programs/sndfile-convert.c | 2 1 + 1 - 0 !
src/ogg.c | 2 1 + 1 - 0 !
src/ogg_opus.c | 2 1 + 1 - 0 !
src/wavlike.c | 2 1 + 1 - 0 !
tests/misc_test.c | 2 1 + 1 - 0 !
tests/win32_test.c | 12 6 + 6 - 0 !
6 files changed, 11 insertions(+), 11 deletions(-)

 fixed spelling errors

src/mat4.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 [patch 05/17] mat4/mat5: fix int overflow in dataend calculation

The clang sanitizer warns of a possible signed integer overflow when
calculating the `dataend` value in `mat4_read_header()`.

```
src/mat4.c:323:41: runtime error: signed integer overflow: 205 * -100663296 cannot be represented in type 'int'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior src/mat4.c:323:41 in
src/mat4.c:323:48: runtime error: signed integer overflow: 838860800 * 4 cannot be represented in type 'int'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior src/mat4.c:323:48 in
```

Cast the offending `rows` and `cols` ints to `sf_count_t` (the type of
`dataend` before performing the calculation, to avoid the issue.

CVE: CVE-2022-33065
Fixes: https://github.com/libsndfile/libsndfile/issues/789
Fixes: https://github.com/libsndfile/libsndfile/issues/833

Signed-off-by: Alex Stewart <alex.stewart@ni.com>

src/au.c | 10 6 + 4 - 0 !
1 file changed, 6 insertions(+), 4 deletions(-)

 [patch 06/17] au: avoid int overflow while calculating data_end

At several points in au_read_header(), we calculate the functional end
of the data segment by adding the (int)au_fmt.dataoffset and the
(int)au_fmt.datasize. This can overflow the implicit int_32 return value
and cause undefined behavior.

Instead, precalculate the value and assign it to a 64-bit
(sf_count_t)data_end variable.

CVE: CVE-2022-33065
Fixes: https://github.com/libsndfile/libsndfile/issues/833

Signed-off-by: Alex Stewart <alex.stewart@ni.com>

src/avr.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 [patch 07/17] avr: fix int overflow in avr_read_header()

Pre-cast hdr.frames to sf_count_t, to provide the calculation with
enough numeric space to avoid an int-overflow.

CVE: CVE-2022-33065
Fixes: https://github.com/libsndfile/libsndfile/issues/833

Signed-off-by: Alex Stewart <alex.stewart@ni.com>

src/sds.c | 6 3 + 3 - 0 !
1 file changed, 3 insertions(+), 3 deletions(-)

 [patch 08/17] sds: fix int overflow warning in sample calculations

The sds_*byte_read() functions compose their uint_32 sample buffers by
shifting 7bit samples into a 32bit wide buffer, and adding them
together. Because the 7bit samples are stored in 32bit ints, code
fuzzers become concerned that the addition operation can overflow and
cause undefined behavior.

Instead, bitwise-OR the bytes together - which should accomplish the
same arithmetic operation, without risking an int-overflow.

CVE: CVE-2022-33065
Fixes: https://github.com/libsndfile/libsndfile/issues/833

Signed-off-by: Alex Stewart <alex.stewart@ni.com>

Do the same for the 3byte and 4byte read functions.

src/aiff.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 [patch 09/17] aiff: fix int overflow when counting header elements

aiff_read_basc_chunk() tries to count the AIFF header size by keeping
track of the bytes returned by psf_binheader_readf(). Though improbable,
it is technically possible for these added bytes to exceed the int-sized
`count` accumulator.

Use a 64-bit sf_count_t type for `count`, to ensure that it always has
enough numeric space.

CVE: CVE-2022-33065
Fixes: https://github.com/libsndfile/libsndfile/issues/833

Signed-off-by: Alex Stewart <alex.stewart@ni.com>

src/common.h | 2 1 + 1 - 0 !
src/ircam.c | 10 5 + 5 - 0 !
2 files changed, 6 insertions(+), 6 deletions(-)

 [patch 10/17] ircam: fix int overflow in ircam_read_header()

When reading the IRCAM header, it is possible for the calculated
blockwidth to exceed the bounds of a signed int32.

Use a 64bit sf_count_t to store the blockwidth.

CVE: CVE-2022-33065
Fixes: https://github.com/libsndfile/libsndfile/issues/833

Signed-off-by: Alex Stewart <alex.stewart@ni.com>

src/mat4.c | 2 1 + 1 - 0 !
src/mat5.c | 2 1 + 1 - 0 !
2 files changed, 2 insertions(+), 2 deletions(-)

 [patch 11/17] mat4/mat5: fix int overflow when calculating blockwidth

Pre-cast the components of the blockwidth calculation to sf_count_t to
avoid overflowing integers during calculation.

