Takashi Iwai
bce932a6aa
- Fix division-by-zero with malformed MIDI file (CVE-2017-11546, bsc#1081694): timidity-readmidi-zero-division-fix.patch - Fix out-of-bound accesses in the resamplers (CVE-2017-11547, bsc#1081694): timidity-resample-frac-overflow-fix.patch - Drop tcl/tk dependency; it's already broken with Tcl/Tk 8.6 OBS-URL: https://build.opensuse.org/request/show/578383 OBS-URL: https://build.opensuse.org/package/show/multimedia:apps/timidity?expand=0&rev=35
24 lines
597 B
Diff
24 lines
597 B
Diff
From: Takashi Iwai <tiwai@suse.de>
|
|
Subject: readmidi: Fix division by zero
|
|
References: CVE-2017-11546
|
|
|
|
An adhoc fix for division by zero in insert_note_steps().
|
|
|
|
Signed-off-by: Takashi Iwai <tiwai@suse.de>
|
|
|
|
---
|
|
timidity/readmidi.c | 2 ++
|
|
1 file changed, 2 insertions(+)
|
|
|
|
--- a/timidity/readmidi.c
|
|
+++ b/timidity/readmidi.c
|
|
@@ -4585,6 +4585,8 @@ static void insert_note_steps(void)
|
|
if (beat != 0)
|
|
meas++, beat = 0;
|
|
num = timesig[n].a, denom = timesig[n].b, n++;
|
|
+ if (!denom)
|
|
+ denom = 1;
|
|
}
|
|
a = (meas + 1) & 0xff;
|
|
b = (((meas + 1) >> 8) & 0x0f) + ((beat + 1) << 4);
|