rpms
/
wavpack
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Compare commits

base: rpms:imports/c9/wavpack-5.4.0-4.el9
Branches Tags
rpms:c8
rpms:c9s
rpms:c9
rpms:c9-beta
rpms:c8-beta
rpms:c8s
rpms:imports/c9/wavpack-5.4.0-5.el9
rpms:imports/c8/wavpack-5.1.0-16.el8
rpms:imports/c9-beta/wavpack-5.4.0-5.el9
rpms:imports/c8-beta/wavpack-5.1.0-16.el8
rpms:imports/c8s/wavpack-5.1.0-16.el8
rpms:imports/c9/wavpack-5.4.0-4.el9
rpms:imports/c9-beta/wavpack-5.4.0-4.el9
rpms:imports/c8-beta/wavpack-5.1.0-15.el8
rpms:imports/c8-beta/wavpack-5.1.0-9.el8
rpms:imports/c8s/wavpack-5.1.0-15.el8
rpms:imports/c8/wavpack-5.1.0-15.el8
rpms:imports/c8/wavpack-5.1.0-9.el8
...
compare: rpms:c8
Branches Tags
rpms:c9s
rpms:c9
rpms:c8
rpms:c9-beta
rpms:c8-beta
rpms:c8s
rpms:imports/c9/wavpack-5.4.0-5.el9
rpms:imports/c8/wavpack-5.1.0-16.el8
rpms:imports/c9-beta/wavpack-5.4.0-5.el9
rpms:imports/c8-beta/wavpack-5.1.0-16.el8
rpms:imports/c8s/wavpack-5.1.0-16.el8
rpms:imports/c9/wavpack-5.4.0-4.el9
rpms:imports/c9-beta/wavpack-5.4.0-4.el9
rpms:imports/c8-beta/wavpack-5.1.0-15.el8
rpms:imports/c8-beta/wavpack-5.1.0-9.el8
rpms:imports/c8s/wavpack-5.1.0-15.el8
rpms:imports/c8/wavpack-5.1.0-15.el8
rpms:imports/c8/wavpack-5.1.0-9.el8

No commits in common. "imports/c9/wavpack-5.4.0-4.el9" and "c8" have entirely different histories.
imports/c9 ... c8

14 changed files with 535 additions and 60 deletions
Show Stats Expand all files Collapse all files

2
.gitignore vendored
View File

@ -1 +1 @@
SOURCES/wavpack-5.4.0.tar.bz2
SOURCES/wavpack-5.1.0.tar.bz2

2
.wavpack.metadata
View File

@ -1 +1 @@
99fe66d518a69998a02dd7fd8d0c9bb93f663762 SOURCES/wavpack-5.4.0.tar.bz2
ed96443e3fc915128e1002a0f9f2c7ae9bcdc09b SOURCES/wavpack-5.1.0.tar.bz2

