haikuprojects/haikuports
1
0
Fork 0
mirror of https://github.com/yann64/haikuports.git synced 2026-04-24 09:08:53 +02:00
Code Issues Packages Projects Releases Wiki Activity

wavpack: apply cve patch

Browse Source
This commit is contained in:
Jerome Duval
2021-01-07 18:01:31 +01:00
parent 0c9f2d5b71
commit 9f19995f46
2 changed files with 54 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

52
media-sound/wavpack/patches/CVE-2020-35738.patch Normal file
View File

@@ -0,0 +1,52 @@
From 89df160596132e3bd666322e1c20b2ebd4b92cd0 Mon Sep 17 00:00:00 2001
From: David Bryant <david@wavpack.com>
Date: Tue, 29 Dec 2020 20:47:19 -0800
Subject: [PATCH] issue #91: fix integer overflows resulting in buffer overruns
and sanitize a few more encoding parameters for clarity
---
src/pack_utils.c | 15 ++++++++++-----
1 file changed, 10 insertions(+), 5 deletions(-)
diff --git a/src/pack_utils.c b/src/pack_utils.c
index 17d9381..480ab90 100644
--- a/src/pack_utils.c
+++ b/src/pack_utils.c
@@ -200,8 +200,13 @@ int WavpackSetConfiguration64 (WavpackContext *wpc, WavpackConfig *config, int64
return FALSE;
}
- if (!num_chans) {
- strcpy (wpc->error_message, "channel count cannot be zero!");
+ if (num_chans <= 0 || num_chans > NEW_MAX_STREAMS * 2) {
+ strcpy (wpc->error_message, "invalid channel count!");
+ return FALSE;
+ }
+
+ if (config->block_samples && (config->block_samples < 16 || config->block_samples > 131072)) {
+ strcpy (wpc->error_message, "invalid custom block samples!");
return FALSE;
}
@@ -523,7 +528,7 @@ int WavpackPackInit (WavpackContext *wpc)
if (wpc->config.num_channels == 1)
wpc->block_samples *= 2;
- while (wpc->block_samples > 12000 && wpc->block_samples * wpc->config.num_channels > 300000)
+ while (wpc->block_samples > 12000 && (int64_t) wpc->block_samples * wpc->config.num_channels > 300000)
wpc->block_samples /= 2;
}
else {
@@ -534,10 +539,10 @@ int WavpackPackInit (WavpackContext *wpc)
wpc->block_samples = wpc->config.sample_rate / divisor;
- while (wpc->block_samples > 12000 && wpc->block_samples * wpc->config.num_channels > 75000)
+ while (wpc->block_samples > 12000 && (int64_t) wpc->block_samples * wpc->config.num_channels > 75000)
wpc->block_samples /= 2;
- while (wpc->block_samples * wpc->config.num_channels < 20000)
+ while ((int64_t) wpc->block_samples * wpc->config.num_channels < 20000)
wpc->block_samples *= 2;
}

3
media-sound/wavpack/wavpack-5.3.0.recipe
View File

@@ -4,9 +4,10 @@ lossless, high-quality lossy, and a unique hybrid compression mode."
HOMEPAGE="http://wavpack.com/" HOMEPAGE="http://wavpack.com/"
COPYRIGHT="1998-2020 David Bryant" COPYRIGHT="1998-2020 David Bryant"
LICENSE="WavPack" LICENSE="WavPack"
REVISION="1" REVISION="2"
SOURCE_URI="http://wavpack.com/wavpack-$portVersion.tar.bz2" SOURCE_URI="http://wavpack.com/wavpack-$portVersion.tar.bz2"
CHECKSUM_SHA256="b6f00b3a2185a1d2df6cf8d893ec60fd645d2eb90db7428a617fd27c9e8a6a01" CHECKSUM_SHA256="b6f00b3a2185a1d2df6cf8d893ec60fd645d2eb90db7428a617fd27c9e8a6a01"
PATCHES="CVE-2020-35738.patch"
ARCHITECTURES="!x86_gcc2 x86 x86_64" ARCHITECTURES="!x86_gcc2 x86 x86_64"
SECONDARY_ARCHITECTURES="!x86_gcc2 x86" SECONDARY_ARCHITECTURES="!x86_gcc2 x86"