libFLAC/stream_decoder.c : Fail safely to avoid a heap overflow.

A file provided by the reporters caused the stream decoder to write to
un-allocated heap space resulting in a segfault. The solution is to
error out (by returning false from read_residual_partitioned_rice_())
instead of trying to continue to decode.

Fixes: CVE-2014-9028
Reported-by: Michele Spagnuolo,
             Google Security Team <>

Bug: 23238405
Change-Id: I5c000e3d85d884a92208efebe53aa6edaef8829e
diff --git a/libFLAC/stream_decoder.c b/libFLAC/stream_decoder.c
index d13b23b..7edf735 100644
--- a/libFLAC/stream_decoder.c
+++ b/libFLAC/stream_decoder.c
@@ -2749,7 +2749,8 @@
 		if(decoder->private_->frame.header.blocksize < predictor_order) {
 			send_error_to_client_(decoder, FLAC__STREAM_DECODER_ERROR_STATUS_LOST_SYNC);
 			decoder->protected_->state = FLAC__STREAM_DECODER_SEARCH_FOR_FRAME_SYNC;
-			return true;
+			/* We have received a potentially malicious bit stream. All we can do is error out to avoid a heap overflow. */
+			return false;
 	else {