108
SOURCES/wavpack-0001-issue-27-do-not-overwrite-stack-on-corrupt-RF64-file.patch Normal file
View File

@ -0,0 +1,108 @@
From: David Bryant <david@wavpack.com>
Date: Sun, 4 Feb 2018 11:28:15 -0800
Subject: [PATCH] issue #27, do not overwrite stack on corrupt RF64 file
diff --git a/cli/riff.c b/cli/riff.c
index 8b1af45..de98c1e 100644
--- a/cli/riff.c
+++ b/cli/riff.c
@@ -42,6 +42,7 @@ typedef struct {
#pragma pack(pop)
+#define CS64ChunkFormat "4D"
#define DS64ChunkFormat "DDDL"
#define WAVPACK_NO_ERROR 0
@@ -101,13 +102,13 @@ int ParseRiffHeaderConfig (FILE *infile, char *infilename, char *fourcc, Wavpack
if (!strncmp (chunk_header.ckID, "ds64", 4)) {
if (chunk_header.ckSize < sizeof (DS64Chunk) ||
- !DoReadFile (infile, &ds64_chunk, chunk_header.ckSize, &bcount) ||
- bcount != chunk_header.ckSize) {
+ !DoReadFile (infile, &ds64_chunk, sizeof (DS64Chunk), &bcount) ||
+ bcount != sizeof (DS64Chunk)) {
error_line ("%s is not a valid .WAV file!", infilename);
return WAVPACK_SOFT_ERROR;
}
else if (!(config->qmode & QMODE_NO_STORE_WRAPPER) &&
- !WavpackAddWrapper (wpc, &ds64_chunk, chunk_header.ckSize)) {
+ !WavpackAddWrapper (wpc, &ds64_chunk, sizeof (DS64Chunk))) {
error_line ("%s", WavpackGetErrorMessage (wpc));
return WAVPACK_SOFT_ERROR;
}
@@ -315,10 +316,11 @@ int ParseRiffHeaderConfig (FILE *infile, char *infilename, char *fourcc, Wavpack
int WriteRiffHeader (FILE *outfile, WavpackContext *wpc, int64_t total_samples, int qmode)
{
- int do_rf64 = 0, write_junk = 1;
+ int do_rf64 = 0, write_junk = 1, table_length = 0;
ChunkHeader ds64hdr, datahdr, fmthdr;
RiffChunkHeader riffhdr;
DS64Chunk ds64_chunk;
+ CS64Chunk cs64_chunk;
JunkChunk junkchunk;
WaveHeader wavhdr;
uint32_t bcount;
@@ -380,6 +382,7 @@ int WriteRiffHeader (FILE *outfile, WavpackContext *wpc, int64_t total_samples,
strncpy (riffhdr.formType, "WAVE", sizeof (riffhdr.formType));
total_riff_bytes = sizeof (riffhdr) + wavhdrsize + sizeof (datahdr) + ((total_data_bytes + 1) & ~(int64_t)1);
if (do_rf64) total_riff_bytes += sizeof (ds64hdr) + sizeof (ds64_chunk);
+ total_riff_bytes += table_length * sizeof (CS64Chunk);
if (write_junk) total_riff_bytes += sizeof (junkchunk);
strncpy (fmthdr.ckID, "fmt ", sizeof (fmthdr.ckID));
strncpy (datahdr.ckID, "data", sizeof (datahdr.ckID));
@@ -394,11 +397,12 @@ int WriteRiffHeader (FILE *outfile, WavpackContext *wpc, int64_t total_samples,
if (do_rf64) {
strncpy (ds64hdr.ckID, "ds64", sizeof (ds64hdr.ckID));
- ds64hdr.ckSize = sizeof (ds64_chunk);
+ ds64hdr.ckSize = sizeof (ds64_chunk) + (table_length * sizeof (CS64Chunk));
CLEAR (ds64_chunk);
ds64_chunk.riffSize64 = total_riff_bytes;
ds64_chunk.dataSize64 = total_data_bytes;
ds64_chunk.sampleCount64 = total_samples;
+ ds64_chunk.tableLength = table_length;
riffhdr.ckSize = (uint32_t) -1;
datahdr.ckSize = (uint32_t) -1;
WavpackNativeToLittleEndian (&ds64hdr, ChunkHeaderFormat);
@@ -409,6 +413,14 @@ int WriteRiffHeader (FILE *outfile, WavpackContext *wpc, int64_t total_samples,
datahdr.ckSize = (uint32_t) total_data_bytes;
}
+ // this "table" is just a dummy placeholder for testing (normally not written)
+
+ if (table_length) {
+ strncpy (cs64_chunk.ckID, "dmmy", sizeof (cs64_chunk.ckID));
+ cs64_chunk.chunkSize64 = 12345678;
+ WavpackNativeToLittleEndian (&cs64_chunk, CS64ChunkFormat);
+ }
+
// write the RIFF chunks up to just before the data starts
WavpackNativeToLittleEndian (&riffhdr, ChunkHeaderFormat);
@@ -418,8 +430,21 @@ int WriteRiffHeader (FILE *outfile, WavpackContext *wpc, int64_t total_samples,
if (!DoWriteFile (outfile, &riffhdr, sizeof (riffhdr), &bcount) || bcount != sizeof (riffhdr) ||
(do_rf64 && (!DoWriteFile (outfile, &ds64hdr, sizeof (ds64hdr), &bcount) || bcount != sizeof (ds64hdr))) ||
- (do_rf64 && (!DoWriteFile (outfile, &ds64_chunk, sizeof (ds64_chunk), &bcount) || bcount != sizeof (ds64_chunk))) ||
- (write_junk && (!DoWriteFile (outfile, &junkchunk, sizeof (junkchunk), &bcount) || bcount != sizeof (junkchunk))) ||
+ (do_rf64 && (!DoWriteFile (outfile, &ds64_chunk, sizeof (ds64_chunk), &bcount) || bcount != sizeof (ds64_chunk)))) {
+ error_line ("can't write .WAV data, disk probably full!");
+ return FALSE;
+ }
+
+ // again, this is normally not written except for testing
+
+ while (table_length--)
+ if (!DoWriteFile (outfile, &cs64_chunk, sizeof (cs64_chunk), &bcount) || bcount != sizeof (cs64_chunk)) {
+ error_line ("can't write .WAV data, disk probably full!");
+ return FALSE;
+ }
+
+
+ if ((write_junk && (!DoWriteFile (outfile, &junkchunk, sizeof (junkchunk), &bcount) || bcount != sizeof (junkchunk))) ||
!DoWriteFile (outfile, &fmthdr, sizeof (fmthdr), &bcount) || bcount != sizeof (fmthdr) ||
!DoWriteFile (outfile, &wavhdr, wavhdrsize, &bcount) || bcount != wavhdrsize ||
!DoWriteFile (outfile, &datahdr, sizeof (datahdr), &bcount) || bcount != sizeof (datahdr)) {

28
SOURCES/wavpack-0002-issue-28-do-not-overwrite-heap-on-corrupt-DSDIFF-fil.patch Normal file
View File

@ -0,0 +1,28 @@
From: David Bryant <david@wavpack.com>
Date: Sat, 10 Feb 2018 16:01:39 -0800
Subject: [PATCH] issue #28, do not overwrite heap on corrupt DSDIFF file
diff --git a/cli/dsdiff.c b/cli/dsdiff.c
index 410dc1c..c016df9 100644
--- a/cli/dsdiff.c
+++ b/cli/dsdiff.c
@@ -153,7 +153,17 @@ int ParseDsdiffHeaderConfig (FILE *infile, char *infilename, char *fourcc, Wavpa
error_line ("dsdiff file version = 0x%08x", version);
}
else if (!strncmp (dff_chunk_header.ckID, "PROP", 4)) {
- char *prop_chunk = malloc ((size_t) dff_chunk_header.ckDataSize);
+ char *prop_chunk;
+
+ if (dff_chunk_header.ckDataSize < 4 || dff_chunk_header.ckDataSize > 1024) {
+ error_line ("%s is not a valid .DFF file!", infilename);
+ return WAVPACK_SOFT_ERROR;
+ }
+
+ if (debug_logging_mode)
+ error_line ("got PROP chunk of %d bytes total", (int) dff_chunk_header.ckDataSize);
+
+ prop_chunk = malloc ((size_t) dff_chunk_header.ckDataSize);
if (!DoReadFile (infile, prop_chunk, (uint32_t) dff_chunk_header.ckDataSize, &bcount) ||
bcount != dff_chunk_header.ckDataSize) {

62
SOURCES/wavpack-0003-issue-28-fix-buffer-overflows-and-bad-allocs-on-corr.patch Normal file
View File

@ -0,0 +1,62 @@
From: David Bryant <david@wavpack.com>
Date: Sun, 11 Feb 2018 16:37:47 -0800
Subject: [PATCH] issue #28, fix buffer overflows and bad allocs on corrupt CAF
files
diff --git a/cli/caff.c b/cli/caff.c
index ae57c4b..6248a71 100644
--- a/cli/caff.c
+++ b/cli/caff.c
@@ -89,8 +89,8 @@ typedef struct
#define CAFChannelDescriptionFormat "LLLLL"
-static const char TMH_full [] = { 1,2,3,13,9,10,5,6,12,14,15,16,17,9,4,18,7,8,19,20,21 };
-static const char TMH_std [] = { 1,2,3,11,8,9,5,6,10,12,13,14,15,7,4,16 };
+static const char TMH_full [] = { 1,2,3,13,9,10,5,6,12,14,15,16,17,9,4,18,7,8,19,20,21,0 };
+static const char TMH_std [] = { 1,2,3,11,8,9,5,6,10,12,13,14,15,7,4,16,0 };
static struct {
uint32_t mChannelLayoutTag; // Core Audio layout, 100 - 146 in high word, num channels in low word
@@ -274,10 +274,19 @@ int ParseCaffHeaderConfig (FILE *infile, char *infilename, char *fourcc, Wavpack
}
}
else if (!strncmp (caf_chunk_header.mChunkType, "chan", 4)) {
- CAFChannelLayout *caf_channel_layout = malloc ((size_t) caf_chunk_header.mChunkSize);
+ CAFChannelLayout *caf_channel_layout;
- if (caf_chunk_header.mChunkSize < sizeof (CAFChannelLayout) ||
- !DoReadFile (infile, caf_channel_layout, (uint32_t) caf_chunk_header.mChunkSize, &bcount) ||
+ if (caf_chunk_header.mChunkSize < sizeof (CAFChannelLayout) || caf_chunk_header.mChunkSize > 1024) {
+ error_line ("this .CAF file has an invalid 'chan' chunk!");
+ return WAVPACK_SOFT_ERROR;
+ }
+
+ if (debug_logging_mode)
+ error_line ("'chan' chunk is %d bytes", (int) caf_chunk_header.mChunkSize);
+
+ caf_channel_layout = malloc ((size_t) caf_chunk_header.mChunkSize);
+
+ if (!DoReadFile (infile, caf_channel_layout, (uint32_t) caf_chunk_header.mChunkSize, &bcount) ||
bcount != caf_chunk_header.mChunkSize) {
error_line ("%s is not a valid .CAF file!", infilename);
free (caf_channel_layout);
@@ -495,8 +504,15 @@ int ParseCaffHeaderConfig (FILE *infile, char *infilename, char *fourcc, Wavpack
}
else { // just copy unknown chunks to output file
- int bytes_to_copy = (uint32_t) caf_chunk_header.mChunkSize;
- char *buff = malloc (bytes_to_copy);
+ uint32_t bytes_to_copy = (uint32_t) caf_chunk_header.mChunkSize;
+ char *buff;
+
+ if (caf_chunk_header.mChunkSize < 0 || caf_chunk_header.mChunkSize > 1048576) {
+ error_line ("%s is not a valid .CAF file!", infilename);
+ return WAVPACK_SOFT_ERROR;
+ }
+
+ buff = malloc (bytes_to_copy);
if (debug_logging_mode)
error_line ("extra unknown chunk \"%c%c%c%c\" of %d bytes",

75
SOURCES/wavpack-0004-issue-33-sanitize-size-of-unknown-chunks-before-mall.patch Normal file
View File

@ -0,0 +1,75 @@
From 6f8bb34c2993a48ab9afbe353e6d0cff7c8d821d Mon Sep 17 00:00:00 2001
From: David Bryant <david@wavpack.com>
Date: Tue, 24 Apr 2018 17:27:01 -0700
Subject: [PATCH 1/2] issue #33, sanitize size of unknown chunks before
malloc()
---
cli/dsdiff.c | 9 ++++++++-
cli/riff.c | 9 ++++++++-
cli/wave64.c | 9 ++++++++-
3 files changed, 24 insertions(+), 3 deletions(-)
diff --git a/cli/dsdiff.c b/cli/dsdiff.c
index c016df9..fa56bbb 100644
--- a/cli/dsdiff.c
+++ b/cli/dsdiff.c
@@ -279,7 +279,14 @@ int ParseDsdiffHeaderConfig (FILE *infile, char *infilename, char *fourcc, Wavpa
else { // just copy unknown chunks to output file
int bytes_to_copy = (int)(((dff_chunk_header.ckDataSize) + 1) & ~(int64_t)1);
- char *buff = malloc (bytes_to_copy);
+ char *buff;
+
+ if (bytes_to_copy < 0 || bytes_to_copy > 4194304) {
+ error_line ("%s is not a valid .DFF file!", infilename);
+ return WAVPACK_SOFT_ERROR;
+ }
+
+ buff = malloc (bytes_to_copy);
if (debug_logging_mode)
error_line ("extra unknown chunk \"%c%c%c%c\" of %d bytes",
diff --git a/cli/riff.c b/cli/riff.c
index de98c1e..7bddf63 100644
--- a/cli/riff.c
+++ b/cli/riff.c
@@ -286,7 +286,14 @@ int ParseRiffHeaderConfig (FILE *infile, char *infilename, char *fourcc, Wavpack
else { // just copy unknown chunks to output file
int bytes_to_copy = (chunk_header.ckSize + 1) & ~1L;
- char *buff = malloc (bytes_to_copy);
+ char *buff;
+
+ if (bytes_to_copy < 0 || bytes_to_copy > 4194304) {
+ error_line ("%s is not a valid .WAV file!", infilename);
+ return WAVPACK_SOFT_ERROR;
+ }
+
+ buff = malloc (bytes_to_copy);
if (debug_logging_mode)
error_line ("extra unknown chunk \"%c%c%c%c\" of %d bytes",
diff --git a/cli/wave64.c b/cli/wave64.c
index 591d640..fa928a0 100644
--- a/cli/wave64.c
+++ b/cli/wave64.c
@@ -241,7 +241,14 @@ int ParseWave64HeaderConfig (FILE *infile, char *infilename, char *fourcc, Wavpa
}
else { // just copy unknown chunks to output file
int bytes_to_copy = (chunk_header.ckSize + 7) & ~7L;
- char *buff = malloc (bytes_to_copy);
+ char *buff;
+
+ if (bytes_to_copy < 0 || bytes_to_copy > 4194304) {
+ error_line ("%s is not a valid .W64 file!", infilename);
+ return WAVPACK_SOFT_ERROR;
+ }
+
+ buff = malloc (bytes_to_copy);
if (debug_logging_mode)
error_line ("extra unknown chunk \"%c%c%c%c\" of %d bytes",
--
2.14.3

