Takashi Iwai
2ba3b200ab
- Apply various fix patches taken from Debian package; it fixes also other entries (CVE-2022-31650 bsc#1212060 CVE-2023-34318 bsc#1212062 CVE-2023-34432 bsc#1212063): CVE-2019-13590.patch CVE-2021-3643.patch CVE-2021-23159.patch CVE-2021-33844.patch CVE-2021-40426.patch CVE-2022-31650.patch CVE-2022-31651.patch - Fix floating point exception in src/voc.c (CVE-2023-32627 bsc#1212061): CVE-2023-32627.patch OBS-URL: https://build.opensuse.org/request/show/1120234 OBS-URL: https://build.opensuse.org/package/show/multimedia:apps/sox?expand=0&rev=45
26 lines
858 B
Diff
26 lines
858 B
Diff
From: Helmut Grohne <helmut@subdivi.de>
|
|
Subject: formats: reject implausible rate
|
|
Bug: https://sourceforge.net/p/sox/bugs/360/
|
|
Bug-Debian: https://bugs.debian.org/1012516
|
|
|
|
--- a/src/formats_i.c
|
|
+++ b/src/formats_i.c
|
|
@@ -70,9 +70,15 @@
|
|
ft->signal.channels = channels;
|
|
}
|
|
|
|
- if (rate && ft->signal.rate && ft->signal.rate != rate)
|
|
+ if (rate && ft->signal.rate && ft->signal.rate != rate) {
|
|
lsx_warn("`%s': overriding sample rate", ft->filename);
|
|
- else ft->signal.rate = rate;
|
|
+ /* Since NaN comparisons yield false, the negation rejects them. */
|
|
+ } else if (!(rate > 0)) {
|
|
+ lsx_fail_errno(ft, EINVAL, "invalid rate value");
|
|
+ return SOX_EOF;
|
|
+ } else {
|
|
+ ft->signal.rate = rate;
|
|
+ }
|
|
|
|
if (encoding && ft->encoding.encoding && ft->encoding.encoding != encoding)
|
|
lsx_warn("`%s': overriding encoding type", ft->filename);
|