1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
|
Description: fixed yet another buffer read overflow in FLAC code
CVE-2017-8362
Author: Erik de Castro Lopo
Origin: upstream
Applied-Upstream: https://github.com/erikd/libsndfile/commit/ef1dbb2df1c0e741486646de40bd638a9c4cd808
Last-Update: 2017-05-28
---
This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
--- libsndfile.orig/src/flac.c
+++ libsndfile/src/flac.c
@@ -169,6 +169,14 @@
const int32_t* const *buffer = pflac->wbuffer ;
unsigned i = 0, j, offset, channels, len ;
+ if (psf->sf.channels != (int) frame->header.channels)
+ { psf_log_printf (psf, "Error: FLAC frame changed from %d to %d channels\n"
+ "Nothing to do but to error out.\n" ,
+ psf->sf.channels, frame->header.channels) ;
+ psf->error = SFE_FLAC_CHANNEL_COUNT_CHANGED ;
+ return 0 ;
+ } ;
+
/*
** frame->header.blocksize is variable and we're using a constant blocksize
** of FLAC__MAX_BLOCK_SIZE.
@@ -202,7 +210,6 @@
return 0 ;
} ;
-
len = SF_MIN (pflac->len, frame->header.blocksize) ;
if (pflac->remain % channels != 0)
@@ -436,7 +443,7 @@
{ case FLAC__METADATA_TYPE_STREAMINFO :
if (psf->sf.channels > 0 && psf->sf.channels != (int) metadata->data.stream_info.channels)
{ psf_log_printf (psf, "Error: FLAC stream changed from %d to %d channels\n"
- "Nothing to be but to error out.\n" ,
+ "Nothing to do but to error out.\n" ,
psf->sf.channels, metadata->data.stream_info.channels) ;
psf->error = SFE_FLAC_CHANNEL_COUNT_CHANGED ;
return ;
|
