From 451e5cf47f3a45ebf46cad0940f07ef05324f4c5 Mon Sep 17 00:00:00 2001 From: Zach van Rijn Date: Fri, 11 Nov 2022 14:15:59 -0600 Subject: user/audiofile: multiple CVE patches. fixes #124. --- user/audiofile/CVE-2018-13440,17095.patch | 77 +++++++++++++++++++++++++++++++ 1 file changed, 77 insertions(+) create mode 100644 user/audiofile/CVE-2018-13440,17095.patch (limited to 'user/audiofile/CVE-2018-13440,17095.patch') diff --git a/user/audiofile/CVE-2018-13440,17095.patch b/user/audiofile/CVE-2018-13440,17095.patch new file mode 100644 index 000000000..b35ce980e --- /dev/null +++ b/user/audiofile/CVE-2018-13440,17095.patch @@ -0,0 +1,77 @@ +From fde6d79fb8363c4a329a184ef0b107156602b225 Mon Sep 17 00:00:00 2001 +From: Wim Taymans +Date: Thu, 27 Sep 2018 10:48:45 +0200 +Subject: [PATCH 1/3] ModuleState: handle compress/decompress init failure + +When the unit initcompress or initdecompress function fails, +m_fileModule is NULL. Return AF_FAIL in that case instead of +causing NULL pointer dereferences later. + +Fixes #49 +--- + libaudiofile/modules/ModuleState.cpp | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/libaudiofile/modules/ModuleState.cpp b/libaudiofile/modules/ModuleState.cpp +index 0c29d7a..070fd9b 100644 +--- a/libaudiofile/modules/ModuleState.cpp ++++ b/libaudiofile/modules/ModuleState.cpp +@@ -75,6 +75,9 @@ status ModuleState::initFileModule(AFfilehandle file, Track *track) + m_fileModule = unit->initcompress(track, file->m_fh, file->m_seekok, + file->m_fileFormat == AF_FILE_RAWDATA, &chunkFrames); + ++ if (!m_fileModule) ++ return AF_FAIL; ++ + if (unit->needsRebuffer) + { + assert(unit->nativeSampleFormat == AF_SAMPFMT_TWOSCOMP); + +From 941774c8c0e79007196d7f1e7afdc97689f869b3 Mon Sep 17 00:00:00 2001 +From: Wim Taymans +Date: Thu, 27 Sep 2018 12:09:45 +0200 +Subject: [PATCH 2/3] ALAC: set chunk frameCount to 0 on short read + +--- + libaudiofile/modules/ALAC.cpp | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/libaudiofile/modules/ALAC.cpp b/libaudiofile/modules/ALAC.cpp +index 7593c11..478e2af 100644 +--- a/libaudiofile/modules/ALAC.cpp ++++ b/libaudiofile/modules/ALAC.cpp +@@ -240,6 +240,7 @@ void ALAC::runPull() + if (read(m_inChunk->buffer, bytesPerPacket) < bytesPerPacket) + { + reportReadError(0, m_track->f.framesPerPacket); ++ m_outChunk->frameCount = 0; + return; + } + + +From 822b732fd31ffcb78f6920001e9b1fbd815fa712 Mon Sep 17 00:00:00 2001 +From: Wim Taymans +Date: Thu, 27 Sep 2018 12:11:12 +0200 +Subject: [PATCH 3/3] SimpleModule: set output chunk framecount after pull + +After pulling the data, set the output chunk to the amount of +frames we pulled so that the next module in the chain has the correct +frame count. + +Fixes #50 and #51 +--- + libaudiofile/modules/SimpleModule.cpp | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/libaudiofile/modules/SimpleModule.cpp b/libaudiofile/modules/SimpleModule.cpp +index 2bae1eb..e87932c 100644 +--- a/libaudiofile/modules/SimpleModule.cpp ++++ b/libaudiofile/modules/SimpleModule.cpp +@@ -26,6 +26,7 @@ + void SimpleModule::runPull() + { + pull(m_outChunk->frameCount); ++ m_outChunk->frameCount = m_inChunk->frameCount; + run(*m_inChunk, *m_outChunk); + } + -- cgit v1.2.3-60-g2f50