diff options
author | Marius Bakke <mbakke@fastmail.com> | 2018-02-23 13:07:51 +0100 |
---|---|---|
committer | Marius Bakke <mbakke@fastmail.com> | 2018-02-23 20:40:51 +0100 |
commit | 65f704f3735fa7c979f36629d402b9458cc96ad0 (patch) | |
tree | 1db7109c9b3e5d295ad9bfddd94ca10fcbaf3ec3 /gnu/packages/patches/wavpack-CVE-2018-7253.patch | |
parent | b5bb0e43919372f42ea0305c70da12255803a0d6 (diff) | |
download | guix-65f704f3735fa7c979f36629d402b9458cc96ad0.tar.gz |
gnu: wavpack: Fix CVE-2018-7253 and CVE-2018-7254.
* gnu/packages/patches/wavpack-CVE-2018-7253.patch, gnu/packages/patches/wavpack-CVE-2018-7254.patch: New files. * gnu/local.mk (dist_patch_DATA): Register them. * gnu/packages/audio.scm (wavpack)[source](patches): Use them.
Diffstat (limited to 'gnu/packages/patches/wavpack-CVE-2018-7253.patch')
-rw-r--r-- | gnu/packages/patches/wavpack-CVE-2018-7253.patch | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/gnu/packages/patches/wavpack-CVE-2018-7253.patch b/gnu/packages/patches/wavpack-CVE-2018-7253.patch new file mode 100644 index 0000000000..651755afd0 --- /dev/null +++ b/gnu/packages/patches/wavpack-CVE-2018-7253.patch @@ -0,0 +1,29 @@ +Fix CVE-2018-7253: +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7253 + +Copied from upstream: +https://github.com/dbry/WavPack/commit/36a24c7881427d2e1e4dc1cef58f19eee0d13aec + +diff --git a/cli/dsdiff.c b/cli/dsdiff.c +index 410dc1c..c016df9 100644 +--- a/cli/dsdiff.c ++++ b/cli/dsdiff.c +@@ -153,7 +153,17 @@ int ParseDsdiffHeaderConfig (FILE *infile, char *infilename, char *fourcc, Wavpa + error_line ("dsdiff file version = 0x%08x", version); + } + else if (!strncmp (dff_chunk_header.ckID, "PROP", 4)) { +- char *prop_chunk = malloc ((size_t) dff_chunk_header.ckDataSize); ++ char *prop_chunk; ++ ++ if (dff_chunk_header.ckDataSize < 4 || dff_chunk_header.ckDataSize > 1024) { ++ error_line ("%s is not a valid .DFF file!", infilename); ++ return WAVPACK_SOFT_ERROR; ++ } ++ ++ if (debug_logging_mode) ++ error_line ("got PROP chunk of %d bytes total", (int) dff_chunk_header.ckDataSize); ++ ++ prop_chunk = malloc ((size_t) dff_chunk_header.ckDataSize); + + if (!DoReadFile (infile, prop_chunk, (uint32_t) dff_chunk_header.ckDataSize, &bcount) || + bcount != dff_chunk_header.ckDataSize) { |