From 391f912c8efccae65bd7301c86bc582d78ca3465 Mon Sep 17 00:00:00 2001
From: Ozkan Sezer <[EMAIL REDACTED]>
Date: Mon, 11 May 2026 21:41:50 +0300
Subject: [PATCH] updated dr_mp3.h and dr_flac.h from mainstream.
---
src/codecs/dr_libs/dr_flac.h | 89 ++++++++++++++++++++++++++++--------
src/codecs/dr_libs/dr_mp3.h | 81 ++++++++++++++++++++++----------
2 files changed, 127 insertions(+), 43 deletions(-)
diff --git a/src/codecs/dr_libs/dr_flac.h b/src/codecs/dr_libs/dr_flac.h
index c95a78c3e..72bc6b762 100644
--- a/src/codecs/dr_libs/dr_flac.h
+++ b/src/codecs/dr_libs/dr_flac.h
@@ -1,6 +1,6 @@
/*
FLAC audio decoder. Choice of public domain or MIT-0. See license statements at the end of this file.
-dr_flac - v0.13.2 - 2025-12-02
+dr_flac - v0.13.4 - TBD
David Reid - mackron@gmail.com
@@ -126,7 +126,7 @@ extern "C" {
#define DRFLAC_VERSION_MAJOR 0
#define DRFLAC_VERSION_MINOR 13
-#define DRFLAC_VERSION_REVISION 2
+#define DRFLAC_VERSION_REVISION 4
#define DRFLAC_VERSION_STRING DRFLAC_XSTRINGIFY(DRFLAC_VERSION_MAJOR) "." DRFLAC_XSTRINGIFY(DRFLAC_VERSION_MINOR) "." DRFLAC_XSTRINGIFY(DRFLAC_VERSION_REVISION)
#include <stddef.h> /* For size_t. */
@@ -1547,6 +1547,8 @@ static DRFLAC_INLINE drflac_bool32 drflac_has_sse41(void)
#define DRFLAC_ZERO_OBJECT(p) DRFLAC_ZERO_MEMORY((p), sizeof(*(p)))
#endif
+#define DRFLAC_MIN(a, b) (((a) < (b)) ? (a) : (b))
+
#define DRFLAC_MAX_SIMD_VECTOR_SIZE 64 /* 64 for AVX-512 in the future. */
/* Result Codes */
@@ -2716,9 +2718,17 @@ static DRFLAC_INLINE drflac_uint32 drflac__clz_lzcnt(drflac_cache_t x)
#if defined(__GNUC__) || defined(__clang__)
#if defined(DRFLAC_X64)
{
+ /*
+ A note on lzcnt.
+
+ We check for the presence of the lzcnt instruction at runtime before calling this function, but we still generate this code. I have had
+ a report where the assembler does not recognize the lzcnt instruction. To work around this we are going to use `rep; bsr` instead which
+ has an identical byte encoding as lzcnt, and should hopefully improve compatibility with older assemblers.
+ */
drflac_uint64 r;
__asm__ __volatile__ (
- "lzcnt{ %1, %0| %0, %1}" : "=r"(r) : "r"(x) : "cc"
+ "rep; bsr{q %1, %0| %0, %1}" : "=r"(r) : "r"(x) : "cc"
+ /*"lzcnt{ %1, %0| %0, %1}" : "=r"(r) : "r"(x) : "cc"*/
);
return (drflac_uint32)r;
@@ -2727,7 +2737,8 @@ static DRFLAC_INLINE drflac_uint32 drflac__clz_lzcnt(drflac_cache_t x)
{
drflac_uint32 r;
__asm__ __volatile__ (
- "lzcnt{l %1, %0| %0, %1}" : "=r"(r) : "r"(x) : "cc"
+ "rep; bsr{l %1, %0| %0, %1}" : "=r"(r) : "r"(x) : "cc"
+ /*"lzcnt{l %1, %0| %0, %1}" : "=r"(r) : "r"(x) : "cc"*/
);
return r;
@@ -5971,8 +5982,6 @@ static drflac_bool32 drflac__seek_to_pcm_frame__binary_search_internal(drflac* p
break; /* Failed to seek to FLAC frame. */
}
} else {
- const float approxCompressionRatio = (drflac_int64)(lastSuccessfulSeekOffset - pFlac->firstFLACFramePosInBytes) / ((drflac_int64)(pcmRangeLo * pFlac->channels * pFlac->bitsPerSample)/8.0f);
-
if (pcmRangeLo > pcmFrameIndex) {
/* We seeked too far forward. We need to move our target byte backward and try again. */
byteRangeHi = lastSuccessfulSeekOffset;
@@ -5995,12 +6004,14 @@ static drflac_bool32 drflac__seek_to_pcm_frame__binary_search_internal(drflac* p
