5c9590b543
- reformat whitespace in audioop.c (patch 106) - CVE-2010-1634: fix various integer overflow checks in the audioop module (patch 107) - CVE-2010-2089: further checks within the audioop module (patch 108) - CVE-2008-5983: the new PySys_SetArgvEx entry point from r81399 (patch 109)
314 lines
10 KiB
Diff
314 lines
10 KiB
Diff
diff -up Python-3.1.2/Modules/audioop.c.CVE-2010-2089 Python-3.1.2/Modules/audioop.c
|
|
--- Python-3.1.2/Modules/audioop.c.CVE-2010-2089 2010-06-04 14:55:04.281964205 -0400
|
|
+++ Python-3.1.2/Modules/audioop.c 2010-06-04 15:04:32.896088959 -0400
|
|
@@ -295,6 +295,29 @@ static int stepsizeTable[89] = {
|
|
|
|
static PyObject *AudioopError;
|
|
|
|
+static int
|
|
+audioop_check_size(int size)
|
|
+{
|
|
+ if ( size != 1 && size != 2 && size != 4 ) {
|
|
+ PyErr_SetString(AudioopError, "Size should be 1, 2 or 4");
|
|
+ return 0;
|
|
+ } else {
|
|
+ return 1;
|
|
+ }
|
|
+}
|
|
+
|
|
+static int
|
|
+audioop_check_parameters(int len, int size)
|
|
+{
|
|
+ if (!audioop_check_size(size))
|
|
+ return 0;
|
|
+ if ( len % size != 0 ) {
|
|
+ PyErr_SetString(AudioopError, "not a whole number of frames");
|
|
+ return 0;
|
|
+ }
|
|
+ return 1;
|
|
+}
|
|
+
|
|
static PyObject *
|
|
audioop_getsample(PyObject *self, PyObject *args)
|
|
{
|
|
@@ -304,10 +327,8 @@ audioop_getsample(PyObject *self, PyObje
|
|
|
|
if ( !PyArg_ParseTuple(args, "s#ii:getsample", &cp, &len, &size, &i) )
|
|
return 0;
|
|
- if ( size != 1 && size != 2 && size != 4 ) {
|
|
- PyErr_SetString(AudioopError, "Size should be 1, 2 or 4");
|
|
- return 0;
|
|
- }
|
|
+ if (!audioop_check_parameters(len, size))
|
|
+ return NULL;
|
|
if ( i < 0 || i >= len/size ) {
|
|
PyErr_SetString(AudioopError, "Index out of range");
|
|
return 0;
|
|
@@ -328,10 +349,8 @@ audioop_max(PyObject *self, PyObject *ar
|
|
|
|
if ( !PyArg_ParseTuple(args, "s#i:max", &cp, &len, &size) )
|
|
return 0;
|
|
- if ( size != 1 && size != 2 && size != 4 ) {
|
|
- PyErr_SetString(AudioopError, "Size should be 1, 2 or 4");
|
|
- return 0;
|
|
- }
|
|
+ if (!audioop_check_parameters(len, size))
|
|
+ return NULL;
|
|
for ( i=0; i<len; i+= size) {
|
|
if ( size == 1 ) val = (int)*CHARP(cp, i);
|
|
else if ( size == 2 ) val = (int)*SHORTP(cp, i);
|
|
@@ -352,10 +371,8 @@ audioop_minmax(PyObject *self, PyObject
|
|
|
|
if (!PyArg_ParseTuple(args, "s#i:minmax", &cp, &len, &size))
|
|
return NULL;
|
|
- if (size != 1 && size != 2 && size != 4) {
|
|
- PyErr_SetString(AudioopError, "Size should be 1, 2 or 4");
|
|
+ if (!audioop_check_parameters(len, size))
|
|
return NULL;
|
|
- }
|
|
for (i = 0; i < len; i += size) {
|
|
