author  Norm Jacobs <Norm.Jacobs@Oracle.COM> 
Fri, 09 Jan 2015 10:58:01 0800  
changeset 3616  53afb71c2b98 
permissions  rwrr 
3616
53afb71c2b98
20332735 problem in UTILITY/SOX
Norm Jacobs <Norm.Jacobs@Oracle.COM>
parents:
diff
changeset

1 
# 
53afb71c2b98
20332735 problem in UTILITY/SOX
Norm Jacobs <Norm.Jacobs@Oracle.COM>
parents:
diff
changeset

2 
# Fix CVE20148145[0]: 
53afb71c2b98
20332735 problem in UTILITY/SOX
Norm Jacobs <Norm.Jacobs@Oracle.COM>
parents:
diff
changeset

3 
# two heapbased buffer overflows 
53afb71c2b98
20332735 problem in UTILITY/SOX
Norm Jacobs <Norm.Jacobs@Oracle.COM>
parents:
diff
changeset

4 
# Upstream changesets 7d3f38 and f39c57. 
53afb71c2b98
20332735 problem in UTILITY/SOX
Norm Jacobs <Norm.Jacobs@Oracle.COM>
parents:
diff
changeset

5 
# http://sourceforge.net/p/sox/code/ci/7d3f38007a1eeaf5ab7669aba0d2a7e4d3def57e/ 
53afb71c2b98
20332735 problem in UTILITY/SOX
Norm Jacobs <Norm.Jacobs@Oracle.COM>
parents:
diff
changeset

6 
# http://sourceforge.net/p/sox/code/ci/f39c574bc423fd5b12bd6510264512f5d5366183/ 
53afb71c2b98
20332735 problem in UTILITY/SOX
Norm Jacobs <Norm.Jacobs@Oracle.COM>
parents:
diff
changeset

7 
# 
53afb71c2b98
20332735 problem in UTILITY/SOX
Norm Jacobs <Norm.Jacobs@Oracle.COM>
parents:
diff
changeset

8 

53afb71c2b98
20332735 problem in UTILITY/SOX
Norm Jacobs <Norm.Jacobs@Oracle.COM>
parents:
diff
changeset

9 
 a/src/sphere.c 
53afb71c2b98
20332735 problem in UTILITY/SOX
Norm Jacobs <Norm.Jacobs@Oracle.COM>
parents:
diff
changeset

10 
+++ b/src/sphere.c 
53afb71c2b98
20332735 problem in UTILITY/SOX
Norm Jacobs <Norm.Jacobs@Oracle.COM>
parents:
diff
changeset

11 
@@ 47,6 +47,11 @@ 
53afb71c2b98
20332735 problem in UTILITY/SOX
Norm Jacobs <Norm.Jacobs@Oracle.COM>
parents:
diff
changeset

12 

53afb71c2b98
20332735 problem in UTILITY/SOX
Norm Jacobs <Norm.Jacobs@Oracle.COM>
parents:
diff
changeset

13 
/* Determine header size, and allocate a buffer large enough to hold it. */ 
53afb71c2b98
20332735 problem in UTILITY/SOX
Norm Jacobs <Norm.Jacobs@Oracle.COM>
parents:
diff
changeset

14 
sscanf(fldsval, "%lu", &header_size_ul); 
53afb71c2b98
20332735 problem in UTILITY/SOX
Norm Jacobs <Norm.Jacobs@Oracle.COM>
parents:
diff
changeset

15 
+ if (header_size_ul < 16) { 
53afb71c2b98
20332735 problem in UTILITY/SOX
Norm Jacobs <Norm.Jacobs@Oracle.COM>
parents:
diff
changeset

16 
+ lsx_fail_errno(ft, SOX_EHDR, "Error reading Sphere header"); 
53afb71c2b98
20332735 problem in UTILITY/SOX
Norm Jacobs <Norm.Jacobs@Oracle.COM>
parents:
diff
changeset