break; /* Failed to seek to FLAC frame. */
}
} else {
+ const double approxCompressionRatio = (drflac_int64)(lastSuccessfulSeekOffset - pFlac->firstFLACFramePosInBytes) / ((drflac_int64)(pcmRangeLo * pFlac->channels * pFlac->bitsPerSample)/8.0);
+
byteRangeLo = lastSuccessfulSeekOffset;
if (byteRangeHi < byteRangeLo) {
byteRangeHi = byteRangeLo;
}
- targetByte = lastSuccessfulSeekOffset + (drflac_uint64)(((drflac_int64)((pcmFrameIndex-pcmRangeLo) * pFlac->channels * pFlac->bitsPerSample)/8.0f) * approxCompressionRatio);
+ targetByte = lastSuccessfulSeekOffset + (drflac_uint64)(((drflac_int64)((pcmFrameIndex-pcmRangeLo) * pFlac->channels * pFlac->bitsPerSample)/8.0) * approxCompressionRatio);
if (targetByte > byteRangeHi) {
targetByte = byteRangeHi;
}
@@ -6393,7 +6404,7 @@ static void* drflac__realloc_from_callbacks(void* p, size_t szNew, size_t szOld,
}
if (p != NULL) {
- DRFLAC_COPY_MEMORY(p2, p, szOld);
+ DRFLAC_COPY_MEMORY(p2, p, DRFLAC_MIN(szNew, szOld));
pAllocationCallbacks->onFree(p, pAllocationCallbacks->pUserData);
}
@@ -6421,11 +6432,22 @@ static drflac_bool32 drflac__read_and_decode_metadata(drflac_read_proc onRead, d
We want to keep track of the byte position in the stream of the seektable. At the time of calling this function we know that
we'll be sitting on byte 42.
*/
- drflac_uint64 runningFilePos = 42;
- drflac_uint64 seektablePos = 0;
- drflac_uint32 seektableSize = 0;
+ drflac_uint64 runningFilePos = 42;
+ drflac_uint64 seektablePos = 0;
+ drflac_uint32 seektableSize = 0;
+ drflac_int64 fileSize = 0;
+ drflac_bool32 hasKnownFileSize = DRFLAC_FALSE;
- (void)onTell;
+ /* We'll be doing some memory allocations here against untrusted data. We'll do a basic validation check that they don't exceed the size of the file. */
+ if (onTell != NULL && onSeek != NULL) {
+ if (onSeek(pUserData, 0, DRFLAC_SEEK_END)) {
+ if (onTell(pUserData, &fileSize)) {
+ hasKnownFileSize = DRFLAC_TRUE;
+ }
+
+ onSeek(pUserData, runningFilePos, DRFLAC_SEEK_SET);
+ }
+ }
for (;;) {
drflac_metadata metadata;
@@ -6435,6 +6457,11 @@ static drflac_bool32 drflac__read_and_decode_metadata(drflac_read_proc onRead, d
if (drflac__read_and_decode_block_header(onRead, pUserData, &isLastBlock, &blockType, &blockSize) == DRFLAC_FALSE) {
return DRFLAC_FALSE;
}
+
+ if (hasKnownFileSize && (blockSize > ((drflac_uint64)fileSize - runningFilePos))) {
+ return DRFLAC_FALSE; /* Block size exceeds the size of the file. */
+ }
+
runningFilePos += 4;
metadata.type = blockType;
@@ -6550,7 +6577,7 @@ static drflac_bool32 drflac__read_and_decode_metadata(drflac_read_proc onRead, d
drflac__free_from_callbacks(pRawData, pAllocationCallbacks);
return DRFLAC_FALSE;
}
- metadata.data.vorbis_comment.vendor = pRunningData; pRunningData += metadata.data.vorbis_comment.vendorLength;
+ metadata.data.vorbis_comment.vendor = pRunningData; pRunningData += metadata.data.vorbis_comment.vendorLength;
metadata.data.vorbis_comment.commentCount = drflac__le2host_32_ptr_unaligned(pRunningData); pRunningData += 4;
/* Need space for 'commentCount' comments after the block, which at minimum is a drflac_uint32 per comment */
@@ -6738,13 +6765,18 @@ static drflac_bool32 drflac__read_and_decode_metadata(drflac_read_proc onRead, d
