import wavpack-5.1.0-15.el8
This commit is contained in:
parent
c7cd95e7a5
commit
bb906cd3da
|
@ -0,0 +1,12 @@
|
|||
diff --git a/cli/wave64.c b/cli/wave64.c
|
||||
index 7beffe6..59548b1 100644
|
||||
--- a/cli/wave64.c
|
||||
+++ b/cli/wave64.c
|
||||
@@ -56,6 +56,7 @@ int ParseWave64HeaderConfig (FILE *infile, char *infilename, char *fourcc, Wavpa
|
||||
int format_chunk = 0;
|
||||
uint32_t bcount;
|
||||
|
||||
+ CLEAR (WaveHeader);
|
||||
infilesize = DoGetFileSize (infile);
|
||||
memcpy (&filehdr, fourcc, 4);
|
||||
|
|
@ -0,0 +1,16 @@
|
|||
diff --git a/src/pack_utils.c b/src/pack_utils.c
|
||||
index 2253f0d..2a83497 100644
|
||||
--- a/src/pack_utils.c
|
||||
+++ b/src/pack_utils.c
|
||||
@@ -195,6 +195,11 @@ int WavpackSetConfiguration64 (WavpackContext *wpc, WavpackConfig *config, int64
|
||||
int num_chans = config->num_channels;
|
||||
int i;
|
||||
|
||||
+ if (!config->sample_rate) {
|
||||
+ strcpy (wpc->error_message, "sample rate cannot be zero!");
|
||||
+ return FALSE;
|
||||
+ }
|
||||
+
|
||||
wpc->stream_version = (config->flags & CONFIG_COMPATIBLE_WRITE) ? CUR_STREAM_VERS : MAX_STREAM_VERS;
|
||||
|
||||
if ((config->qmode & QMODE_DSD_AUDIO) && config->bytes_per_sample == 1 && config->bits_per_sample == 8) {
|
|
@ -0,0 +1,39 @@
|
|||
diff --git a/cli/dsdiff.c b/cli/dsdiff.c
|
||||
index 410dc1c..a592fdc 100644
|
||||
--- a/cli/dsdiff.c
|
||||
+++ b/cli/dsdiff.c
|
||||
@@ -170,8 +170,8 @@ int ParseDsdiffHeaderConfig (FILE *infile, char *infilename, char *fourcc, Wavpa
|
||||
|
||||
if (!strncmp (prop_chunk, "SND ", 4)) {
|
||||
char *cptr = prop_chunk + 4, *eptr = prop_chunk + dff_chunk_header.ckDataSize;
|
||||
- uint16_t numChannels, chansSpecified, chanMask = 0;
|
||||
- uint32_t sampleRate;
|
||||
+ uint16_t numChannels = 0, chansSpecified, chanMask = 0;
|
||||
+ uint32_t sampleRate = 0;
|
||||
|
||||
while (eptr - cptr >= sizeof (dff_chunk_header)) {
|
||||
memcpy (&dff_chunk_header, cptr, sizeof (dff_chunk_header));
|
||||
@@ -194,6 +194,12 @@ int ParseDsdiffHeaderConfig (FILE *infile, char *infilename, char *fourcc, Wavpa
|
||||
|
||||
chansSpecified = (int)(dff_chunk_header.ckDataSize - sizeof (numChannels)) / 4;
|
||||
|
||||
+ if (numChannels < chansSpecified || numChannels < 1 || numChannels > 256) {
|
||||
+ error_line ("%s is not a valid .DFF file!", infilename);
|
||||
+ free (prop_chunk);
|
||||
+ return WAVPACK_SOFT_ERROR;
|
||||
+ }
|
||||
+
|
||||
while (chansSpecified--) {
|
||||
if (!strncmp (cptr, "SLFT", 4) || !strncmp (cptr, "MLFT", 4))
|
||||
chanMask |= 0x1;
|
||||
