diff options
| author |   Miroslav Šulc <fordfrog@gentoo.org> | 2021-01-02 12:53:18 +0100 |
|---|---|---|
| committer | Miroslav Šulc <fordfrog@gentoo.org> | 2021-01-02 12:53:24 +0100 |
| commit | 22ab7121945950659d4325be712f786164699a6c (patch) | |
| tree | e13fad2e8c5482cf75b99fa0b8a5f859a8415b5a /media-sound | |
| parent | dev-util/ragel: stable 7.0.0.12 for hppa, bug #761870 (diff) | |
| download | gentoo-22ab7121945950659d4325be712f786164699a6c.tar.gz gentoo-22ab7121945950659d4325be712f786164699a6c.tar.bz2 gentoo-22ab7121945950659d4325be712f786164699a6c.zip | |
media-sound/wavpack: fixed out of bound write
Bug: https://bugs.gentoo.org/762154
Package-Manager: Portage-3.0.12, Repoman-3.0.2
Signed-off-by: Miroslav Šulc <fordfrog@gentoo.org>
Diffstat (limited to 'media-sound')
| -rw-r--r-- | media-sound/wavpack/files/wavpack-5.3.2-fix-overflows.patch | 52 | ||||
| -rw-r--r-- | media-sound/wavpack/wavpack-5.3.2-r1.ebuild (renamed from media-sound/wavpack/wavpack-5.3.2.ebuild) | 6 |
2 files changed, 57 insertions, 1 deletions
diff --git a/media-sound/wavpack/files/wavpack-5.3.2-fix-overflows.patch b/media-sound/wavpack/files/wavpack-5.3.2-fix-overflows.patch new file mode 100644 index 000000000000..fbbd40ba8bd9 --- /dev/null +++ b/media-sound/wavpack/files/wavpack-5.3.2-fix-overflows.patch @@ -0,0 +1,52 @@ +From 89df160596132e3bd666322e1c20b2ebd4b92cd0 Mon Sep 17 00:00:00 2001 +From: David Bryant <david@wavpack.com> +Date: Tue, 29 Dec 2020 20:47:19 -0800 +Subject: [PATCH] issue #91: fix integer overflows resulting in buffer overruns + and sanitize a few more encoding parameters for clarity + +--- + src/pack_utils.c | 15 ++++++++++----- + 1 file changed, 10 insertions(+), 5 deletions(-) + +diff --git a/src/pack_utils.c b/src/pack_utils.c +index 17d9381..480ab90 100644 +--- a/src/pack_utils.c ++++ b/src/pack_utils.c +@@ -200,8 +200,13 @@ int WavpackSetConfiguration64 (WavpackContext *wpc, WavpackConfig *config, int64 + return FALSE; + } + +- if (!num_chans) { +- strcpy (wpc->error_message, "channel count cannot be zero!"); ++ if (num_chans <= 0 || num_chans > NEW_MAX_STREAMS * 2) { ++ strcpy (wpc->error_message, "invalid channel count!"); ++ return FALSE; ++ } ++ ++ if (config->block_samples && (config->block_samples < 16 || config->block_samples > 131072)) { ++ strcpy (wpc->error_message, "invalid custom block samples!"); + return FALSE; + } + +@@ -523,7 +528,7 @@ int WavpackPackInit (WavpackContext *wpc) + if (wpc->config.num_channels == 1) + wpc->block_samples *= 2; + +- while (wpc->block_samples > 12000 && wpc->block_samples * wpc->config.num_channels > 300000) ++ while (wpc->block_samples > 12000 && (int64_t) wpc->block_samples * wpc->config.num_channels > 300000) + wpc->block_samples /= 2; + } + else { +@@ -534,10 +539,10 @@ int WavpackPackInit (WavpackContext *wpc) + + wpc->block_samples = wpc->config.sample_rate / divisor; + +- while (wpc->block_samples > 12000 && wpc->block_samples * wpc->config.num_channels > 75000) ++ while (wpc->block_samples > 12000 && (int64_t) wpc->block_samples * wpc->config.num_channels > 75000) + wpc->block_samples /= 2; + +- while (wpc->block_samples * wpc->config.num_channels < 20000) ++ while ((int64_t) wpc->block_samples * wpc->config.num_channels < 20000) + wpc->block_samples *= 2; + } + diff --git a/media-sound/wavpack/wavpack-5.3.2.ebuild b/media-sound/wavpack/wavpack-5.3.2-r1.ebuild index 33880cc9703d..c34faa9eee4a 100644 --- a/media-sound/wavpack/wavpack-5.3.2.ebuild +++ b/media-sound/wavpack/wavpack-5.3.2-r1.ebuild @@ -1,4 +1,4 @@ -# Copyright 1999-2020 Gentoo Authors +# Copyright 1999-2021 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=7 @@ -23,6 +23,10 @@ DEPEND="${RDEPEND}" S="${WORKDIR}/WavPack-${COMMIT}" +PATCHES=( + "${FILESDIR}/${P}-fix-overflows.patch" +) + src_prepare() { default eautoreconf |