rpms / wavpack

Clone
Source Code
GIT

Blame SOURCES/wavpack-0008-issue-65-67-fortify-dsdiff-file-parsing.patch

c4 c5 c5-plus c6 c6-plus c7 c7-beta c8 c8-beta c8s c9 c9-beta
  1.   6c343dedf54bd9e14b00a9d316c60fa68ee2c339
  2.   SOURCES
  3.   wavpack-0008-issue-65-67-fortify-dsdiff-file-parsing.patch
Blob History Raw
6c343d 
diff --git a/cli/dsdiff.c b/cli/dsdiff.c
6c343d 
index 410dc1c..a592fdc 100644
6c343d 
--- a/cli/dsdiff.c
6c343d 
+++ b/cli/dsdiff.c
6c343d 
@@ -170,8 +170,8 @@ int ParseDsdiffHeaderConfig (FILE *infile, char *infilename, char *fourcc, Wavpa
6c343d
6c343d 
             if (!strncmp (prop_chunk, "SND ", 4)) {
6c343d 
                 char *cptr = prop_chunk + 4, *eptr = prop_chunk + dff_chunk_header.ckDataSize;
6c343d 
-                uint16_t numChannels, chansSpecified, chanMask = 0;
6c343d 
-                uint32_t sampleRate;
6c343d 
+                uint16_t numChannels = 0, chansSpecified, chanMask = 0;
6c343d 
+                uint32_t sampleRate = 0;
6c343d
6c343d 
                 while (eptr - cptr >= sizeof (dff_chunk_header)) {
6c343d 
                     memcpy (&dff_chunk_header, cptr, sizeof (dff_chunk_header));
6c343d 
@@ -194,6 +194,12 @@ int ParseDsdiffHeaderConfig (FILE *infile, char *infilename, char *fourcc, Wavpa
6c343d
6c343d 
                             chansSpecified = (int)(dff_chunk_header.ckDataSize - sizeof (numChannels)) / 4;
6c343d
6c343d 
+                            if (numChannels < chansSpecified || numChannels < 1 || numChannels > 256) {
6c343d 
+                                error_line ("%s is not a valid .DFF file!", infilename);
6c343d 
+                                free (prop_chunk);
6c343d 
+                                return WAVPACK_SOFT_ERROR;
6c343d 
+                            }
6c343d 
+
6c343d 
                             while (chansSpecified--) {
6c343d 
                                 if (!strncmp (cptr, "SLFT", 4) || !strncmp (cptr, "MLFT", 4))
6c343d 
                                     chanMask |= 0x1;
6c343d 
@@ -263,6 +269,10 @@ int ParseDsdiffHeaderConfig (FILE *infile, char *infilename, char *fourcc, Wavpa
6c343d 
             free (prop_chunk);
6c343d 
         }
6c343d 
         else if (!strncmp (dff_chunk_header.ckID, "DSD ", 4)) {
6c343d 
+            if (!config->num_channels || !config->sample_rate) {
6c343d 
+                error_line ("%s is not a valid .DFF file!", infilename);
6c343d 
+                return WAVPACK_SOFT_ERROR;
6c343d 
+            }
6c343d 
             total_samples = dff_chunk_header.ckDataSize / config->num_channels;
6c343d 
             break;
6c343d 
         }

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation