pool/libsndfile
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
libsndfile/libsndfile-CVE-2017-17456-alaw-range-check.patch
Takashi Iwai c6561c05e5 Accepting request 615236 from home:tiwai:branches:multimedia:libs 
- Use license file tag

- Fix potential overflow in d2alaw_array() (CVE-2017-17456,
  bsc#1071777):
  libsndfile-CVE-2017-17456-alaw-range-check.patch
- Fix potential overflow in d2ulaw_array() (CVE-2017-17457,
  bsc#1071767):
  libsndfile-CVE-2017-17457-ulaw-range-check.patch

OBS-URL: https://build.opensuse.org/request/show/615236
OBS-URL: https://build.opensuse.org/package/show/multimedia:libs/libsndfile?expand=0&rev=66
2018-06-08 13:05:50 +00:00

56 lines
1.6 KiB
Diff
Raw Blame History

---
src/alaw.c | 36 ++++++++++++++++++++++++++++--------
1 file changed, 28 insertions(+), 8 deletions(-)
--- a/src/alaw.c
+++ b/src/alaw.c
@@ -336,20 +336,40 @@ i2alaw_array (const int *ptr, int count,
static inline void
f2alaw_array (const float *ptr, int count, unsigned char *buffer, float normfact)
{ while (--count >= 0)
- { if (ptr [count] >= 0)
- buffer [count] = alaw_encode [lrintf (normfact * ptr [count])] ;
- else
- buffer [count] = 0x7F & alaw_encode [- lrintf (normfact * ptr [count])] ;
+ { int idx;
+ if (isnan (ptr [count])) {
+ buffer [count] = alaw_encode [0] ;
+ } else if (ptr [count] >= 0) {
+ idx = lrintf (normfact * ptr [count]) ;
+ if (idx > 2048)
+ idx = 2048;
+ buffer [count] = alaw_encode [idx] ;
+ } else {
+ idx = -lrintf (normfact * ptr [count]) ;
+ if (idx > 2048)
+ idx = 2048 ;
+ buffer [count] = 0x7F & alaw_encode [idx] ;
+ }
} ;
} /* f2alaw_array */
static inline void
d2alaw_array (const double *ptr, int count, unsigned char *buffer, double normfact)
{ while (--count >= 0)
- { if (ptr [count] >= 0)
- buffer [count] = alaw_encode [lrint (normfact * ptr [count])] ;
- else
- buffer [count] = 0x7F & alaw_encode [- lrint (normfact * ptr [count])] ;
+ { int idx;
+ if (isnan (ptr [count])) {
+ buffer [count] = alaw_encode [0] ;
+ } else if (ptr [count] >= 0) {
+ idx = lrintf (normfact * ptr [count]) ;
+ if (idx > 2048)
+ idx = 2048;
+ buffer [count] = alaw_encode [idx] ;
+ } else {
+ idx = -lrintf (normfact * ptr [count]) ;
+ if (idx > 2048)
+ idx = 2048 ;
+ buffer [count] = 0x7F & alaw_encode [idx] ;
+ }
} ;
} /* d2alaw_array */
Reference in New Issue View Git Blame Copy Permalink