rpms/wavpack
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Fix CVE-2021-44269

Browse Source 
Signed-off-by: Peter Lemenkov <lemenkov@gmail.com>
This commit is contained in:
Peter Lemenkov 2022-04-06 22:27:07 +02:00
parent 65c9683474
commit 89b10b6537
2 changed files with 40 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
wavpack-0001-issue-110-sanitize-DSD-file-types-for-invalid-length.patch Normal file
View File

@ -0,0 +1,34 @@
From: David Bryant <david@wavpack.com>
Date: Tue, 23 Nov 2021 13:14:35 -0800
Subject: [PATCH] issue #110: sanitize DSD file types for invalid lengths
diff --git a/cli/dsdiff.c b/cli/dsdiff.c
index d7adb6a..5bdcae3 100644
--- a/cli/dsdiff.c
+++ b/cli/dsdiff.c
@@ -278,6 +278,12 @@ int ParseDsdiffHeaderConfig (FILE *infile, char *infilename, char *fourcc, Wavpa
}
total_samples = dff_chunk_header.ckDataSize / config->num_channels;
+
+ if (total_samples <= 0 || total_samples > MAX_WAVPACK_SAMPLES) {
+ error_line ("%s is not a valid .DFF file!", infilename);
+ return WAVPACK_SOFT_ERROR;
+ }
+
break;
}
else { // just copy unknown chunks to output file
diff --git a/cli/dsf.c b/cli/dsf.c
index e1d7973..dddd488 100644
--- a/cli/dsf.c
+++ b/cli/dsf.c
@@ -113,6 +113,7 @@ int ParseDsfHeaderConfig (FILE *infile, char *infilename, char *fourcc, WavpackC
if (format_chunk.ckSize != sizeof (DSFFormatChunk) || format_chunk.formatVersion != 1 ||
format_chunk.formatID != 0 || format_chunk.blockSize != DSF_BLOCKSIZE || format_chunk.reserved ||
+ format_chunk.sampleCount <= 0 || format_chunk.sampleCount > MAX_WAVPACK_SAMPLES * 8 ||
(format_chunk.bitsPerSample != 1 && format_chunk.bitsPerSample != 8) ||
format_chunk.numChannels < 1 || format_chunk.numChannels > 6 ||
format_chunk.chanType < 1 || format_chunk.chanType > NUM_CHAN_TYPES) {

8
wavpack.spec
View File

@ -1,15 +1,16 @@
Name: wavpack
Summary: A completely open audiocodec
Version: 5.4.0
Release: 4%{?dist}
Release: 5%{?dist}
License: BSD
Url: http://www.wavpack.com/
Source: http://www.wavpack.com/%{name}-%{version}.tar.bz2
Patch1: wavpack-0001-issue-110-sanitize-DSD-file-types-for-invalid-length.patch
# For autoreconf
BuildRequires: make
BuildRequires: autoconf
BuildRequires: automake
BuildRequires: libtool
BuildRequires: make
%description
WavPack is a completely open audio compression format providing lossless,
@ -66,6 +67,9 @@ rm -f %{buildroot}/%{_libdir}/*.la
%doc ChangeLog doc/WavPack5PortingGuide.pdf doc/WavPack5LibraryDoc.pdf doc/WavPack5FileFormat.pdf
%changelog
* Wed Apr 6 2022 Peter Lemenkov <lemenkov@gmail.com> - 5.4.0-5
- Fix for CVE-2021-44269
* Sat Jan 22 2022 Fedora Release Engineering <releng@fedoraproject.org> - 5.4.0-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild