[jackhill/guix/guix.git] / gnu / packages / patches / wavpack-CVE-2018-7253.patch

Fix CVE-2018-7253:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7253

Copied from upstream:
https://github.com/dbry/WavPack/commit/36a24c7881427d2e1e4dc1cef58f19eee0d13aec

diff --git a/cli/dsdiff.c b/cli/dsdiff.c
index 410dc1c..c016df9 100644
--- a/cli/dsdiff.c
+++ b/cli/dsdiff.c
@@ -153,7 +153,17 @@ int ParseDsdiffHeaderConfig (FILE *infile, char *infilename, char *fourcc, Wavpa
                 error_line ("dsdiff file version = 0x%08x", version);
         }
         else if (!strncmp (dff_chunk_header.ckID, "PROP", 4)) {
-            char *prop_chunk = malloc ((size_t) dff_chunk_header.ckDataSize);
+            char *prop_chunk;
+
+            if (dff_chunk_header.ckDataSize < 4 || dff_chunk_header.ckDataSize > 1024) {
+                error_line ("%s is not a valid .DFF file!", infilename);
+                return WAVPACK_SOFT_ERROR;
+            }
+
+            if (debug_logging_mode)
+                error_line ("got PROP chunk of %d bytes total", (int) dff_chunk_header.ckDataSize);
+
+            prop_chunk = malloc ((size_t) dff_chunk_header.ckDataSize);
 
             if (!DoReadFile (infile, prop_chunk, (uint32_t) dff_chunk_header.ckDataSize, &bcount) ||
                 bcount != dff_chunk_header.ckDataSize) {
Commit	Line	Data
65f704f3 MB	1	Fix CVE-2018-7253:
	2	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7253
	3
	4	Copied from upstream:
	5	https://github.com/dbry/WavPack/commit/36a24c7881427d2e1e4dc1cef58f19eee0d13aec
	6
	7	diff --git a/cli/dsdiff.c b/cli/dsdiff.c
	8	index 410dc1c..c016df9 100644
	9	--- a/cli/dsdiff.c
	10	+++ b/cli/dsdiff.c
	11	@@ -153,7 +153,17 @@ int ParseDsdiffHeaderConfig (FILE infile, char infilename, char *fourcc, Wavpa
	12	error_line ("dsdiff file version = 0x%08x", version);
	13	}
	14	else if (!strncmp (dff_chunk_header.ckID, "PROP", 4)) {
	15	- char *prop_chunk = malloc ((size_t) dff_chunk_header.ckDataSize);
	16	+ char *prop_chunk;
	17	+
	18	+ if (dff_chunk_header.ckDataSize < 4 \|\| dff_chunk_header.ckDataSize > 1024) {
	19	+ error_line ("%s is not a valid .DFF file!", infilename);
	20	+ return WAVPACK_SOFT_ERROR;
	21	+ }
	22	+
	23	+ if (debug_logging_mode)
	24	+ error_line ("got PROP chunk of %d bytes total", (int) dff_chunk_header.ckDataSize);
	25	+
	26	+ prop_chunk = malloc ((size_t) dff_chunk_header.ckDataSize);
	27
	28	if (!DoReadFile (infile, prop_chunk, (uint32_t) dff_chunk_header.ckDataSize, &bcount) \|\|
	29	bcount != dff_chunk_header.ckDataSize) {