Dirk Mueller
84f1a3fb46
- Apply another fix from the Debian package: CVE-2019-1010004.patch OOB read (bsc#1141667) OBS-URL: https://build.opensuse.org/request/show/1185145 OBS-URL: https://build.opensuse.org/package/show/multimedia:apps/sox?expand=0&rev=47
31 lines
1.1 KiB
Diff
31 lines
1.1 KiB
Diff
Description: A corrupt header specifying zero channels would send read_channels()
|
|
into an infinite loop. Prevent this by sanity checking the channel
|
|
count in open_read(). Also add an upper bound to prevent overflow
|
|
in multiplication.
|
|
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881121
|
|
Author: Mans Rullgard <mans@mansr.com>
|
|
Jaromír Mikeš <mira.mikes@seznam.cz>
|
|
Forwarded: not-needed
|
|
|
|
---
|
|
src/xa.c | 6 ++++++
|
|
1 file changed, 6 insertions(+)
|
|
|
|
Index: sox/src/xa.c
|
|
===================================================================
|
|
--- sox.orig/src/xa.c
|
|
+++ sox/src/xa.c
|
|
@@ -143,6 +143,12 @@ static int startread(sox_format_t * ft)
|
|
lsx_report("User options overriding rate read in .xa header");
|
|
}
|
|
|
|
+ if (ft->signal.channels == 0 || ft->signal.channels > UINT16_MAX) {
|
|
+ lsx_fail_errno(ft, SOX_EFMT, "invalid channel count %d",
|
|
+ ft->signal.channels);
|
|
+ return SOX_EOF;
|
|
+ }
|
|
+
|
|
/* Check for supported formats */
|
|
if (ft->encoding.bits_per_sample != 16) {
|
|
lsx_fail_errno(ft, SOX_EFMT, "%d-bit sample resolution not supported.",
|