rpm/csound
SHA256
1
0
Fork 0
forked from pool/csound
Code Pull Requests Activity
bbb95e9de0
csound/csound-fix-CVE-2012-2107.patch
Takashi Iwai f030dd866d Accepting request 114337 from home:tiwai:branches:multimedia:apps 
- VUL-0: csound: buffer overflow in pv_import (CVE-2012-2106,
  bnc#757254),
  VUL-0: csound: buffer overflow in lpc_import (CVE-2012-2107,
  bnc#757255),
  VUL-0: csound: Stack-based buffer overflow in lpc_import
  (CVE-2012-2108, bnc#757256):
  a single patch for all three issues

OBS-URL: https://build.opensuse.org/request/show/114337
OBS-URL: https://build.opensuse.org/package/show/multimedia:apps/csound?expand=0&rev=13
2012-04-18 09:44:29 +00:00

58 lines
2.0 KiB
Diff
Raw Blame History

From 61d1df45ca9a52bab62892a3c3a13c41e6384505 Mon Sep 17 00:00:00 2001
From: John ffitch <jpff@codemist.co.uk>
Date: Tue, 6 Mar 2012 17:12:43 +0000
Subject: [PATCH] security in utilities
---
util/lpci_main.c | 17 ++++++++++++++---
util/pv_import.c | 4 ++++
2 files changed, 18 insertions(+), 3 deletions(-)
--- a/util/lpci_main.c
+++ b/util/lpci_main.c
@@ -73,17 +73,28 @@ int main(int argc, char **argv)
hdr.headersize, hdr.lpmagic, hdr.npoles, hdr.nvals,
hdr.framrate, hdr.srate, hdr.duration);
str = (char *)malloc(hdr.headersize-sizeof(LPHEADER)+4);
- fread(&hdr, sizeof(char), hdr.headersize-sizeof(LPHEADER)+4, inf);
+ if (str==NULL) {
+ printf("memory allocation failure\n");
+ exit(1);
+ }
+ if (hdr.headersize-sizeof(LPHEADER)+4 !=
+ fread(&hdr, sizeof(char), hdr.headersize-sizeof(LPHEADER)+4, inf)) {
+ printf("Ill formed data\n");
+ exit(1);
+ }
for (i=0; i<hdr.headersize-sizeof(LPHEADER)+4; i++)
putc(str[i],outf);
putc('\n', outf);
- coef = (MYFLT *)malloc((hdr.npoles+hdr.nvals)*sizeof(MYFLT));
+ coef = (MYFLT *)malloc(hdr.npoles*sizeof(MYFLT));
if (coef==NULL) {
printf("memory allocation failure\n");
exit(1);
}
for (i = 0; i<hdr.nvals; i++) {
- fread(&coef[0], sizeof(MYFLT), hdr.npoles, inf);
+ if (hdr.npoles != fread(coef, sizeof(MYFLT), hdr.npoles, inf)) {
+ printf("Ill formed data\n");
+ exit(1);
+ }
for (j=0; j<hdr.npoles; j++)
fprintf(outf, "%f%c", coef[j], (j==hdr.npoles-1 ? '\n' : ','));
}
--- a/util/pv_import.c
+++ b/util/pv_import.c
@@ -115,6 +115,10 @@ static int pv_import(CSOUND *csound, int
float *frame =
(float*) csound->Malloc(csound, data.nAnalysisBins*2*sizeof(float));
int i;
+ if (frame==NULL) {
+ csound->Message(csound, Str("Memory failure\n"));
+ exit(1);
+ }
for (i=1;;i++) {
int j;
for (j=0; j<data.nAnalysisBins*2; j++) {
View Git Blame Copy Permalink