blockSizeRemaining -= 4;
metadata.data.picture.mimeLength = drflac__be2host_32(metadata.data.picture.mimeLength);
+ if (blockSizeRemaining < metadata.data.picture.mimeLength) {
+ result = DRFLAC_FALSE;
+ goto done_flac;
+ }
+
pMime = (char*)drflac__malloc_from_callbacks(metadata.data.picture.mimeLength + 1, pAllocationCallbacks); /* +1 for null terminator. */
if (pMime == NULL) {
result = DRFLAC_FALSE;
goto done_flac;
}
- if (blockSizeRemaining < metadata.data.picture.mimeLength || onRead(pUserData, pMime, metadata.data.picture.mimeLength) != metadata.data.picture.mimeLength) {
+ if (onRead(pUserData, pMime, metadata.data.picture.mimeLength) != metadata.data.picture.mimeLength) {
result = DRFLAC_FALSE;
goto done_flac;
}
@@ -6760,13 +6792,18 @@ static drflac_bool32 drflac__read_and_decode_metadata(drflac_read_proc onRead, d
blockSizeRemaining -= 4;
metadata.data.picture.descriptionLength = drflac__be2host_32(metadata.data.picture.descriptionLength);
+ if (blockSizeRemaining < metadata.data.picture.descriptionLength) {
+ result = DRFLAC_FALSE;
+ goto done_flac;
+ }
+
pDescription = (char*)drflac__malloc_from_callbacks(metadata.data.picture.descriptionLength + 1, pAllocationCallbacks); /* +1 for null terminator. */
if (pDescription == NULL) {
result = DRFLAC_FALSE;
goto done_flac;
}
- if (blockSizeRemaining < metadata.data.picture.descriptionLength || onRead(pUserData, pDescription, metadata.data.picture.descriptionLength) != metadata.data.picture.descriptionLength) {
+ if (onRead(pUserData, pDescription, metadata.data.picture.descriptionLength) != metadata.data.picture.descriptionLength) {
result = DRFLAC_FALSE;
goto done_flac;
}
@@ -6842,8 +6879,10 @@ static drflac_bool32 drflac__read_and_decode_metadata(drflac_read_proc onRead, d
}
blockSizeRemaining -= metadata.data.picture.pictureDataSize;
- metadata.data.picture.pPictureData = (const drflac_uint8*)pPictureData;
+ (void)blockSizeRemaining;
+ metadata.data.picture.pPictureData = (const drflac_uint8*)pPictureData;
+
/* Only fire the callback if we actually have a way to read the image data. We must have either a valid offset, or a valid data pointer. */
if (metadata.data.picture.pictureDataOffset != 0 || metadata.data.picture.pPictureData != NULL) {
@@ -8083,11 +8122,17 @@ static drflac* drflac_open_with_metadata_private(drflac_read_proc onRead, drflac
return NULL;
}
+ if ((0xFFFFFFFF - (seekpointCount * sizeof(drflac_seekpoint))) < allocationSize) {
+ #ifndef DR_FLAC_NO_OGG
+ drflac__free_from_callbacks(pOggbs, &allocationCallbacks);
+ #endif
+ return NULL;
+ }
+
allocationSize += seekpointCount * sizeof(drflac_seekpoint);
}
-
- pFlac = (drflac*)drflac__malloc_from_callbacks(allocationSize, &allocationCallbacks);
+ pFlac = (drflac*)drflac__malloc_from_callbacks((size_t)allocationSize, &allocationCallbacks);
if (pFlac == NULL) {
#ifndef DR_FLAC_NO_OGG
drflac__free_from_callbacks(pOggbs, &allocationCallbacks);
@@ -12158,6 +12203,14 @@ DRFLAC_API drflac_bool32 drflac_next_cuesheet_track(drflac_cuesheet_track_iterat
/*
REVISION HISTORY
================
+v0.13.4 - TBD
+ - Add a bounds check when allocating memory during metadata processing.
