[sox/f21] patch missing size checks, https://bugzilla.redhat.com/show_bug.cgi?id=1174792

Frantisek Kluknavsky fkluknav at fedoraproject.org
Fri Feb 13 17:13:54 UTC 2015 

commit 13bb63af2b4557a0e350ae4b64c4f934ef19d537
Author: Frantisek Kluknavsky <fkluknav at redhat.com>
Date:   Fri Feb 13 18:13:43 2015 +0100

    patch missing size checks, https://bugzilla.redhat.com/show_bug.cgi?id=1174792

 0001-Check-for-minimum-size-sphere-headers.patch   |   28 ++++++++++++++++++++
 0002-More-checks-for-invalid-MS-ADPCM-blocks.patch |   28 ++++++++++++++++++++
 sox.spec                                           |    7 ++++-
 3 files changed, 62 insertions(+), 1 deletions(-)
---
diff --git a/0001-Check-for-minimum-size-sphere-headers.patch b/0001-Check-for-minimum-size-sphere-headers.patch
new file mode 100644
index 0000000..f01fec3
--- /dev/null
+++ b/0001-Check-for-minimum-size-sphere-headers.patch
@@ -0,0 +1,28 @@
+From 55e33019afcb3256cccedf606548b86816f6da59 Mon Sep 17 00:00:00 2001
+From: Chris Bagwell <chris at cnpbagwell.com>
+Date: Sat, 13 Dec 2014 12:48:37 -0600
+Subject: [PATCH 1/2] Check for minimum size sphere headers
+
+---
+ src/sphere.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/src/sphere.c b/src/sphere.c
+index 479a552..a3fd1c6 100644
+--- a/src/sphere.c
++++ b/src/sphere.c
+@@ -47,6 +47,11 @@ static int start_read(sox_format_t * ft)
+ 
+   /* Determine header size, and allocate a buffer large enough to hold it. */
+   sscanf(fldsval, "%lu", &header_size_ul);
++  if (header_size_ul < 16) {
++    lsx_fail_errno(ft, SOX_EHDR, "Error reading Sphere header");
++    return (SOX_EOF);
++  }
++
+   buf = lsx_malloc(header_size = header_size_ul);
+ 
+   /* Skip what we have read so far */
+-- 
+2.1.0
+
diff --git a/0002-More-checks-for-invalid-MS-ADPCM-blocks.patch b/0002-More-checks-for-invalid-MS-ADPCM-blocks.patch
new file mode 100644
index 0000000..72c2d76
--- /dev/null
+++ b/0002-More-checks-for-invalid-MS-ADPCM-blocks.patch
@@ -0,0 +1,28 @@
+From ebb64cddde59ecc9cedf3741ce2337c72148cc0c Mon Sep 17 00:00:00 2001
+From: Chris Bagwell <chris at cnpbagwell.com>
+Date: Sat, 13 Dec 2014 12:49:55 -0600
+Subject: [PATCH 2/2] More checks for invalid MS ADPCM blocks.
+
+If block doesn't exacty match blockAlign then do not allow
+number of samples in invalid size block to ever be more than
+what WAV header defined as samplesPerBlock.
+---
+ src/wav.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/wav.c b/src/wav.c
+index 61d5908..5202556 100644
+--- a/src/wav.c
++++ b/src/wav.c
+@@ -168,7 +168,7 @@ static unsigned short  AdpcmReadBlock(sox_format_t * ft)
+         /* work with partial blocks.  Specs say it should be null */
+         /* padded but I guess this is better than trailing quiet. */
+         samplesThisBlock = lsx_ms_adpcm_samples_in((size_t)0, (size_t)ft->signal.channels, bytesRead, (size_t)0);
+-        if (samplesThisBlock == 0)
++        if (samplesThisBlock == 0 || samplesThisBlock > wav->samplesPerBlock)
+         {
+             lsx_warn("Premature EOF on .wav input file");
+             return 0;
+-- 
+2.1.0
+
diff --git a/sox.spec b/sox.spec
index f3dbf25..3ec91ef 100644
--- a/sox.spec
+++ b/sox.spec
@@ -1,7 +1,7 @@
 Summary: A general purpose sound file conversion tool
 Name: sox
 Version: 14.4.1
-Release: 6%{?dist}
+Release: 7%{?dist}
 License: GPLv2+ and LGPLv2+ and MIT
 Group: Applications/Multimedia
 #Modified source tarball with libgsm license, without unlicensed liblpc10
@@ -10,6 +10,8 @@ Source: %{name}/%{name}-%{version}.modified.tar.gz
 URL: http://sox.sourceforge.net/
 Patch0: sox-mcompand_clipping.patch
 Patch1: sox-14.4.1-lpc10.patch
+Patch2: 0001-Check-for-minimum-size-sphere-headers.patch
+Patch3: 0002-More-checks-for-invalid-MS-ADPCM-blocks.patch
 BuildRequires: libvorbis-devel
 BuildRequires: alsa-lib-devel, libtool-ltdl-devel, libsamplerate-devel
 BuildRequires: gsm-devel, wavpack-devel, ladspa-devel, libpng-devel
@@ -75,6 +77,9 @@ rm -f $RPM_BUILD_ROOT/%{_libdir}/sox/*.a
 
 
 %changelog
+* Fri Feb 13 2015 Frantisek Kluknavsky <fkluknav at redhat.com> - 14.4.1-7
+- patch missing size checks, https://bugzilla.redhat.com/show_bug.cgi?id=1174792
+
 * Mon Aug 18 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 14.4.1-6
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild

More information about the scm-commits mailing list