@@ -263,6 +269,10 @@ int ParseDsdiffHeaderConfig (FILE *infile, char *infilename, char *fourcc, Wavpa
|
||||
free (prop_chunk);
|
||||
}
|
||||
else if (!strncmp (dff_chunk_header.ckID, "DSD ", 4)) {
|
||||
+ if (!config->num_channels || !config->sample_rate) {
|
||||
+ error_line ("%s is not a valid .DFF file!", infilename);
|
||||
+ return WAVPACK_SOFT_ERROR;
|
||||
+ }
|
||||
total_samples = dff_chunk_header.ckDataSize / config->num_channels;
|
||||
break;
|
||||
}
|
|
@ -0,0 +1,30 @@
|
|||
diff --git a/cli/caff.c b/cli/caff.c
|
||||
index 2a5e2d9..a35da74 100644
|
||||
--- a/cli/caff.c
|
||||
+++ b/cli/caff.c
|
||||
@@ -152,7 +152,7 @@ static struct {
|
||||
|
||||
int ParseCaffHeaderConfig (FILE *infile, char *infilename, char *fourcc, WavpackContext *wpc, WavpackConfig *config)
|
||||
{
|
||||
- uint32_t chan_chunk = 0, channel_layout = 0, bcount;
|
||||
+ uint32_t chan_chunk = 0, desc_chunk = 0, channel_layout = 0, bcount;
|
||||
unsigned char *channel_identities = NULL;
|
||||
unsigned char *channel_reorder = NULL;
|
||||
int64_t total_samples = 0, infilesize;
|
||||
@@ -218,6 +218,7 @@ int ParseCaffHeaderConfig (FILE *infile, char *infilename, char *fourcc, Wavpack
|
||||
}
|
||||
|
||||
WavpackBigEndianToNative (&caf_audio_format, CAFAudioFormatFormat);
|
||||
+ desc_chunk = 1;
|
||||
|
||||
if (debug_logging_mode) {
|
||||
char formatstr [5];
|
||||
@@ -458,7 +459,7 @@ int ParseCaffHeaderConfig (FILE *infile, char *infilename, char *fourcc, Wavpack
|
||||
else if (!strncmp (caf_chunk_header.mChunkType, "data", 4)) { // on the data chunk, get size and exit loop
|
||||
uint32_t mEditCount;
|
||||
|
||||
- if (!DoReadFile (infile, &mEditCount, sizeof (mEditCount), &bcount) ||
|
||||
+ if (!desc_chunk || !DoReadFile (infile, &mEditCount, sizeof (mEditCount), &bcount) ||
|
||||
bcount != sizeof (mEditCount)) {
|
||||
error_line ("%s is not a valid .CAF file!", infilename);
|
||||
return WAVPACK_SOFT_ERROR;
|
|
@ -0,0 +1,20 @@
|
|||
diff --git a/src/open_utils.c b/src/open_utils.c
|
||||
index 80051fc..4fe0d67 100644
|
||||
--- a/src/open_utils.c
|
||||
+++ b/src/open_utils.c
|
||||
@@ -1258,13 +1258,13 @@ int WavpackVerifySingleBlock (unsigned char *buffer, int verify_checksum)
|
||||
#endif
|
||||
|
||||
if (meta_bc == 4) {
|
||||
- if (*dp++ != (csum & 0xff) || *dp++ != ((csum >> 8) & 0xff) || *dp++ != ((csum >> 16) & 0xff) || *dp++ != ((csum >> 24) & 0xff))
|
||||
+ if (*dp != (csum & 0xff) || dp[1] != ((csum >> 8) & 0xff) || dp[2] != ((csum >> 16) & 0xff) || dp[3] != ((csum >> 24) & 0xff))
|
||||
return FALSE;
|
||||
}
|
||||
else {
|
||||
csum ^= csum >> 16;
|
||||
|
||||