+ - Fix a possible overflow error when parsing picture metadata.
+
+v0.13.3 - 2026-01-17
+ - Fix a compiler compatibility issue with some inlined assembly.
+ - Fix a compilation warning.
+
v0.13.2 - 2025-12-02
- Improve robustness of the parsing of picture metadata to improve support for memory constrained embedded devices.
- Fix a warning about an assigned by unused variable.
diff --git a/src/codecs/dr_libs/dr_mp3.h b/src/codecs/dr_libs/dr_mp3.h
index 90fe66a97..a458d86cf 100644
--- a/src/codecs/dr_libs/dr_mp3.h
+++ b/src/codecs/dr_libs/dr_mp3.h
@@ -1,6 +1,6 @@
/*
MP3 audio decoder. Choice of public domain or MIT-0. See license statements at the end of this file.
-dr_mp3 - v0.7.3 - TBD
+dr_mp3 - v0.7.4 - TBD
David Reid - mackron@gmail.com
@@ -72,7 +72,7 @@ extern "C" {
#define DRMP3_VERSION_MAJOR 0
#define DRMP3_VERSION_MINOR 7
-#define DRMP3_VERSION_REVISION 3
+#define DRMP3_VERSION_REVISION 4
#define DRMP3_VERSION_STRING DRMP3_XSTRINGIFY(DRMP3_VERSION_MAJOR) "." DRMP3_XSTRINGIFY(DRMP3_VERSION_MINOR) "." DRMP3_XSTRINGIFY(DRMP3_VERSION_REVISION)
#include <stddef.h> /* For size_t. */
@@ -657,8 +657,10 @@ DRMP3_API const char* drmp3_version_string(void)
#if !defined(DR_MP3_NO_SIMD)
-#if !defined(DR_MP3_ONLY_SIMD) && (defined(_M_X64) || defined(__x86_64__) || defined(__aarch64__) || defined(_M_ARM64) || defined(_M_ARM64EC))
-/* x64 always have SSE2, arm64 always have neon, no need for generic code */
+#if !defined(DR_MP3_ONLY_SIMD) && ((defined(_MSC_VER) && _MSC_VER >= 1400) && defined(_M_X64)) || ((defined(__i386) || defined(_M_IX86) || defined(__i386__) || defined(__x86_64__)) && ((defined(_M_IX86_FP) && _M_IX86_FP == 2) || defined(__SSE2__)))
+#define DR_MP3_ONLY_SIMD
+#endif
+#if !defined(DR_MP3_ONLY_SIMD) && (defined(__ARM_NEON) || defined(__aarch64__) || defined(_M_ARM64) || defined(_M_ARM64EC))
#define DR_MP3_ONLY_SIMD
#endif
@@ -3170,7 +3172,6 @@ static drmp3_bool32 drmp3_init_internal(drmp3* pMP3, drmp3_read_proc onRead, drm
{
drmp3_bs bs;
drmp3_L3_gr_info grInfo[4];
- const drmp3_uint8* pTagData = pFirstFrameData;
drmp3_bs_init(&bs, pFirstFrameData + DRMP3_HDR_SIZE, firstFrameInfo.frame_bytes - DRMP3_HDR_SIZE);
@@ -3181,11 +3182,16 @@ static drmp3_bool32 drmp3_init_internal(drmp3* pMP3, drmp3_read_proc onRead, drm
if (drmp3_L3_read_side_info(&bs, grInfo, pFirstFrameData) >= 0) {
drmp3_bool32 isXing = DRMP3_FALSE;
drmp3_bool32 isInfo = DRMP3_FALSE;
+ const drmp3_uint8* pTagData;
const drmp3_uint8* pTagDataBeg;
pTagDataBeg = pFirstFrameData + DRMP3_HDR_SIZE + (bs.pos/8);
pTagData = pTagDataBeg;
+ if (firstFrameInfo.frame_bytes - (size_t)(pTagData - pFirstFrameData) < 8) {
+ goto done_xing_info; /* Frame too small for a Xing/Info tag. */
+ }
+
/* Check for both "Xing" and "Info" identifiers. */
isXing = (pTagData[0] == 'X' && pTagData[1] == 'i' && pTagData[2] == 'n' && pTagData[3] == 'g');