63
SOURCES/wavpack-0005-issue-30-issue-31-issue-32-no-multiple-format-chunks.patch Normal file
View File

@ -0,0 +1,63 @@
From 26cb47f99d481ad9b93eeff80d26e6b63bbd7e15 Mon Sep 17 00:00:00 2001
From: David Bryant <david@wavpack.com>
Date: Tue, 24 Apr 2018 22:18:07 -0700
Subject: [PATCH 2/2] issue #30 issue #31 issue #32: no multiple format chunks
in WAV or W64
---
cli/riff.c | 7 ++++++-
cli/wave64.c | 6 ++++++
2 files changed, 12 insertions(+), 1 deletion(-)
diff --git a/cli/riff.c b/cli/riff.c
index 7bddf63..5d6452e 100644
--- a/cli/riff.c
+++ b/cli/riff.c
@@ -53,7 +53,7 @@ extern int debug_logging_mode;
int ParseRiffHeaderConfig (FILE *infile, char *infilename, char *fourcc, WavpackContext *wpc, WavpackConfig *config)
{
- int is_rf64 = !strncmp (fourcc, "RF64", 4), got_ds64 = 0;
+ int is_rf64 = !strncmp (fourcc, "RF64", 4), got_ds64 = 0, format_chunk = 0;
int64_t total_samples = 0, infilesize;
RiffChunkHeader riff_chunk_header;
ChunkHeader chunk_header;
@@ -140,6 +140,11 @@ int ParseRiffHeaderConfig (FILE *infile, char *infilename, char *fourcc, Wavpack
else if (!strncmp (chunk_header.ckID, "fmt ", 4)) { // if it's the format chunk, we want to get some info out of there and
int supported = TRUE, format; // make sure it's a .wav file we can handle
+ if (format_chunk++) {
+ error_line ("%s is not a valid .WAV file!", infilename);
+ return WAVPACK_SOFT_ERROR;
+ }
+
if (chunk_header.ckSize < 16 || chunk_header.ckSize > sizeof (WaveHeader) ||
!DoReadFile (infile, &WaveHeader, chunk_header.ckSize, &bcount) ||
bcount != chunk_header.ckSize) {
diff --git a/cli/wave64.c b/cli/wave64.c
index fa928a0..0388dc7 100644
--- a/cli/wave64.c
+++ b/cli/wave64.c
@@ -53,6 +53,7 @@ int ParseWave64HeaderConfig (FILE *infile, char *infilename, char *fourcc, Wavpa
Wave64ChunkHeader chunk_header;
Wave64FileHeader filehdr;
WaveHeader WaveHeader;
+ int format_chunk = 0;
uint32_t bcount;
infilesize = DoGetFileSize (infile);
@@ -104,6 +105,11 @@ int ParseWave64HeaderConfig (FILE *infile, char *infilename, char *fourcc, Wavpa
if (!memcmp (chunk_header.ckID, fmt_guid, sizeof (fmt_guid))) {
int supported = TRUE, format;
+ if (format_chunk++) {
+ error_line ("%s is not a valid .W64 file!", infilename);
+ return WAVPACK_SOFT_ERROR;
+ }
+
chunk_header.ckSize = (chunk_header.ckSize + 7) & ~7L;
if (chunk_header.ckSize < 16 || chunk_header.ckSize > sizeof (WaveHeader) ||
--
2.14.3

12
SOURCES/wavpack-0006-issue-68-clear-WaveHeader-at-start-to-prevent-uninit.patch Normal file
View File

@ -0,0 +1,12 @@
diff --git a/cli/wave64.c b/cli/wave64.c
index 7beffe6..59548b1 100644
--- a/cli/wave64.c
+++ b/cli/wave64.c
@@ -56,6 +56,7 @@ int ParseWave64HeaderConfig (FILE *infile, char *infilename, char *fourcc, Wavpa
int format_chunk = 0;
uint32_t bcount;
+ CLEAR (WaveHeader);
infilesize = DoGetFileSize (infile);
memcpy (&filehdr, fourcc, 4);

16
SOURCES/wavpack-0007-issue-53-error-out-on-zero-sample-rate.patch Normal file
View File

@ -0,0 +1,16 @@
diff --git a/src/pack_utils.c b/src/pack_utils.c
index 2253f0d..2a83497 100644
--- a/src/pack_utils.c
+++ b/src/pack_utils.c
@@ -195,6 +195,11 @@ int WavpackSetConfiguration64 (WavpackContext *wpc, WavpackConfig *config, int64
int num_chans = config->num_channels;
int i;
+ if (!config->sample_rate) {
+ strcpy (wpc->error_message, "sample rate cannot be zero!");
+ return FALSE;
+ }
+
wpc->stream_version = (config->flags & CONFIG_COMPATIBLE_WRITE) ? CUR_STREAM_VERS : MAX_STREAM_VERS;
if ((config->qmode & QMODE_DSD_AUDIO) && config->bytes_per_sample == 1 && config->bits_per_sample == 8) {

39
SOURCES/wavpack-0008-issue-65-67-fortify-dsdiff-file-parsing.patch Normal file
View File

@ -0,0 +1,39 @@
diff --git a/cli/dsdiff.c b/cli/dsdiff.c
index 410dc1c..a592fdc 100644
--- a/cli/dsdiff.c
+++ b/cli/dsdiff.c
@@ -170,8 +170,8 @@ int ParseDsdiffHeaderConfig (FILE *infile, char *infilename, char *fourcc, Wavpa
if (!strncmp (prop_chunk, "SND ", 4)) {
char *cptr = prop_chunk + 4, *eptr = prop_chunk + dff_chunk_header.ckDataSize;
- uint16_t numChannels, chansSpecified, chanMask = 0;
- uint32_t sampleRate;
+ uint16_t numChannels = 0, chansSpecified, chanMask = 0;
+ uint32_t sampleRate = 0;
while (eptr - cptr >= sizeof (dff_chunk_header)) {
memcpy (&dff_chunk_header, cptr, sizeof (dff_chunk_header));
@@ -194,6 +194,12 @@ int ParseDsdiffHeaderConfig (FILE *infile, char *infilename, char *fourcc, Wavpa
chansSpecified = (int)(dff_chunk_header.ckDataSize - sizeof (numChannels)) / 4;
+ if (numChannels < chansSpecified || numChannels < 1 || numChannels > 256) {
+ error_line ("%s is not a valid .DFF file!", infilename);
+ free (prop_chunk);
+ return WAVPACK_SOFT_ERROR;
+ }
+
while (chansSpecified--) {
if (!strncmp (cptr, "SLFT", 4) || !strncmp (cptr, "MLFT", 4))
chanMask |= 0x1;
@@ -263,6 +269,10 @@ int ParseDsdiffHeaderConfig (FILE *infile, char *infilename, char *fourcc, Wavpa
free (prop_chunk);
}
else if (!strncmp (dff_chunk_header.ckID, "DSD ", 4)) {
+ if (!config->num_channels || !config->sample_rate) {
+ error_line ("%s is not a valid .DFF file!", infilename);
+ return WAVPACK_SOFT_ERROR;
+ }
total_samples = dff_chunk_header.ckDataSize / config->num_channels;
break;
}

30
SOURCES/wavpack-0009-issue-66-make-sure-CAF-files-have-a-desc-chunk.patch Normal file
View File

@ -0,0 +1,30 @@
diff --git a/cli/caff.c b/cli/caff.c
index 2a5e2d9..a35da74 100644
--- a/cli/caff.c
+++ b/cli/caff.c
@@ -152,7 +152,7 @@ static struct {
int ParseCaffHeaderConfig (FILE *infile, char *infilename, char *fourcc, WavpackContext *wpc, WavpackConfig *config)
{
- uint32_t chan_chunk = 0, channel_layout = 0, bcount;
+ uint32_t chan_chunk = 0, desc_chunk = 0, channel_layout = 0, bcount;
unsigned char *channel_identities = NULL;
unsigned char *channel_reorder = NULL;
int64_t total_samples = 0, infilesize;
@@ -218,6 +218,7 @@ int ParseCaffHeaderConfig (FILE *infile, char *infilename, char *fourcc, Wavpack
}
WavpackBigEndianToNative (&caf_audio_format, CAFAudioFormatFormat);
+ desc_chunk = 1;
if (debug_logging_mode) {
char formatstr [5];
@@ -458,7 +459,7 @@ int ParseCaffHeaderConfig (FILE *infile, char *infilename, char *fourcc, Wavpack
else if (!strncmp (caf_chunk_header.mChunkType, "data", 4)) { // on the data chunk, get size and exit loop
uint32_t mEditCount;
- if (!DoReadFile (infile, &mEditCount, sizeof (mEditCount), &bcount) ||
+ if (!desc_chunk || !DoReadFile (infile, &mEditCount, sizeof (mEditCount), &bcount) ||
bcount != sizeof (mEditCount)) {
error_line ("%s is not a valid .CAF file!", infilename);
return WAVPACK_SOFT_ERROR;

20
SOURCES/wavpack-0010-issue-54-fix-potential-out-of-bounds-heap-read.patch Normal file
View File

@ -0,0 +1,20 @@
diff --git a/src/open_utils.c b/src/open_utils.c
index 80051fc..4fe0d67 100644
--- a/src/open_utils.c
+++ b/src/open_utils.c
@@ -1258,13 +1258,13 @@ int WavpackVerifySingleBlock (unsigned char *buffer, int verify_checksum)
#endif
if (meta_bc == 4) {
- if (*dp++ != (csum & 0xff) || *dp++ != ((csum >> 8) & 0xff) || *dp++ != ((csum >> 16) & 0xff) || *dp++ != ((csum >> 24) & 0xff))
+ if (*dp != (csum & 0xff) || dp[1] != ((csum >> 8) & 0xff) || dp[2] != ((csum >> 16) & 0xff) || dp[3] != ((csum >> 24) & 0xff))
return FALSE;
}
else {
csum ^= csum >> 16;
- if (*dp++ != (csum & 0xff) || *dp++ != ((csum >> 8) & 0xff))
+ if (*dp != (csum & 0xff) || dp[1] != ((csum >> 8) & 0xff))
return FALSE;
}

