37 lines
1.5 KiB
Diff
37 lines
1.5 KiB
Diff
Description: Fix CVE-2017-9258, CVE-2017-9259, CVE-2017-9260
|
|
Based on an upstream commit, original commit message was: "Added sanity
|
|
checks against illegal input audio stream parameters e.g. wildly excessive
|
|
samplerate".
|
|
.
|
|
There is no reference to CVEs or bugs, the commit was made after disclosure
|
|
of the CVEs and all three proofs of concept (crafted wav files) fail after
|
|
this commit.
|
|
.
|
|
The commit was made after version 2.0.0, so that version is also vulnerable.
|
|
.
|
|
Unrelated changes were stripped away by patch author, upstream commit author
|
|
is Olli Parviainen <oparviai@iki.fi>.
|
|
Author: Gabor Karsay <gabor.karsay@gmx.at>
|
|
Origin: upstream, https://sourceforge.net/p/soundtouch/code/256/
|
|
Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870854
|
|
Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870856
|
|
Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870857
|
|
---
|
|
This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
|
|
--- a/source/SoundTouch/TDStretch.cpp
|
|
+++ b/source/SoundTouch/TDStretch.cpp
|
|
@@ -128,7 +128,12 @@
|
|
int aSeekWindowMS, int aOverlapMS)
|
|
{
|
|
// accept only positive parameter values - if zero or negative, use old values instead
|
|
- if (aSampleRate > 0) this->sampleRate = aSampleRate;
|
|
+ if (aSampleRate > 0)
|
|
+ {
|
|
+ if (aSampleRate > 192000) ST_THROW_RT_ERROR("Error: Excessive samplerate");
|
|
+ this->sampleRate = aSampleRate;
|
|
+ }
|
|
+
|
|
if (aOverlapMS > 0) this->overlapMs = aOverlapMS;
|
|
|
|
if (aSequenceMS > 0)
|