|
 |
094c2a |
commit 3915cf88c0cf2cf9806d7323071c9b856b6dc52b
|
|
|
094c2a |
Author: Tomas Korbar <tkorbar@redhat.com>
|
|
|
094c2a |
Date: Tue May 17 18:11:33 2022 +0200
|
|
|
094c2a |
|
|
|
094c2a |
Fix CVE-2021-44269
|
|
|
094c2a |
|
|
|
094c2a |
diff --git a/cli/dsdiff.c b/cli/dsdiff.c
|
|
|
094c2a |
index 62d8a0c..fa69e32 100644
|
|
|
094c2a |
--- a/cli/dsdiff.c
|
|
|
094c2a |
+++ b/cli/dsdiff.c
|
|
|
094c2a |
@@ -284,6 +284,12 @@ int ParseDsdiffHeaderConfig (FILE *infile, char *infilename, char *fourcc, Wavpa
|
|
|
094c2a |
return WAVPACK_SOFT_ERROR;
|
|
|
094c2a |
}
|
|
|
094c2a |
total_samples = dff_chunk_header.ckDataSize / config->num_channels;
|
|
|
094c2a |
+
|
|
|
094c2a |
+ if (total_samples <= 0 || total_samples > MAX_WAVPACK_SAMPLES) {
|
|
|
094c2a |
+ error_line ("%s is not a valid .DFF file!", infilename);
|
|
|
094c2a |
+ return WAVPACK_SOFT_ERROR;
|
|
|
094c2a |
+ }
|
|
|
094c2a |
+
|
|
|
094c2a |
break;
|
|
|
094c2a |
}
|
|
|
094c2a |
else { // just copy unknown chunks to output file
|
|
|
094c2a |
diff --git a/cli/dsf.c b/cli/dsf.c
|
|
|
094c2a |
index cd82ae9..fd6b2a5 100644
|
|
|
094c2a |
--- a/cli/dsf.c
|
|
|
094c2a |
+++ b/cli/dsf.c
|
|
|
094c2a |
@@ -121,6 +121,7 @@ int ParseDsfHeaderConfig (FILE *infile, char *infilename, char *fourcc, WavpackC
|
|
|
094c2a |
|
|
|
094c2a |
if (format_chunk.ckSize != sizeof (DSFFormatChunk) || format_chunk.formatVersion != 1 ||
|
|
|
094c2a |
format_chunk.formatID != 0 || format_chunk.blockSize != DSF_BLOCKSIZE || format_chunk.reserved ||
|
|
|
094c2a |
+ format_chunk.sampleCount <= 0 || format_chunk.sampleCount > MAX_WAVPACK_SAMPLES * 8 ||
|
|
|
094c2a |
(format_chunk.bitsPerSample != 1 && format_chunk.bitsPerSample != 8) ||
|
|
|
094c2a |
format_chunk.chanType < 1 || format_chunk.chanType > NUM_CHAN_TYPES) {
|
|
|
094c2a |
error_line ("%s is not a valid .DSF file!", infilename);
|