Package: audiofile / 0.3.6-5

Metadata

Package Version Patches format
audiofile 0.3.6-5 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
01_gcc6.patch | (download)

libaudiofile/modules/SimpleModule.h | 2 1 + 1 - 0 !
test/FloatToInt.cpp | 2 1 + 1 - 0 !
test/IntToFloat.cpp | 2 1 + 1 - 0 !
test/NeXT.cpp | 14 7 + 7 - 0 !
test/Sign.cpp | 2 1 + 1 - 0 !
5 files changed, 11 insertions(+), 11 deletions(-)

 fix ftbfs with gcc 6
02_hurd.patch | (download)

test/TestUtilities.cpp | 16 8 + 8 - 0 !
test/TestUtilities.h | 2 1 + 1 - 0 !
test/floatto24.c | 5 3 + 2 - 0 !
test/sixteen-to-eight.c | 5 3 + 2 - 0 !
test/testchannelmatrix.c | 10 7 + 3 - 0 !
test/testdouble.c | 10 7 + 3 - 0 !
test/testfloat.c | 10 7 + 3 - 0 !
test/testmarkers.c | 10 7 + 3 - 0 !
test/twentyfour.c | 5 3 + 2 - 0 !
test/twentyfour2.c | 10 7 + 3 - 0 !
test/writealaw.c | 10 7 + 3 - 0 !
test/writeraw.c | 10 7 + 3 - 0 !
test/writeulaw.c | 10 7 + 3 - 0 !
13 files changed, 74 insertions(+), 39 deletions(-)

 remove usage of path_max in tests to fix ftbfs on hurd.
 jcowgill: Removed Changelog changes
03_CVE 2015 7747.patch | (download)

libaudiofile/modules/ModuleState.cpp | 2 1 + 1 - 0 !
test/Makefile.am | 2 2 + 0 - 0 !
test/sixteen-stereo-to-eight-mono.c | 118 118 + 0 - 0 !
3 files changed, 121 insertions(+), 1 deletion(-)

 fix buffer overflow when changing both sample format and
 number of channels
04_clamp index values to fix index overflow in IMA.cpp.patch | (download)

libaudiofile/modules/IMA.cpp | 4 2 + 2 - 0 !
1 file changed, 2 insertions(+), 2 deletions(-)

 clamp index values to fix index overflow in ima.cpp

This fixes #33
(also reported at https://bugzilla.opensuse.org/show_bug.cgi?id=1026981
and https://blogs.gentoo.org/ago/2017/02/20/audiofile-global-buffer-overflow-in-decodesample-ima-cpp/)

05_Always check the number of coefficients.patch | (download)

libaudiofile/WAVE.cpp | 6 6 + 0 - 0 !
1 file changed, 6 insertions(+)

 always check the number of coefficients

When building the library with NDEBUG, asserts are eliminated
so it's better to always check that the number of coefficients
is inside the array range.

This fixes the 00191-audiofile-indexoob issue in #41

06_Check for multiplication overflow in MSADPCM decodeSam.patch | (download)

libaudiofile/modules/BlockCodec.cpp | 5 3 + 2 - 0 !
libaudiofile/modules/MSADPCM.cpp | 47 43 + 4 - 0 !
2 files changed, 46 insertions(+), 6 deletions(-)

 check for multiplication overflow in msadpcm decodesample

Check for multiplication overflow (using __builtin_mul_overflow
if available) in MSADPCM.cpp decodeSample and return an empty
decoded block if an error occurs.

This fixes the 00193-audiofile-signintoverflow-MSADPCM case of #41

07_Check for multiplication overflow in sfconvert.patch | (download)

sfcommands/sfconvert.c | 34 32 + 2 - 0 !
1 file changed, 32 insertions(+), 2 deletions(-)

 check for multiplication overflow in sfconvert

Checks that a multiplication doesn't overflow when
calculating the buffer size, and if it overflows,
reduce the buffer size instead of failing.

This fixes the 00192-audiofile-signintoverflow-sfconvert case
in #41

08_Fix signature of multiplyCheckOverflow. It returns a b.patch | (download)

libaudiofile/modules/MSADPCM.cpp | 2 1 + 1 - 0 !
sfcommands/sfconvert.c | 2 1 + 1 - 0 !
2 files changed, 2 insertions(+), 2 deletions(-)

 fix signature of multiplycheckoverflow. it returns a bool, not an int


09_Actually fail when error occurs in parseFormat.patch | (download)

libaudiofile/WAVE.cpp | 2 2 + 0 - 0 !
1 file changed, 2 insertions(+)

 actually fail when error occurs in parseformat

When there's an unsupported number of bits per sample or an invalid
number of samples per block, don't only print an error message using
the error handler, but actually stop parsing the file.

This fixes #35 (also reported at
https://bugzilla.opensuse.org/show_bug.cgi?id=1026983 and
https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-imadecodeblockwave-ima-cpp/
)

10_Check for division by zero in BlockCodec runPull.patch | (download)

libaudiofile/modules/BlockCodec.cpp | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 check for division by zero in blockcodec::runpull


11_CVE 2018 13440.patch | (download)

libaudiofile/modules/ModuleState.cpp | 3 3 + 0 - 0 !
1 file changed, 3 insertions(+)

 [patch] modulestate: handle compress/decompress init failure

When the unit initcompress or initdecompress function fails,
m_fileModule is NULL. Return AF_FAIL in that case instead of
causing NULL pointer dereferences later.

Fixes #49

12_CVE 2018 17095.patch | (download)

libaudiofile/modules/SimpleModule.cpp | 1 1 + 0 - 0 !
1 file changed, 1 insertion(+)

 [patch] simplemodule: set output chunk framecount after pull

After pulling the data, set the output chunk to the amount of
frames we pulled so that the next module in the chain has the correct
frame count.

Fixes #50 and #51