CVE: CVE-2022-33065
Fixes: https://github.com/libsndfile/libsndfile/issues/833

Signed-off-by: Alex Stewart <alex.stewart@ni.com>

src/common.c | 36 24 + 12 - 0 !
1 file changed, 24 insertions(+), 12 deletions(-)

 [patch 12/17] common: fix int overflow in psf_binheader_readf()

The psf_binheader_readf() function attempts to count and return the
number of bytes traversed in the header. During this accumulation, it is
possible to overflow the int-sized byte_count variable.

Avoid this overflow by checking that the accumulated bytes do not exceed
INT_MAX and throwing an error if they do. This implies that files with
multi-gigabyte headers threaten to produce this error, but I imagine
those files don't really exist - and this error is better than the
undefined behavior which would have resulted previously.

CVE: CVE-2022-33065
Fixes: https://github.com/libsndfile/libsndfile/issues/833

Signed-off-by: Alex Stewart <alex.stewart@ni.com>

src/nms_adpcm.c | 83 41 + 42 - 0 !
1 file changed, 41 insertions(+), 42 deletions(-)

 [patch 13/17] nms_adpcm: fix int overflow in signal estimate

It is possible (though functionally incorrect) for the signal estimate
calculation in nms_adpcm_update() to overflow the int value of s_e,
resulting in undefined behavior.

Since adpcm state signal values are never practically larger than
16 bits, use smaller numeric sizes throughout the file to avoid the
overflow.

CVE: CVE-2022-33065
Fixes: https://github.com/libsndfile/libsndfile/issues/833

Authored-by: Arthur Taylor <art@ified.ca>
Signed-off-by: Alex Stewart <alex.stewart@ni.com>

src/nms_adpcm.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 [patch 14/17] nms_adpcm: fix int overflow in sf.frames calc

When calculating sf.frames from the blocks_total PNMS variable, it is
theoretically possible to overflow the blocks_total int boundaries,
leading to undefined behavior.

Cast blocks_total to a long-sized sf_count_t before the calculation, to
provide it with enough numeric space and because that is the final
typing regardless.

CVE: CVE-2022-33065
Fixes: https://github.com/libsndfile/libsndfile/issues/833

Signed-off-by: Alex Stewart <alex.stewart@ni.com>

src/pcm.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 [patch 15/17] pcm: fix int overflow in pcm_init()

Cast the int-sized bytewidth variable to a long-sized sf_count_t type
prior to calculating the blockwidth, to provide the calculation with
enough numeric space and sf_count_t is the final typing regardless.

CVE: CVE-2022-33065
Fixes: https://github.com/libsndfile/libsndfile/issues/833

Signed-off-by: Alex Stewart <alex.stewart@ni.com>

src/rf64.c | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 [patch 16/17] rf64: fix int overflow in rf64_read_header()

When checking for mismatches between the filelength and riff_size, it is
possible to overflow the temporary riff_size value used in the
comparison by adding a static offset; which is probably fine, but it is
offensive to overflow fuzzers.

Since filelength is always a positive value, simply move the offset to
the other side of the comparison operator as a negative value, avoid the
possibility of an overflow.

CVE: CVE-2022-33065
Fixes: https://github.com/libsndfile/libsndfile/issues/833

Signed-off-by: Alex Stewart <alex.stewart@ni.com>

src/ima_adpcm.c | 6 3 + 3 - 0 !
1 file changed, 3 insertions(+), 3 deletions(-)

 [patch 17/17] ima_adpcm: fix int overflow in ima_reader_init()

When calculating sf.frames, pre-cast samplesperblock to sf_count_t, to
provide the calculation with enough numeric space to avoid overflows.

Other changes in this commit are syntactic, and only to satisfy the git
pre-commit syntax checker.

CVE: CVE-2022-33065
Fixes: https://github.com/libsndfile/libsndfile/issues/833

Signed-off-by: Alex Stewart <alex.stewart@ni.com>

src/ogg.c | 12 8 + 4 - 0 !
src/ogg_opus.c | 17 10 + 7 - 0 !
src/ogg_vorbis.c | 170 96 + 74 - 0 !
3 files changed, 114 insertions(+), 85 deletions(-)

 [patch 39/41] src/ogg: better error checking for vorbis. fixes #1035

src/mpeg_l3_encode.c | 4 2 + 2 - 0 !
1 file changed, 2 insertions(+), 2 deletions(-)

 [patch 51/52] update mpeg_l3_encode.c

fix memoryLeak bug

programs/sndfile-convert.c | 4 4 + 0 - 0 !
1 file changed, 4 insertions(+)

 [patch 52/52] update sndfile-convert.c

fix memoryLeak in sndfile-conver.c

tests/test_wrapper.sh.in | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

---