forked from pool/wavpack
Takashi Iwai
9a28758160
- security update - added patches fix CVE-2021-44269 [bsc#1197020], out of bounds read in processing .wav file + wavpack-CVE-2021-44269.patch OBS-URL: https://build.opensuse.org/request/show/962129 OBS-URL: https://build.opensuse.org/package/show/multimedia:libs/wavpack?expand=0&rev=34
31 lines
1.3 KiB
Diff
31 lines
1.3 KiB
Diff
diff --git a/cli/dsdiff.c b/cli/dsdiff.c
|
|
index d7adb6a..5bdcae3 100644
|
|
--- a/cli/dsdiff.c
|
|
+++ b/cli/dsdiff.c
|
|
@@ -278,6 +278,12 @@ int ParseDsdiffHeaderConfig (FILE *infile, char *infilename, char *fourcc, Wavpa
|
|
}
|
|
|
|
total_samples = dff_chunk_header.ckDataSize / config->num_channels;
|
|
+
|
|
+ if (total_samples <= 0 || total_samples > MAX_WAVPACK_SAMPLES) {
|
|
+ error_line ("%s is not a valid .DFF file!", infilename);
|
|
+ return WAVPACK_SOFT_ERROR;
|
|
+ }
|
|
+
|
|
break;
|
|
}
|
|
else { // just copy unknown chunks to output file
|
|
diff --git a/cli/dsf.c b/cli/dsf.c
|
|
index e1d7973..dddd488 100644
|
|
--- a/cli/dsf.c
|
|
+++ b/cli/dsf.c
|
|
@@ -113,6 +113,7 @@ int ParseDsfHeaderConfig (FILE *infile, char *infilename, char *fourcc, WavpackC
|
|
|
|
if (format_chunk.ckSize != sizeof (DSFFormatChunk) || format_chunk.formatVersion != 1 ||
|
|
format_chunk.formatID != 0 || format_chunk.blockSize != DSF_BLOCKSIZE || format_chunk.reserved ||
|
|
+ format_chunk.sampleCount <= 0 || format_chunk.sampleCount > MAX_WAVPACK_SAMPLES * 8 ||
|
|
(format_chunk.bitsPerSample != 1 && format_chunk.bitsPerSample != 8) ||
|
|
format_chunk.numChannels < 1 || format_chunk.numChannels > 6 ||
|
|
format_chunk.chanType < 1 || format_chunk.chanType > NUM_CHAN_TYPES) {
|
|
|