1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
|
From: Debian Multimedia Maintainers <debian-multimedia@lists.debian.org>
Date: Sat, 11 Nov 2023 18:18:40 +0100
Subject: CVE-2019-8355
---
src/Makefile.am | 2 +-
src/xmalloc.c | 10 ++++++++++
src/xmalloc.h | 6 ++++--
3 files changed, 15 insertions(+), 3 deletions(-)
diff --git a/src/Makefile.am b/src/Makefile.am
index a3a04ed..c76c812 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -95,7 +95,7 @@ libsox_la_LIBADD += @GOMP_LIBS@
libsox_la_CFLAGS = @WARN_CFLAGS@
libsox_la_LDFLAGS = @APP_LDFLAGS@ -version-info @SHLIB_VERSION@ \
- -export-symbols-regex '^(sox_.*|lsx_(([cm]|re)alloc|check_read_params|(close|open)_dllibrary|(debug(_more|_most)?|fail|report|warn)_impl|eof|error|fail_errno|filelength|find_(enum_(text|value)|file_extension)|flush|getopt(_init)?|id3_read_tag|lpc10_(create_(de|en)coder_state|(de|en)code)|raw(read|write)|read(_b_buf|buf|chars)|rewind|seeki|sigfigs3p?|strcasecmp|strdup|tell|unreadb|write(b|_b_buf|buf|s)))$$'
+ -export-symbols-regex '^(sox_.*|lsx_(([cm]|re)alloc.*|check_read_params|(close|open)_dllibrary|(debug(_more|_most)?|fail|report|warn)_impl|eof|error|fail_errno|filelength|find_(enum_(text|value)|file_extension)|flush|getopt(_init)?|lpc10_(create_(de|en)coder_state|(de|en)code)|raw(read|write)|read(_b_buf|buf|chars)|rewind|seeki|sigfigs3p?|strcasecmp|strdup|tell|unreadb|write(b|_b_buf|buf|s)))$$'
if HAVE_WIN32_LTDL
libsox_la_SOURCES += win32-ltdl.c win32-ltdl.h
diff --git a/src/xmalloc.c b/src/xmalloc.c
index 9bf1596..5ca7cdd 100644
--- a/src/xmalloc.c
+++ b/src/xmalloc.c
@@ -41,3 +41,13 @@ void *lsx_realloc(void *ptr, size_t newsize)
return ptr;
}
+
+void *lsx_realloc_array(void *p, size_t n, size_t size)
+{
+ if (n > (size_t)-1 / size) {
+ lsx_fail("malloc size overflow");
+ exit(2);
+ }
+
+ return lsx_realloc(p, n * size);
+}
diff --git a/src/xmalloc.h b/src/xmalloc.h
index 9ee77f6..b2e4619 100644
--- a/src/xmalloc.h
+++ b/src/xmalloc.h
@@ -23,12 +23,14 @@
#include <stddef.h>
#include <string.h>
+LSX_RETURN_VALID void *lsx_realloc_array(void *p, size_t n, size_t size);
+
#define lsx_malloc(size) lsx_realloc(NULL, (size))
#define lsx_calloc(n,s) (((n)*(s))? memset(lsx_malloc((n)*(s)),0,(n)*(s)) : NULL)
#define lsx_Calloc(v,n) v = lsx_calloc(n,sizeof(*(v)))
#define lsx_strdup(p) ((p)? strcpy((char *)lsx_malloc(strlen(p) + 1), p) : NULL)
#define lsx_memdup(p,s) ((p)? memcpy(lsx_malloc(s), p, s) : NULL)
-#define lsx_valloc(v,n) v = lsx_malloc((n)*sizeof(*(v)))
-#define lsx_revalloc(v,n) v = lsx_realloc(v, (n)*sizeof(*(v)))
+#define lsx_valloc(v,n) v = lsx_realloc_array(NULL, n, sizeof(*(v)))
+#define lsx_revalloc(v,n) v = lsx_realloc_array(v, n, sizeof(*(v)))
#endif
|