- if (*dp++ != (csum & 0xff) || *dp++ != ((csum >> 8) & 0xff))
|
||||
+ if (*dp != (csum & 0xff) || dp[1] != ((csum >> 8) & 0xff))
|
||||
return FALSE;
|
||||
}
|
||||
|
|
@ -1,7 +1,7 @@
|
|||
Name: wavpack
|
||||
Summary: A completely open audiocodec
|
||||
Version: 5.1.0
|
||||
Release: 9%{?dist}
|
||||
Release: 15%{?dist}
|
||||
License: BSD
|
||||
Group: Applications/Multimedia
|
||||
Url: http://www.wavpack.com/
|
||||
|
@ -11,6 +11,11 @@ Patch2: wavpack-0002-issue-28-do-not-overwrite-heap-on-corrupt-DSDIFF-fil.patch
|
|||
Patch3: wavpack-0003-issue-28-fix-buffer-overflows-and-bad-allocs-on-corr.patch
|
||||
Patch4: wavpack-0004-issue-33-sanitize-size-of-unknown-chunks-before-mall.patch
|
||||
Patch5: wavpack-0005-issue-30-issue-31-issue-32-no-multiple-format-chunks.patch
|
||||
Patch6: wavpack-0006-issue-68-clear-WaveHeader-at-start-to-prevent-uninit.patch
|
||||
Patch7: wavpack-0007-issue-53-error-out-on-zero-sample-rate.patch
|
||||
Patch8: wavpack-0008-issue-65-67-fortify-dsdiff-file-parsing.patch
|
||||
Patch9: wavpack-0009-issue-66-make-sure-CAF-files-have-a-desc-chunk.patch
|
||||
Patch10: wavpack-0010-issue-54-fix-potential-out-of-bounds-heap-read.patch
|
||||
# For autoreconf
|
||||
BuildRequires: autoconf
|
||||
BuildRequires: automake
|
||||
|
@ -65,6 +70,30 @@ rm -f %{buildroot}/%{_libdir}/*.la
|
|||
%doc ChangeLog README
|
||||
|
||||
%changelog
|
||||
* Fri Oct 04 2019 Tomas Korbar <tkorbar@redhat.com> - 5.1.0-15
|
||||
- fix Out-of-bounds read in WavpackVerifySingleBlock function (#1663151)
|
||||
- CVE-2018-19841
|
||||
|
||||
* Thu Oct 03 2019 Tomas Korbar <tkorbar@redhat.com> - 5.1.0-14
|
||||
- fix uninitialized variable in ParseCaffHeaderConfig (#1741251)
|
||||
- CVE-2019-1010317
|
||||
|
||||
* Thu Oct 03 2019 Tomas Korbar <tkorbar@redhat.com> - 5.1.0-13
|
||||
- fortify parsing of .dff files (#1707428, #1733627)
|
||||
- CVE-2019-1010315
|
||||
- CVE-2019-11498
|
||||
|
||||
* Thu Oct 03 2019 Tomas Korbar <tkorbar@redhat.com> - 5.1.0-12
|
||||
- fix possible infinite loop in WavpackPackInit function (#1663154)
|
||||
- CVE-2018-19840
|
||||
|
||||
* Tue Oct 01 2019 Tomas Korbar <tkorbar@redhat.com> - 5.1.0-11
|
||||
- Fix issues with gating
|
||||
|
||||
* Mon Sep 30 2019 Tomas Korbar <tkorbar@redhat.com> - 5.1.0-10
|
||||
- fix uninitialized variable in ParseWave64HeaderConfig (#1741200)
|
||||
- CVE-2019-1010319
|
||||
|
||||
* Thu Sep 20 2018 Miroslav Lichvar <mlichvar@redhat.com> - 5.1.0-9
|
||||
- Disable assembly optimizations to avoid gaps in annobin coverage (#1630638)
|
||||
|
||||
|
|
Loading…
Reference in New Issue