From 89b10b65375f51fac19451c440d7f8d735c72ef0 Mon Sep 17 00:00:00 2001
From: Peter Lemenkov <lemenkov@gmail.com>
Date: Wed, 6 Apr 2022 22:27:07 +0200
Subject: [PATCH] Fix CVE-2021-44269

Signed-off-by: Peter Lemenkov <lemenkov@gmail.com>
---
 ...ze-DSD-file-types-for-invalid-length.patch | 34 +++++++++++++++++++
 wavpack.spec                                  |  8 +++--
 2 files changed, 40 insertions(+), 2 deletions(-)
 create mode 100644 wavpack-0001-issue-110-sanitize-DSD-file-types-for-invalid-length.patch

diff --git a/wavpack-0001-issue-110-sanitize-DSD-file-types-for-invalid-length.patch b/wavpack-0001-issue-110-sanitize-DSD-file-types-for-invalid-length.patch
new file mode 100644
index 0000000..9cbeb77
--- /dev/null
+++ b/wavpack-0001-issue-110-sanitize-DSD-file-types-for-invalid-length.patch
@@ -0,0 +1,34 @@
+From: David Bryant <david@wavpack.com>
+Date: Tue, 23 Nov 2021 13:14:35 -0800
+Subject: [PATCH] issue #110: sanitize DSD file types for invalid lengths
+
+
+diff --git a/cli/dsdiff.c b/cli/dsdiff.c
+index d7adb6a..5bdcae3 100644
+--- a/cli/dsdiff.c
++++ b/cli/dsdiff.c
+@@ -278,6 +278,12 @@ int ParseDsdiffHeaderConfig (FILE *infile, char *infilename, char *fourcc, Wavpa
+             }
+ 
+             total_samples = dff_chunk_header.ckDataSize / config->num_channels;
++
++            if (total_samples <= 0 || total_samples > MAX_WAVPACK_SAMPLES) {
++                error_line ("%s is not a valid .DFF file!", infilename);
++                return WAVPACK_SOFT_ERROR;
++            }
++
+             break;
+         }
+         else {          // just copy unknown chunks to output file
+diff --git a/cli/dsf.c b/cli/dsf.c
+index e1d7973..dddd488 100644
+--- a/cli/dsf.c
++++ b/cli/dsf.c
+@@ -113,6 +113,7 @@ int ParseDsfHeaderConfig (FILE *infile, char *infilename, char *fourcc, WavpackC
+ 
+     if (format_chunk.ckSize != sizeof (DSFFormatChunk) || format_chunk.formatVersion != 1 ||
+         format_chunk.formatID != 0 || format_chunk.blockSize != DSF_BLOCKSIZE || format_chunk.reserved ||
++        format_chunk.sampleCount <= 0 || format_chunk.sampleCount > MAX_WAVPACK_SAMPLES * 8 ||
+         (format_chunk.bitsPerSample != 1 && format_chunk.bitsPerSample != 8) ||
+         format_chunk.numChannels < 1 || format_chunk.numChannels > 6 ||
+         format_chunk.chanType < 1 || format_chunk.chanType > NUM_CHAN_TYPES) {
diff --git a/wavpack.spec b/wavpack.spec
index 63dc0de..2678887 100644
--- a/wavpack.spec
+++ b/wavpack.spec
@@ -1,15 +1,16 @@
 Name:		wavpack
 Summary:	A completely open audiocodec
 Version:	5.4.0
-Release:	4%{?dist}
+Release:	5%{?dist}
 License:	BSD
 Url:		http://www.wavpack.com/
 Source:		http://www.wavpack.com/%{name}-%{version}.tar.bz2
+Patch1:		wavpack-0001-issue-110-sanitize-DSD-file-types-for-invalid-length.patch
 # For autoreconf
-BuildRequires: make
 BuildRequires:  autoconf
 BuildRequires:  automake
 BuildRequires:  libtool
+BuildRequires:  make
 
 %description
 WavPack is a completely open audio compression format providing lossless,
@@ -66,6 +67,9 @@ rm -f %{buildroot}/%{_libdir}/*.la
 %doc ChangeLog doc/WavPack5PortingGuide.pdf doc/WavPack5LibraryDoc.pdf doc/WavPack5FileFormat.pdf
 
 %changelog
+* Wed Apr  6 2022 Peter Lemenkov <lemenkov@gmail.com> - 5.4.0-5
+- Fix for CVE-2021-44269
+
 * Sat Jan 22 2022 Fedora Release Engineering <releng@fedoraproject.org> - 5.4.0-4
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild