diff --git a/csound-fix-CVE-2012-2107.patch b/csound-fix-CVE-2012-2107.patch new file mode 100644 index 0000000..56732b9 --- /dev/null +++ b/csound-fix-CVE-2012-2107.patch @@ -0,0 +1,57 @@ +From 61d1df45ca9a52bab62892a3c3a13c41e6384505 Mon Sep 17 00:00:00 2001 +From: John ffitch +Date: Tue, 6 Mar 2012 17:12:43 +0000 +Subject: [PATCH] security in utilities + +--- + util/lpci_main.c | 17 ++++++++++++++--- + util/pv_import.c | 4 ++++ + 2 files changed, 18 insertions(+), 3 deletions(-) + +--- a/util/lpci_main.c ++++ b/util/lpci_main.c +@@ -73,17 +73,28 @@ int main(int argc, char **argv) + hdr.headersize, hdr.lpmagic, hdr.npoles, hdr.nvals, + hdr.framrate, hdr.srate, hdr.duration); + str = (char *)malloc(hdr.headersize-sizeof(LPHEADER)+4); +- fread(&hdr, sizeof(char), hdr.headersize-sizeof(LPHEADER)+4, inf); ++ if (str==NULL) { ++ printf("memory allocation failure\n"); ++ exit(1); ++ } ++ if (hdr.headersize-sizeof(LPHEADER)+4 != ++ fread(&hdr, sizeof(char), hdr.headersize-sizeof(LPHEADER)+4, inf)) { ++ printf("Ill formed data\n"); ++ exit(1); ++ } + for (i=0; iMalloc(csound, data.nAnalysisBins*2*sizeof(float)); + int i; ++ if (frame==NULL) { ++ csound->Message(csound, Str("Memory failure\n")); ++ exit(1); ++ } + for (i=1;;i++) { + int j; + for (j=0; j