if (size == 1) val = (int) *CHARP(cp, i);
|
|
else if (size == 2) val = (int) *SHORTP(cp, i);
|
|
@@ -376,10 +393,8 @@ audioop_avg(PyObject *self, PyObject *ar
|
|
|
|
if ( !PyArg_ParseTuple(args, "s#i:avg", &cp, &len, &size) )
|
|
return 0;
|
|
- if ( size != 1 && size != 2 && size != 4 ) {
|
|
- PyErr_SetString(AudioopError, "Size should be 1, 2 or 4");
|
|
- return 0;
|
|
- }
|
|
+ if (!audioop_check_parameters(len, size))
|
|
+ return NULL;
|
|
for ( i=0; i<len; i+= size) {
|
|
if ( size == 1 ) val = (int)*CHARP(cp, i);
|
|
else if ( size == 2 ) val = (int)*SHORTP(cp, i);
|
|
@@ -403,10 +418,8 @@ audioop_rms(PyObject *self, PyObject *ar
|
|
|
|
if ( !PyArg_ParseTuple(args, "s#i:rms", &cp, &len, &size) )
|
|
return 0;
|
|
- if ( size != 1 && size != 2 && size != 4 ) {
|
|
- PyErr_SetString(AudioopError, "Size should be 1, 2 or 4");
|
|
- return 0;
|
|
- }
|
|
+ if (!audioop_check_parameters(len, size))
|
|
+ return NULL;
|
|
for ( i=0; i<len; i+= size) {
|
|
if ( size == 1 ) val = (int)*CHARP(cp, i);
|
|
else if ( size == 2 ) val = (int)*SHORTP(cp, i);
|
|
@@ -614,10 +627,8 @@ audioop_avgpp(PyObject *self, PyObject *
|
|
|
|
if ( !PyArg_ParseTuple(args, "s#i:avgpp", &cp, &len, &size) )
|
|
return 0;
|
|
- if ( size != 1 && size != 2 && size != 4 ) {
|
|
- PyErr_SetString(AudioopError, "Size should be 1, 2 or 4");
|
|
- return 0;
|
|
- }
|
|
+ if (!audioop_check_parameters(len, size))
|
|
+ return NULL;
|
|
/* Compute first delta value ahead. Also automatically makes us
|
|
** skip the first extreme value
|
|
*/
|
|
@@ -671,10 +682,8 @@ audioop_maxpp(PyObject *self, PyObject *
|
|
|
|
if ( !PyArg_ParseTuple(args, "s#i:maxpp", &cp, &len, &size) )
|
|
return 0;
|
|
- if ( size != 1 && size != 2 && size != 4 ) {
|
|
- PyErr_SetString(AudioopError, "Size should be 1, 2 or 4");
|
|
- return 0;
|
|
- }
|
|
+ if (!audioop_check_parameters(len, size))
|
|
+ return NULL;
|
|
/* Compute first delta value ahead. Also automatically makes us
|
|
** skip the first extreme value
|
|
*/
|
|
@@ -722,10 +731,8 @@ audioop_cross(PyObject *self, PyObject *
|
|
|
|
if ( !PyArg_ParseTuple(args, "s#i:cross", &cp, &len, &size) )
|
|
return 0;
|
|
- if ( size != 1 && size != 2 && size != 4 ) {
|
|
- PyErr_SetString(AudioopError, "Size should be 1, 2 or 4");
|
|
- return 0;
|
|
- }
|
|
+ if (!audioop_check_parameters(len, size))
|
|
+ return NULL;
|
|
ncross = -1;
|
|
prevval = 17; /* Anything <> 0,1 */
|
|
for ( i=0; i<len; i+= size) {
|
|
@@ -751,6 +758,9 @@ audioop_mul(PyObject *self, PyObject *ar
|
|
if ( !PyArg_ParseTuple(args, "s#id:mul", &cp, &len, &size, &factor ) )
|
|
return 0;
|
|
|
|
+ if (!audioop_check_parameters(len, size))
