summaryrefslogtreecommitdiff
path: root/user/audiofile/CVE-2017-6827,6828,6832,6833,6835,6837.patch
diff options
context:
space:
mode:
Diffstat (limited to 'user/audiofile/CVE-2017-6827,6828,6832,6833,6835,6837.patch')
-rw-r--r--user/audiofile/CVE-2017-6827,6828,6832,6833,6835,6837.patch34
1 files changed, 34 insertions, 0 deletions
diff --git a/user/audiofile/CVE-2017-6827,6828,6832,6833,6835,6837.patch b/user/audiofile/CVE-2017-6827,6828,6832,6833,6835,6837.patch
new file mode 100644
index 000000000..0465a1f59
--- /dev/null
+++ b/user/audiofile/CVE-2017-6827,6828,6832,6833,6835,6837.patch
@@ -0,0 +1,34 @@
+From c48e4c6503f7dabd41f11d4c9c7b7f8960e7f2c0 Mon Sep 17 00:00:00 2001
+From: Antonio Larrosa <larrosa@kde.org>
+Date: Mon, 6 Mar 2017 12:51:22 +0100
+Subject: [PATCH 1/3] Always check the number of coefficients
+
+When building the library with NDEBUG, asserts are eliminated
+so it's better to always check that the number of coefficients
+is inside the array range.
+
+This fixes the 00191-audiofile-indexoob issue in #41
+---
+ libaudiofile/WAVE.cpp | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/libaudiofile/WAVE.cpp b/libaudiofile/WAVE.cpp
+index 0e81cf7..61f9541 100644
+--- a/libaudiofile/WAVE.cpp
++++ b/libaudiofile/WAVE.cpp
+@@ -281,6 +281,12 @@ status WAVEFile::parseFormat(const Tag &id, uint32_t size)
+
+ /* numCoefficients should be at least 7. */
+ assert(numCoefficients >= 7 && numCoefficients <= 255);
++ if (numCoefficients < 7 || numCoefficients > 255)
++ {
++ _af_error(AF_BAD_HEADER,
++ "Bad number of coefficients");
++ return AF_FAIL;
++ }
+
+ m_msadpcmNumCoefficients = numCoefficients;
+
+--
+2.36.1
+