Package: libsndfile / 1.0.28-6

CVE-2019-3832.patch Patch series | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
From: Emilio Pozuelo Monfort <pochu27@gmail.com>
Date: Tue, 5 Mar 2019 11:27 +0100
Subject: Fix for CVE-2019-3832

Origin: https://github.com/erikd/libsndfile/pull/460
Applied-Upstream: https://github.com/erikd/libsndfile/commit/7408c4c788ce047d4e652b60a04e7796bcd7267e
---
This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
--- libsndfile.orig/src/wav.c
+++ libsndfile/src/wav.c
@@ -1094,6 +1094,10 @@
 		psf_binheader_writef (psf, "44", 0, 0) ; /* SMTPE format */
 		psf_binheader_writef (psf, "44", psf->instrument->loop_count, 0) ;
 
+		/* Make sure we don't read past the loops array end. */
+		if (psf->instrument->loop_count > ARRAY_LEN (psf->instrument->loops))
+			psf->instrument->loop_count = ARRAY_LEN (psf->instrument->loops) ;
+
 		for (tmp = 0 ; tmp < psf->instrument->loop_count ; tmp++)
 		{	int type ;