isInfo = (pTagData[0] == 'I' && pTagData[1] == 'n' && pTagData[2] == 'f' && pTagData[3] == 'o');
@@ -3197,42 +3203,60 @@ static drmp3_bool32 drmp3_init_internal(drmp3* pMP3, drmp3_read_proc onRead, drm
pTagData += 8; /* Skip past the ID and flags. */
if (flags & 0x01) { /* FRAMES flag. */
+ if (firstFrameInfo.frame_bytes - (size_t)(pTagData - pFirstFrameData) < 4) {
+ goto done_xing_info; /* Invalid Xing/Info tag. */
+ }
+
detectedMP3FrameCount = (drmp3_uint32)pTagData[0] << 24 | (drmp3_uint32)pTagData[1] << 16 | (drmp3_uint32)pTagData[2] << 8 | (drmp3_uint32)pTagData[3];
pTagData += 4;
}
if (flags & 0x02) { /* BYTES flag. */
+ if (firstFrameInfo.frame_bytes - (size_t)(pTagData - pFirstFrameData) < 4) {
+ goto done_xing_info; /* Invalid Xing/Info tag. */
+ }
+
bytes = (drmp3_uint32)pTagData[0] << 24 | (drmp3_uint32)pTagData[1] << 16 | (drmp3_uint32)pTagData[2] << 8 | (drmp3_uint32)pTagData[3];
(void)bytes; /* <-- Just to silence a warning about `bytes` being assigned but unused. Want to leave this here in case I want to make use of it later. */
pTagData += 4;
}
if (flags & 0x04) { /* TOC flag. */
+ if (firstFrameInfo.frame_bytes - (size_t)(pTagData - pFirstFrameData) < 100) {
+ goto done_xing_info; /* Invalid Xing/Info tag. */
+ }
+
/* TODO: Extract and bind seek points. */
pTagData += 100;
}
if (flags & 0x08) { /* SCALE flag. */
+ if (firstFrameInfo.frame_bytes - (size_t)(pTagData - pFirstFrameData) < 4) {
+ goto done_xing_info; /* Invalid Xing/Info tag. */
+ }
+
pTagData += 4;
}
/* At this point we're done with the Xing/Info header. Now we can look at the LAME data. */
if (pTagData[0]) {
- pTagData += 21;
+ int delayInPCMFrames;
+ int paddingInPCMFrames;
- if (pTagData - pFirstFrameData + 14 < firstFrameInfo.frame_bytes) {
- int delayInPCMFrames;
- int paddingInPCMFrames;
+ if (firstFrameInfo.frame_bytes - (size_t)(pTagData - pFirstFrameData) < 36) {
+ goto done_xing_info; /* Invalid Xing/Info tag. */
+ }
- delayInPCMFrames = (( (drmp3_uint32)pTagData[0] << 4) | ((drmp3_uint32)pTagData[1] >> 4)) + (528 + 1);
- paddingInPCMFrames = ((((drmp3_uint32)pTagData[1] & 0xF) << 8) | ((drmp3_uint32)pTagData[2] )) - (528 + 1);
- if (paddingInPCMFrames < 0) {
- paddingInPCMFrames = 0; /* Padding cannot be negative. Probably a malformed file. Ignore. */
- }
-
- pMP3->delayInPCMFrames = (drmp3_uint32)delayInPCMFrames;
- pMP3->paddingInPCMFrames = (drmp3_uint32)paddingInPCMFrames;
+ pTagData += 21;
+
+ delayInPCMFrames = (( (drmp3_uint32)pTagData[0] << 4) | ((drmp3_uint32)pTagData[1] >> 4)) + (528 + 1);
+ paddingInPCMFrames = ((((drmp3_uint32)pTagData[1] & 0xF) << 8) | ((drmp3_uint32)pTagData[2] )) - (528 + 1);
+ if (paddingInPCMFrames < 0) {
+ paddingInPCMFrames = 0; /* Padding cannot be negative. Probably a malformed file. Ignore. */
}
+
+ pMP3->delayInPCMFrames = (drmp3_uint32)delayInPCMFrames;
+ pMP3->paddingInPCMFrames = (drmp3_uint32)paddingInPCMFrames;
}
/*
