Overflow at Requantize_Process_Short / Requantize_Process_Long

[hajimehoshi]

The given sfb can be 21 or 12, which exceeds as an index of g_main_data.scalefac_l[gr][ch] or g_main_data.scalefac_s[gr][ch].

I tested with an MP3 file at http://publicdomain4u.com/new-sound-for-an-old-baseball-classic

[audioboy77]

I have the same issue with a different mp3, created by audacity.

[audioboy77]

FYI I did a massive refactor and cleanup of PDMP3 and created a new library called OpenMP3, as it has a completley different (fully object orientated) interface. These overflow bugs don't occur in OpenMP3.

[hajimehoshi]

Interesting. BTW, I have developed a Go version of MP3 decoder based on PDMP3. https://github.com/hajimehoshi/go-mp3

[hajimehoshi]

Probably this is the cause of https://github.com/technosaurus/PDMP3/issues/7 . I don't know how to treat such indices.

[lieff]

@audioboy77 @hajimehoshi Looks like this code have multiple bugs and needs testing. I've prepared some test vectors to cover all cases: https://github.com/lieff/minimp3/tree/master/vectors FFmpeg fate test vectors definitely not enough.