35
SOURCES/wavpack-0011-issue-110-sanitize-DSD-file-types.patch Normal file
View File

@ -0,0 +1,35 @@
commit 3915cf88c0cf2cf9806d7323071c9b856b6dc52b
Author: Tomas Korbar <tkorbar@redhat.com>
Date: Tue May 17 18:11:33 2022 +0200
Fix CVE-2021-44269
diff --git a/cli/dsdiff.c b/cli/dsdiff.c
index 62d8a0c..fa69e32 100644
--- a/cli/dsdiff.c
+++ b/cli/dsdiff.c
@@ -284,6 +284,12 @@ int ParseDsdiffHeaderConfig (FILE *infile, char *infilename, char *fourcc, Wavpa
return WAVPACK_SOFT_ERROR;
}
total_samples = dff_chunk_header.ckDataSize / config->num_channels;
+
+ if (total_samples <= 0 || total_samples > MAX_WAVPACK_SAMPLES) {
+ error_line ("%s is not a valid .DFF file!", infilename);
+ return WAVPACK_SOFT_ERROR;
+ }
+
break;
}
else { // just copy unknown chunks to output file
diff --git a/cli/dsf.c b/cli/dsf.c
index cd82ae9..fd6b2a5 100644
--- a/cli/dsf.c
+++ b/cli/dsf.c
@@ -121,6 +121,7 @@ int ParseDsfHeaderConfig (FILE *infile, char *infilename, char *fourcc, WavpackC
if (format_chunk.ckSize != sizeof (DSFFormatChunk) || format_chunk.formatVersion != 1 ||
format_chunk.formatID != 0 || format_chunk.blockSize != DSF_BLOCKSIZE || format_chunk.reserved ||
+ format_chunk.sampleCount <= 0 || format_chunk.sampleCount > MAX_WAVPACK_SAMPLES * 8 ||
(format_chunk.bitsPerSample != 1 && format_chunk.bitsPerSample != 8) ||
format_chunk.chanType < 1 || format_chunk.chanType > NUM_CHAN_TYPES) {
error_line ("%s is not a valid .DSF file!", infilename);