@@ -3271,6 +3295,8 @@ static drmp3_bool32 drmp3_init_internal(drmp3* pMP3, drmp3_read_proc onRead, drm
*/
drmp3dec_init(&pMP3->decoder);
}
+
+ done_xing_info:;
} else {
/* Failed to read the side info. */
}
@@ -3283,7 +3309,7 @@ static drmp3_bool32 drmp3_init_internal(drmp3* pMP3, drmp3_read_proc onRead, drm
}
if (detectedMP3FrameCount != 0xFFFFFFFF) {
- pMP3->totalPCMFrameCount = detectedMP3FrameCount * firstFramePCMFrameCount;
+ pMP3->totalPCMFrameCount = (drmp3_uint64)detectedMP3FrameCount * firstFramePCMFrameCount;
}
pMP3->channels = pMP3->mp3FrameChannels;
@@ -3331,8 +3357,6 @@ static drmp3_bool32 drmp3__on_seek_memory(void* pUserData, int byteOffset, drmp3
DRMP3_ASSERT(pMP3 != NULL);
- newCursor = pMP3->memory.currentReadPos;
-
if (origin == DRMP3_SEEK_SET) {
newCursor = 0;
} else if (origin == DRMP3_SEEK_CUR) {
@@ -4247,7 +4271,7 @@ DRMP3_API drmp3_uint64 drmp3_read_pcm_frames_f32(drmp3* pMP3, drmp3_uint64 frame
#else
/* Slow path. Convert from s16 to f32. */
{
- drmp3_int16 pTempS16[8192];
+ drmp3_int16 pTempS16[1152*2]; /* MP3 frames have a maximum per-channel sample count of 1152. Times 2 to account for stereo. */
drmp3_uint64 totalPCMFramesRead = 0;
while (totalPCMFramesRead < framesToRead) {
@@ -4284,7 +4308,7 @@ DRMP3_API drmp3_uint64 drmp3_read_pcm_frames_s16(drmp3* pMP3, drmp3_uint64 frame
#else
/* Slow path. Convert from f32 to s16. */
{
- float pTempF32[4096];
+ float pTempF32[1152*2]; /* MP3 frames have a maximum per-channel sample count of 1152. Times 2 to account for stereo. */
drmp3_uint64 totalPCMFramesRead = 0;
while (totalPCMFramesRead < framesToRead) {
@@ -4772,7 +4796,7 @@ static float* drmp3__full_read_and_close_f32(drmp3* pMP3, drmp3_config* pConfig,
drmp3_uint64 totalFramesRead = 0;
drmp3_uint64 framesCapacity = 0;
float* pFrames = NULL;
- float temp[4096];
+ float temp[1152*2]; /* MP3 frames have a maximum per-channel sample count of 1152. Times 2 to account for stereo. */
DRMP3_ASSERT(pMP3 != NULL);
@@ -4841,7 +4865,7 @@ static drmp3_int16* drmp3__full_read_and_close_s16(drmp3* pMP3, drmp3_config* pC
drmp3_uint64 totalFramesRead = 0;
drmp3_uint64 framesCapacity = 0;
drmp3_int16* pFrames = NULL;
- drmp3_int16 temp[4096];
+ drmp3_int16 temp[1152*2]; /* MP3 frames have a maximum per-channel sample count of 1152. Times 2 to account for stereo. */
DRMP3_ASSERT(pMP3 != NULL);
@@ -5009,8 +5033,15 @@ DIFFERENCES BETWEEN minimp3 AND dr_mp3
/*
REVISION HISTORY
================
-v0.7.3 - TBD
+v0.7.4 - TBD
+ - Fix an overflow error with "Xing" and "Info" tag parsing.
+ - Add some validation checks for "Xing" and "Info" tag parsing.
+ - Reduce size of some stack allocations.
+ - Improvements to SIMD detection.
+
+v0.7.3 - 2026-01-17
- Fix an error in drmp3_open_and_read_pcm_frames_s16() and family when memory allocation fails.
+ - Fix some compilation warnings.
v0.7.2 - 2025-12-02
- Reduce stack space to improve robustness on embedded systems.