Takashi Iwai
25c5f0aed6
- Fix segfault in wav conversion due to the invalid loop count (CVE-2018-19758, bsc#1117954): libsndfile-wav-loop-count-fix.patch OBS-URL: https://build.opensuse.org/request/show/653843 OBS-URL: https://build.opensuse.org/package/show/multimedia:libs/libsndfile?expand=0&rev=74
28 lines
780 B
Diff
28 lines
780 B
Diff
From: Takashi Iwai <tiwai@suse.de>
|
|
Subject: wav: Fix segfault due to invalid loop_count
|
|
References: CVE-2018-19758, bsc#1117954
|
|
|
|
The psf->instrument->loop_count can be over the actual loops array size,
|
|
and it leads to a segfault.
|
|
|
|
Just add the loop size fix to address it.
|
|
|
|
Signed-off-by: Takashi Iwai <tiwai@suse.de>
|
|
|
|
---
|
|
src/wav.c | 3 +++
|
|
1 file changed, 3 insertions(+)
|
|
|
|
--- a/src/wav.c
|
|
+++ b/src/wav.c
|
|
@@ -1097,6 +1097,9 @@ wav_write_header (SF_PRIVATE *psf, int c
|
|
for (tmp = 0 ; tmp < psf->instrument->loop_count ; tmp++)
|
|
{ int type ;
|
|
|
|
+ if (tmp >= ARRAY_LEN (psf->instrument->loops))
|
|
+ break;
|
|
+
|
|
type = psf->instrument->loops [tmp].mode ;
|
|
type = (type == SF_LOOP_FORWARD ? 0 : type == SF_LOOP_BACKWARD ? 2 : type == SF_LOOP_ALTERNATING ? 1 : 32) ;
|
|
|