103
SPECS/wavpack.spec
View File

@ -1,12 +1,24 @@
Name: wavpack
Summary: A completely open audiocodec
Version: 5.4.0
Release: 4%{?dist}
Version: 5.1.0
Release: 16%{?dist}
License: BSD
Group: Applications/Multimedia
Url: http://www.wavpack.com/
Source: http://www.wavpack.com/%{name}-%{version}.tar.bz2
Patch1: wavpack-0001-issue-27-do-not-overwrite-stack-on-corrupt-RF64-file.patch
Patch2: wavpack-0002-issue-28-do-not-overwrite-heap-on-corrupt-DSDIFF-fil.patch
Patch3: wavpack-0003-issue-28-fix-buffer-overflows-and-bad-allocs-on-corr.patch
Patch4: wavpack-0004-issue-33-sanitize-size-of-unknown-chunks-before-mall.patch
Patch5: wavpack-0005-issue-30-issue-31-issue-32-no-multiple-format-chunks.patch
Patch6: wavpack-0006-issue-68-clear-WaveHeader-at-start-to-prevent-uninit.patch
Patch7: wavpack-0007-issue-53-error-out-on-zero-sample-rate.patch
Patch8: wavpack-0008-issue-65-67-fortify-dsdiff-file-parsing.patch
Patch9: wavpack-0009-issue-66-make-sure-CAF-files-have-a-desc-chunk.patch
Patch10: wavpack-0010-issue-54-fix-potential-out-of-bounds-heap-read.patch
Patch11: wavpack-0011-issue-110-sanitize-DSD-file-types.patch
# For autoreconf
BuildRequires: make
BuildRequires: autoconf
BuildRequires: automake
BuildRequires: libtool
@ -20,6 +32,7 @@ performance and functionality.
%package devel
Summary: WavPack - development files
Group: Development/Libraries
Requires: %{name}%{?_isa} = %{version}-%{release}
Requires: pkgconfig
@ -31,20 +44,14 @@ Files needed for developing apps using wavpack
%build
autoreconf -ivf
# Debian and Buildroot recomendation:
# WavPack "autodetects" CPU type to enable ASM code. However, the assembly code
# for ARM is written for ARMv7 only and building WavPack for an ARM-non-v7
# architecture will fail.
# http://lists.busybox.net/pipermail/buildroot/2015-October/142117.html
# Disable assembly optimizations to avoid gaps in annobin coverage
%configure --disable-static \
%ifarch armv3l armv4b armv4l armv4tl armv5tel armv5tejl armv6l armv6hl
--disable-asm \
%endif
--disable-asm
make %{?_smp_mflags}
%install
%make_install
make DESTDIR=%{buildroot} install
rm -f %{buildroot}/%{_libdir}/*.la
%ldconfig_scriptlets
@ -55,66 +62,46 @@ rm -f %{buildroot}/%{_libdir}/*.la
%{_mandir}/man1/wavpack.1*
%{_mandir}/man1/wvgain.1*
%{_mandir}/man1/wvunpack.1*
%{_mandir}/man1/wvtag.1*
%doc AUTHORS doc/wavpack_doc.html
%license COPYING
%{_mandir}/man1/wvtag.1.*
%doc AUTHORS COPYING
%files devel
%{_includedir}/*
%{_libdir}/pkgconfig/*
%{_libdir}/libwavpack.so
%doc ChangeLog doc/WavPack5PortingGuide.pdf doc/WavPack5LibraryDoc.pdf doc/WavPack5FileFormat.pdf
%doc ChangeLog README
%changelog
* Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 5.4.0-4
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688
* Tue May 17 2022 Tomas Korbar <tkorbar@redhat.com> - 5.1.0-16
- CVE-2021-44269 wavpack: heap Out-of-bounds Read
- Resolves: CVE-2021-44269
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 5.4.0-3
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
* Fri Oct 04 2019 Tomas Korbar <tkorbar@redhat.com> - 5.1.0-15
- fix Out-of-bounds read in WavpackVerifySingleBlock function (#1663151)
- CVE-2018-19841
* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 5.4.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Thu Oct 03 2019 Tomas Korbar <tkorbar@redhat.com> - 5.1.0-14
- fix uninitialized variable in ParseCaffHeaderConfig (#1741251)
- CVE-2019-1010317
* Sun Jan 17 2021 Sérgio Basto <sergio@serjux.com> - 5.4.0-1
- Update wavpack to 5.4.0 (#1915740)
- Security fix for CVE-2020-35738
* Thu Oct 03 2019 Tomas Korbar <tkorbar@redhat.com> - 5.1.0-13
- fortify parsing of .dff files (#1707428, #1733627)
- CVE-2019-1010315
- CVE-2019-11498
* Wed Jul 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 5.3.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Thu Oct 03 2019 Tomas Korbar <tkorbar@redhat.com> - 5.1.0-12
- fix possible infinite loop in WavpackPackInit function (#1663154)
- CVE-2018-19840
* Sat Apr 18 2020 Peter Lemenkov <lemenkov@gmail.com> - 5.3.0-1
- Update to 5.3.0
* Tue Oct 01 2019 Tomas Korbar <tkorbar@redhat.com> - 5.1.0-11
- Fix issues with gating
* Fri Jan 31 2020 Fedora Release Engineering <releng@fedoraproject.org> - 5.2.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Mon Sep 30 2019 Tomas Korbar <tkorbar@redhat.com> - 5.1.0-10
- fix uninitialized variable in ParseWave64HeaderConfig (#1741200)
- CVE-2019-1010319
* Thu Jan 09 2020 Tomas Korbar <tkorbar@redhat.com> - 5.2.0-1
- Update to 5.2.0
* Mon Aug 19 2019 Tomas Korbar <tkorbar@redhat.com> - 5.1.0-16
- Fix for CVE-2019-1010317
* Mon Aug 19 2019 Tomas Korbar <tkorbar@redhat.com> - 5.1.0-15
- Fix for CVE-2019-1010319
* Sat Jul 27 2019 Fedora Release Engineering <releng@fedoraproject.org> - 5.1.0-14
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Fri May 17 2019 Peter Lemenkov <lemenkov@gmail.com> - 5.1.0-13
- Fix for CVE-2019-11498
* Wed Apr 10 2019 Peter Lemenkov <lemenkov@gmail.com> - 5.1.0-12
- Fix for CVE-2018-19840, CVE-2018-19841
* Thu Feb 28 2019 Sérgio Basto <sergio@serjux.com> - 5.1.0-11
- Make the manual pages decompression format agnostic
* Sun Feb 03 2019 Fedora Release Engineering <releng@fedoraproject.org> - 5.1.0-10
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Sat Jul 14 2018 Fedora Release Engineering <releng@fedoraproject.org> - 5.1.0-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Thu Sep 20 2018 Miroslav Lichvar <mlichvar@redhat.com> - 5.1.0-9
- Disable assembly optimizations to avoid gaps in annobin coverage (#1630638)
* Tue May 22 2018 Miroslav Lichvar <mlichvar@redhat.com> - 5.1.0-8
- Fix for CVE-2018-10536, CVE-2018-10537, CVE-2018-10538, CVE-2018-10539,