|
|
+ return NULL;
|
|
+
|
|
if ( size == 1 ) maxval = (double) 0x7f;
|
|
else if ( size == 2 ) maxval = (double) 0x7fff;
|
|
else if ( size == 4 ) maxval = (double) 0x7fffffff;
|
|
@@ -793,6 +803,14 @@ audioop_tomono(PyObject *self, PyObject
|
|
if ( !PyArg_ParseTuple(args, "s*idd:tomono",
|
|
&pcp, &size, &fac1, &fac2 ) )
|
|
return 0;
|
|
+
|
|
+ if (!audioop_check_parameters(len, size))
|
|
+ return NULL;
|
|
+ if ( ((len / size) & 1) != 0 ) {
|
|
+ PyErr_SetString(AudioopError, "not a whole number of frames");
|
|
+ return NULL;
|
|
+ }
|
|
+
|
|
cp = pcp.buf;
|
|
len = pcp.len;
|
|
|
|
@@ -843,6 +861,9 @@ audioop_tostereo(PyObject *self, PyObjec
|
|
&cp, &len, &size, &fac1, &fac2 ) )
|
|
return 0;
|
|
|
|
+ if (!audioop_check_parameters(len, size))
|
|
+ return NULL;
|
|
+
|
|
if ( size == 1 ) maxval = (double) 0x7f;
|
|
else if ( size == 2 ) maxval = (double) 0x7fff;
|
|
else if ( size == 4 ) maxval = (double) 0x7fffffff;
|
|
@@ -901,6 +922,9 @@ audioop_add(PyObject *self, PyObject *ar
|
|
&cp1, &len1, &cp2, &len2, &size ) )
|
|
return 0;
|
|
|
|
+ if (!audioop_check_parameters(len1, size))
|
|
+ return NULL;
|
|
+
|
|
if ( len1 != len2 ) {
|
|
PyErr_SetString(AudioopError, "Lengths should be the same");
|
|
return 0;
|
|
@@ -955,10 +979,8 @@ audioop_bias(PyObject *self, PyObject *a
|
|
&cp, &len, &size , &bias) )
|
|
return 0;
|
|
|
|
- if ( size != 1 && size != 2 && size != 4) {
|
|
- PyErr_SetString(AudioopError, "Size should be 1, 2 or 4");
|
|
- return 0;
|
|
- }
|
|
+ if (!audioop_check_parameters(len, size))
|
|
+ return NULL;
|
|
|
|
rv = PyBytes_FromStringAndSize(NULL, len);
|
|
if ( rv == 0 )
|
|
@@ -991,10 +1013,8 @@ audioop_reverse(PyObject *self, PyObject
|
|
&cp, &len, &size) )
|
|
return 0;
|
|
|
|
- if ( size != 1 && size != 2 && size != 4 ) {
|
|
- PyErr_SetString(AudioopError, "Size should be 1, 2 or 4");
|
|
- return 0;
|
|
- }
|
|
+ if (!audioop_check_parameters(len, size))
|
|
+ return NULL;
|
|
|
|
rv = PyBytes_FromStringAndSize(NULL, len);
|
|
if ( rv == 0 )
|
|
@@ -1028,11 +1048,10 @@ audioop_lin2lin(PyObject *self, PyObject
|
|
&cp, &len, &size, &size2) )
|
|
return 0;
|
|
|
|
- if ( (size != 1 && size != 2 && size != 4) ||
|
|
- (size2 != 1 && size2 != 2 && size2 != 4)) {
|
|
- PyErr_SetString(AudioopError, "Size should be 1, 2 or 4");
|
|
- return 0;
|
|
- }
|
|
+ if (!audioop_check_parameters(len, size))
|
|
+ return NULL;
|
|
+ if (!audioop_check_size(size2))
|
|
+ return NULL;
|
|
|
|
if (len/size > INT_MAX/size2) {
|
|
PyErr_SetString(PyExc_MemoryError,
|
|
@@ -1082,10 +1101,8 @@ audioop_ratecv(PyObject *self, PyObject
|
|
&nchannels, &inrate, &outrate, &state,