17 
+ return (SOX_EOF); 
53afb71c2b98
20332735 problem in UTILITY/SOX
Norm Jacobs <Norm.Jacobs@Oracle.COM>
parents:
diff
changeset

18 
+ } 
53afb71c2b98
20332735 problem in UTILITY/SOX
Norm Jacobs <Norm.Jacobs@Oracle.COM>
parents:
diff
changeset

19 
+ 
53afb71c2b98
20332735 problem in UTILITY/SOX
Norm Jacobs <Norm.Jacobs@Oracle.COM>
parents:
diff
changeset

20 
buf = lsx_malloc(header_size = header_size_ul); 
53afb71c2b98
20332735 problem in UTILITY/SOX
Norm Jacobs <Norm.Jacobs@Oracle.COM>
parents:
diff
changeset

21 

53afb71c2b98
20332735 problem in UTILITY/SOX
Norm Jacobs <Norm.Jacobs@Oracle.COM>
parents:
diff
changeset

22 
/* Skip what we have read so far */ 
53afb71c2b98
20332735 problem in UTILITY/SOX
Norm Jacobs <Norm.Jacobs@Oracle.COM>
parents:
diff
changeset

23 

53afb71c2b98
20332735 problem in UTILITY/SOX
Norm Jacobs <Norm.Jacobs@Oracle.COM>
parents:
diff
changeset

24 

53afb71c2b98
20332735 problem in UTILITY/SOX
Norm Jacobs <Norm.Jacobs@Oracle.COM>
parents:
diff
changeset

25 
 a/src/wav.c 
53afb71c2b98
20332735 problem in UTILITY/SOX
Norm Jacobs <Norm.Jacobs@Oracle.COM>
parents:
diff
changeset

26 
+++ b/src/wav.c 
53afb71c2b98
20332735 problem in UTILITY/SOX
Norm Jacobs <Norm.Jacobs@Oracle.COM>
parents:
diff
changeset

27 
@@ 166,7 +166,7 @@ 
53afb71c2b98
20332735 problem in UTILITY/SOX
Norm Jacobs <Norm.Jacobs@Oracle.COM>
parents:
diff
changeset

28 
/* work with partial blocks. Specs say it should be null */ 
53afb71c2b98
20332735 problem in UTILITY/SOX
Norm Jacobs <Norm.Jacobs@Oracle.COM>
parents:
diff
changeset

29 
/* padded but I guess this is better than trailing quiet. */ 
53afb71c2b98
20332735 problem in UTILITY/SOX
Norm Jacobs <Norm.Jacobs@Oracle.COM>
parents:
diff
changeset

30 
samplesThisBlock = lsx_ms_adpcm_samples_in((size_t)0, (size_t)ft>signal.channels, bytesRead, (size_t)0); 
53afb71c2b98
20332735 problem in UTILITY/SOX
Norm Jacobs <Norm.Jacobs@Oracle.COM>
parents:
diff
changeset

31 
 if (samplesThisBlock == 0) 
53afb71c2b98
20332735 problem in UTILITY/SOX
Norm Jacobs <Norm.Jacobs@Oracle.COM>
parents:
diff
changeset

32 
+ if (samplesThisBlock == 0  samplesThisBlock > wav>samplesPerBlock) 
53afb71c2b98
20332735 problem in UTILITY/SOX
Norm Jacobs <Norm.Jacobs@Oracle.COM>
parents:
diff
changeset

33 
{ 
53afb71c2b98
20332735 problem in UTILITY/SOX
Norm Jacobs <Norm.Jacobs@Oracle.COM>
parents:
diff
changeset

34 
lsx_warn("Premature EOF on .wav input file"); 
53afb71c2b98
20332735 problem in UTILITY/SOX
Norm Jacobs <Norm.Jacobs@Oracle.COM>
parents:
diff
changeset

35 
return 0; 