-)

diff --git a/oss-fuzz/seek.cc b/oss-fuzz/seek.cc
index d3ccbe882e..26b22b7893 100644
--- a/oss-fuzz/seek.cc
+++ b/oss-fuzz/seek.cc
@@ -80,7 +80,6 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
 
 	/* allocate the decoder */
 	if((decoder = FLAC__stream_decoder_new()) == NULL) {
-		fprintf(stderr, "ERROR: allocating decoder\n");
 		return 1;
 	}