[jackhill/guix/guix.git] / gnu / packages / patches / mpg321-CVE-2019-14247.patch

This patch was downloaded from https://sourceforge.net/p/mpg321/bugs/51/ and
fixes CVE-2019-14247.

Description: Handle illegal bitrate value
Author: Chrysostomos Nanakos <cnanakos@debian.org>
Bug-Debian: https://bugs.debian.org/870406
Bug-Debian: https://bugs.debian.org/887057

--- mpg321-0.3.2.orig/mad.c
+++ mpg321-0.3.2/mad.c
@@ -574,6 +574,12 @@ void scan(void const *ptr, ssize_t len,
 
     if (!is_vbr)
     {
+	if (header.bitrate <= 0)                                                
+        {                                                                       
+            fprintf(stderr, "Illegal bit allocation value\n");                                                                              
+            return;                                                             
+        }    
+
         double time = (len * 8.0) / (header.bitrate); /* time in seconds */
         double timefrac = (double)time - ((long)(time));
         long nsamples = 32 * MAD_NSBSAMPLES(&header); /* samples per frame */
Commit	Line	Data
109f5844 KK	1	This patch was downloaded from https://sourceforge.net/p/mpg321/bugs/51/ and
	2	fixes CVE-2019-14247.
	3
	4	Description: Handle illegal bitrate value
	5	Author: Chrysostomos Nanakos <cnanakos@debian.org>
	6	Bug-Debian: https://bugs.debian.org/870406
	7	Bug-Debian: https://bugs.debian.org/887057
	8
	9	--- mpg321-0.3.2.orig/mad.c
	10	+++ mpg321-0.3.2/mad.c
	11	@@ -574,6 +574,12 @@ void scan(void const *ptr, ssize_t len,
	12
	13	if (!is_vbr)
	14	{
	15	+ if (header.bitrate <= 0)
	16	+ {
	17	+ fprintf(stderr, "Illegal bit allocation value\n");
	18	+ return;
	19	+ }
	20	+
	21	double time = (len * 8.0) / (header.bitrate); /* time in seconds */
	22	double timefrac = (double)time - ((long)(time));
	23	long nsamples = 32 * MAD_NSBSAMPLES(&header); /* samples per frame */