me/guix
Archived
1
0
Fork 0
Code Activity
This repository has been archived on 2024-08-07. You can view files and clone it, but cannot push or open issues or pull requests.
guix/gnu/packages/patches/audiofile-Fail-on-error-in-parseFormat.patch
Hartmut Goebel a8e149434e
gnu: Add audiofile. 
Patches should fix all CVEs reported by `guix lint`:
CVE-2015-7747; CVE-2017-6827, CVE-2017-6828, CVE-2017-6829,
CVE-2017-6830, CVE-2017-6831, CVE-2017-6832, CVE-2017-6833,
CVE-2017-6834, CVE-2017-6835, CVE-2017-6836, CVE-2017-6837,
CVE-2017-6838, CVE-2017-6839; CVE-2018-13440; CVE-2018-17095

Since the patches do not reference to CVEs, it's a bit hard to tell which
patch actually closes which CVE.  Debian reports all these to be closed by
the patches below and NixPkgs provides references.

* gnu/packages/audio.scm (audiofile): New variable.
* gnu/packages/patches/audiofile-fix-datatypes-in-tests.patch,
  gnu/packages/patches/audiofile-fix-sign-conversion.patch,
  gnu/packages/patches/audiofile-CVE-2015-7747.patch,
  gnu/packages/patches/audiofile-CVE-2018-13440.patch,
  gnu/packages/patches/audiofile-CVE-2018-17095.patch,
  gnu/packages/patches/audiofile-Check-the-number-of-coefficients.patch,
  gnu/packages/patches/audiofile-Fail-on-error-in-parseFormat.patch,
  gnu/packages/patches/audiofile-Fix-index-overflow-in-IMA.cpp.patch,
  gnu/packages/patches/audiofile-Fix-multiply-overflow-sfconvert.patch,
  gnu/packages/patches/audiofile-Fix-overflow-in-MSADPCM-decodeSam.patch,
  gnu/packages/patches/audiofile-division-by-zero-BlockCodec-runPull.patch,
  gnu/packages/patches/audiofile-hurd.patch,
  gnu/packages/patches/audiofile-signature-of-multiplyCheckOverflow.patch:
  New files.
* gnu/local.mk: Add them.
2019-12-26 16:44:53 +01:00

36 lines
1.2 KiB
Diff
Raw Blame History

From: Antonio Larrosa <larrosa@kde.org>
Date: Mon, 6 Mar 2017 18:59:26 +0100
Subject: Actually fail when error occurs in parseFormat
When there's an unsupported number of bits per sample or an invalid
number of samples per block, don't only print an error message using
the error handler, but actually stop parsing the file.
This fixes #35 (also reported at
https://bugzilla.opensuse.org/show_bug.cgi?id=1026983 and
https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-imadecodeblockwave-ima-cpp/
)
---
libaudiofile/WAVE.cpp | 2 ++
1 file changed, 2 insertions(+)
diff --git a/libaudiofile/WAVE.cpp b/libaudiofile/WAVE.cpp
index 0fc48e8..d04b796 100644
--- a/libaudiofile/WAVE.cpp
+++ b/libaudiofile/WAVE.cpp
@@ -332,6 +332,7 @@ status WAVEFile::parseFormat(const Tag &id, uint32_t size)
{
_af_error(AF_BAD_NOT_IMPLEMENTED,
"IMA ADPCM compression supports only 4 bits per sample");
+ return AF_FAIL;
}
int bytesPerBlock = (samplesPerBlock + 14) / 8 * 4 * channelCount;
@@ -339,6 +340,7 @@ status WAVEFile::parseFormat(const Tag &id, uint32_t size)
{
_af_error(AF_BAD_CODEC_CONFIG,
"Invalid samples per block for IMA ADPCM compression");
+ return AF_FAIL;
}
track->f.sampleWidth = 16;
View git blame Copy permalink