Package: libsndfile / 1.0.28-6

src-wav.c-Fix-heap-read-overflow.patch Patch series | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
From: Erik de Castro Lopo <erikd@mega-nerd.com>
Date: Tue, 1 Jan 2019 20:11:46 +1100
Subject: src/wav.c: Fix heap read overflow

This is CVE-2018-19758.

Closes: https://github.com/erikd/libsndfile/issues/435
---
 src/wav.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

--- libsndfile.orig/src/wav.c
+++ libsndfile/src/wav.c
@@ -1,5 +1,5 @@
 /*
-** Copyright (C) 1999-2016 Erik de Castro Lopo <erikd@mega-nerd.com>
+** Copyright (C) 1999-2019 Erik de Castro Lopo <erikd@mega-nerd.com>
 ** Copyright (C) 2004-2005 David Viens <davidv@plogue.com>
 **
 ** This program is free software; you can redistribute it and/or modify
@@ -1098,6 +1098,8 @@
 		if (psf->instrument->loop_count > ARRAY_LEN (psf->instrument->loops))
 			psf->instrument->loop_count = ARRAY_LEN (psf->instrument->loops) ;
 
+		/* Loop count is signed 16 bit number so we limit it range to something sensible. */
+		psf->instrument->loop_count &= 0x7fff ;
 		for (tmp = 0 ; tmp < psf->instrument->loop_count ; tmp++)
 		{	int type ;