gnu/packages/patches/mpg321-CVE-2019-14247.patch

   1 This patch was downloaded from https://sourceforge.net/p/mpg321/bugs/51/ and
   2 fixes CVE-2019-14247.
   3
   4 Description: Handle illegal bitrate value
   5 Author: Chrysostomos Nanakos <cnanakos@debian.org>
   6 Bug-Debian: https://bugs.debian.org/870406
   7 Bug-Debian: https://bugs.debian.org/887057
   8
   9 --- mpg321-0.3.2.orig/mad.c
  10 +++ mpg321-0.3.2/mad.c
  11 @@ -574,6 +574,12 @@ void scan(void const *ptr, ssize_t len,
  12
  13      if (!is_vbr)
  14      {
  15 +       if (header.bitrate <= 0)
  16 +        {
  17 +            fprintf(stderr, "Illegal bit allocation value\n");
  18 +            return;
  19 +        }
  20 +
  21          double time = (len * 8.0) / (header.bitrate); /* time in seconds */
  22          double timefrac = (double)time - ((long)(time));
  23          long nsamples = 32 * MAD_NSBSAMPLES(&header); /* samples per frame */