|
|
&weightA, &weightB))
|
|
return NULL;
|
|
- if (size != 1 && size != 2 && size != 4) {
|
|
- PyErr_SetString(AudioopError, "Size should be 1, 2 or 4");
|
|
+ if (!audioop_check_size(size))
|
|
return NULL;
|
|
- }
|
|
if (nchannels < 1) {
|
|
PyErr_SetString(AudioopError, "# of channels should be >= 1");
|
|
return NULL;
|
|
@@ -1261,10 +1278,8 @@ audioop_lin2ulaw(PyObject *self, PyObjec
|
|
&cp, &len, &size) )
|
|
return 0 ;
|
|
|
|
- if ( size != 1 && size != 2 && size != 4) {
|
|
- PyErr_SetString(AudioopError, "Size should be 1, 2 or 4");
|
|
- return 0;
|
|
- }
|
|
+ if (!audioop_check_parameters(len, size))
|
|
+ return NULL;
|
|
|
|
rv = PyBytes_FromStringAndSize(NULL, len/size);
|
|
if ( rv == 0 )
|
|
@@ -1295,10 +1310,8 @@ audioop_ulaw2lin(PyObject *self, PyObjec
|
|
&cp, &len, &size) )
|
|
return 0;
|
|
|
|
- if ( size != 1 && size != 2 && size != 4) {
|
|
- PyErr_SetString(AudioopError, "Size should be 1, 2 or 4");
|
|
- return 0;
|
|
- }
|
|
+ if (!audioop_check_size(size))
|
|
+ return NULL;
|
|
|
|
if (len > INT_MAX/size) {
|
|
PyErr_SetString(PyExc_MemoryError,
|
|
@@ -1334,10 +1347,8 @@ audioop_lin2alaw(PyObject *self, PyObjec
|
|
&cp, &len, &size) )
|
|
return 0;
|
|
|
|
- if ( size != 1 && size != 2 && size != 4) {
|
|
- PyErr_SetString(AudioopError, "Size should be 1, 2 or 4");
|
|
- return 0;
|
|
- }
|
|
+ if (!audioop_check_parameters(len, size))
|
|
+ return NULL;
|
|
|
|
rv = PyBytes_FromStringAndSize(NULL, len/size);
|
|
if ( rv == 0 )
|
|
@@ -1368,10 +1379,8 @@ audioop_alaw2lin(PyObject *self, PyObjec
|
|
&cp, &len, &size) )
|
|
return 0;
|
|
|
|
- if ( size != 1 && size != 2 && size != 4) {
|
|
- PyErr_SetString(AudioopError, "Size should be 1, 2 or 4");
|
|
- return 0;
|
|
- }
|
|
+ if (!audioop_check_size(size))
|
|
+ return NULL;
|
|
|
|
if (len > INT_MAX/size) {
|
|
PyErr_SetString(PyExc_MemoryError,
|
|
@@ -1409,10 +1418,8 @@ audioop_lin2adpcm(PyObject *self, PyObje
|
|
return 0;
|
|
|
|
|
|
- if ( size != 1 && size != 2 && size != 4) {
|
|
- PyErr_SetString(AudioopError, "Size should be 1, 2 or 4");
|
|
- return 0;
|
|
- }
|
|
+ if (!audioop_check_parameters(len, size))
|
|
+ return NULL;
|
|
|
|
str = PyBytes_FromStringAndSize(NULL, len/(size*2));
|
|
if ( str == 0 )
|
|
@@ -1516,10 +1523,8 @@ audioop_adpcm2lin(PyObject *self, PyObje
|
|
&cp, &len, &size, &state) )
|
|
return 0;
|
|
|
|
- if ( size != 1 && size != 2 && size != 4) {
|
|
- PyErr_SetString(AudioopError, "Size should be 1, 2 or 4");
|
|
- return 0;
|
|
- }
|
|
+ if (!audioop_check_size(size))
|
|
+ return NULL;
|
|
|
|
/* Decode state, should have (value, step) */
|
|
if ( state == Py_None ) {
|