diff options
Diffstat (limited to 'abs/core-testing/libsndfile/overflow.dpatch')
-rw-r--r-- | abs/core-testing/libsndfile/overflow.dpatch | 46 |
1 files changed, 46 insertions, 0 deletions
diff --git a/abs/core-testing/libsndfile/overflow.dpatch b/abs/core-testing/libsndfile/overflow.dpatch new file mode 100644 index 0000000..108b68c --- /dev/null +++ b/abs/core-testing/libsndfile/overflow.dpatch @@ -0,0 +1,46 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## overflow.dpatch by Samuel Mimram <smimram@debian.org> +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Fix a buffer overflow (CVE-2007-4974). See #443386. + +@DPATCH@ +diff -urNad libsndfile-1.0.17~/src/flac.c libsndfile-1.0.17/src/flac.c +--- libsndfile-1.0.17~/src/flac.c 2007-09-20 23:38:16.000000000 +0000 ++++ libsndfile-1.0.17/src/flac.c 2007-09-20 23:38:16.000000000 +0000 +@@ -57,7 +57,7 @@ + ** Private static functions. + */ + +-#define ENC_BUFFER_SIZE 4096 ++#define ENC_BUFFER_SIZE 8192 + + typedef enum + { PFLAC_PCM_SHORT = 0, +@@ -202,6 +202,17 @@ + const FLAC__int32* const *buffer = pflac->wbuffer ; + unsigned i = 0, j, offset ; + ++ /* ++ ** frame->header.blocksize is variable and we're using a constant blocksize ++ ** of FLAC__MAX_BLOCK_SIZE. ++ ** Check our assumptions here. ++ */ ++ if (frame->header.blocksize > FLAC__MAX_BLOCK_SIZE) ++ { psf_log_printf (psf, "Ooops : frame->header.blocksize (%d) > FLAC__MAX_BLOCK_SIZE (%d)\n", __func__, __LINE__, frame->header.blocksize, FLAC__MAX_BLOCK_SIZE) ; ++ psf->error = SFE_INTERNAL ; ++ return 0 ; ++ } ; ++ + if (pflac->ptr == NULL) + { /* + ** Not sure why this code is here and not elsewhere. +@@ -210,7 +221,7 @@ + pflac->bufferbackup = SF_TRUE ; + for (i = 0 ; i < frame->header.channels ; i++) + { if (pflac->rbuffer [i] == NULL) +- pflac->rbuffer [i] = calloc (frame->header.blocksize, sizeof (FLAC__int32)) ; ++ pflac->rbuffer [i] = calloc (FLAC__MAX_BLOCK_SIZE, sizeof (FLAC__int32)) ; + memcpy (pflac->rbuffer [i], buffer [i], frame->header.blocksize * sizeof (FLAC__int32)) ; + } ; + pflac->wbuffer = (const FLAC__int32* const*) pflac->rbuffer ; |