Skip to content

Fix buffer access in bitreader.c for consumed bits#179

Open
Mrcopytuo wants to merge 2 commits intoFarama-Foundation:masterfrom
Mrcopytuo:fix-flac
Open

Fix buffer access in bitreader.c for consumed bits#179
Mrcopytuo wants to merge 2 commits intoFarama-Foundation:masterfrom
Mrcopytuo:fix-flac

Conversation

@Mrcopytuo
Copy link
Copy Markdown

@Mrcopytuo Mrcopytuo commented Dec 13, 2025

This PR fixes a potential security vulnerability in FLAC__bitreader_read_rice_signed_block that was cloned from xiph/flac but did not receive the security patch.

###Details:
Affected Function: FLAC__bitreader_read_rice_signed_block in bitreader.c
Original Fix: original commit

###What this PR does:
This PR applies the same security patch that was applied to the original repository to eliminate the potential vulnerability in the cloned code.

###References:
original commit
link to original CVE/bug id

Please review and merge this PR to ensure your repository is protected against this potential vulnerability

@MatPoliquin MatPoliquin requested a review from Copilot December 16, 2025 14:14
Copilot AI reviewed Dec 16, 2025
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR applies a critical security fix for CVE-2020-0499 to the FLAC bitreader implementation in the PCE core. The fix prevents a potential buffer overflow by adding a bounds check before accessing the buffer array, ensuring cwords is within br->capacity before reading from br->buffer[cwords]. This change mirrors the upstream patch from xiph/flac that addressed the same vulnerability.

Key Changes:

  • Adds bounds checking to prevent out-of-bounds buffer access in FLAC__bitreader_read_rice_signed_block
  • Protects against buffer overflow vulnerability (CVE-2020-0499) by validating array index against buffer capacity

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread cores/pce/deps/flac-1.3.2/src/libFLAC/bitreader.c
words = br->words;
ucbits = FLAC__BITS_PER_WORD - br->consumed_bits;
b = br->buffer[cwords] << br->consumed_bits;
b = cwords < br->capacity ? br->buffer[cwords] << br->consumed_bits : 0;
Copy link

Copilot AI Dec 16, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This security fix appears to only address one instance of the FLAC library in this repository. The Genesis core also has a copy of the FLAC library at cores/genesis/core/cd_hw/libchdr/deps/libFLAC/bitreader.c that contains the same vulnerability at line 862. Consider applying the same fix to that location to ensure comprehensive protection against CVE-2020-0499.

Suggested change
b = cwords < br->capacity ? br->buffer[cwords] << br->consumed_bits : 0;
b = cwords < words ? br->buffer[cwords] << br->consumed_bits : 0;

Copilot uses AI. Check for mistakes.
@MatPoliquin MatPoliquin requested a review from Copilot December 25, 2025 15:30
Copilot AI reviewed Dec 25, 2025
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.

Copilot AI mentioned this pull request Jan 1, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Mrcopytuo