summary refs log tree commit diff
path: root/gnu/packages/patches/soundtouch-CVE-2018-1000223.patch
diff options
context:
space:
mode:
Diffstat (limited to 'gnu/packages/patches/soundtouch-CVE-2018-1000223.patch')
-rw-r--r--gnu/packages/patches/soundtouch-CVE-2018-1000223.patch143
1 files changed, 0 insertions, 143 deletions
diff --git a/gnu/packages/patches/soundtouch-CVE-2018-1000223.patch b/gnu/packages/patches/soundtouch-CVE-2018-1000223.patch
deleted file mode 100644
index 961a183565..0000000000
--- a/gnu/packages/patches/soundtouch-CVE-2018-1000223.patch
+++ /dev/null
@@ -1,143 +0,0 @@
-Fix CVE-2018-1000223:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000223
-https://gitlab.com/soundtouch/soundtouch/issues/6
-
-Patches copied from upstream source repository:
-
-https://gitlab.com/soundtouch/soundtouch/commit/9e02d9b04fda6c1f44336ff00bb5af1e2ffc039e
-https://gitlab.com/soundtouch/soundtouch/commit/e0240689056e4182fffdc2a16aa6e3425a15e275
-https://gitlab.com/soundtouch/soundtouch/commit/46531e5b92dd80dd9a7947463d6224fc7cb21967
-
-From 9e02d9b04fda6c1f44336ff00bb5af1e2ffc039e Mon Sep 17 00:00:00 2001
-From: oparviainen <oparviai@iki.fi>
-Date: Sun, 12 Aug 2018 20:24:37 +0300
-Subject: [PATCH] Added minimum size check for WAV header block lengh values
-
----
- source/SoundStretch/WavFile.cpp | 10 +++++++++-
- 1 file changed, 9 insertions(+), 1 deletion(-)
-
-diff --git a/source/SoundStretch/WavFile.cpp b/source/SoundStretch/WavFile.cpp
-index 7e7ade2..68818c9 100644
---- a/source/SoundStretch/WavFile.cpp
-+++ b/source/SoundStretch/WavFile.cpp
-@@ -530,7 +530,11 @@ int WavInFile::readHeaderBlock()
-         // read length of the format field

-         if (fread(&nLen, sizeof(int), 1, fptr) != 1) return -1;

-         // swap byte order if necessary

--        _swap32(nLen); // int format_len;

-+        _swap32(nLen);

-+

-+        // verify that header length isn't smaller than expected

-+        if (nLen < sizeof(header.format) - 8) return -1;

-+

-         header.format.format_len = nLen;

- 

-         // calculate how much length differs from expected

-@@ -572,6 +576,10 @@ int WavInFile::readHeaderBlock()
-         if (fread(&nLen, sizeof(int), 1, fptr) != 1) return -1;

-         // swap byte order if necessary

-         _swap32(nLen); // int fact_len;

-+

-+        // verify that fact length isn't smaller than expected

-+        if (nLen < sizeof(header.fact) - 8) return -1;

-+

-         header.fact.fact_len = nLen;

- 

-         // calculate how much length differs from expected

--- 
-2.18.0
-
-From e0240689056e4182fffdc2a16aa6e3425a15e275 Mon Sep 17 00:00:00 2001
-From: oparviainen <oparviai@iki.fi>
-Date: Mon, 13 Aug 2018 19:16:16 +0300
-Subject: [PATCH] Fixed WavFile header/fact not-too-small check
-
----
- source/SoundStretch/WavFile.cpp | 22 +++++++++++-----------
- 1 file changed, 11 insertions(+), 11 deletions(-)
-
-diff --git a/source/SoundStretch/WavFile.cpp b/source/SoundStretch/WavFile.cpp
-index 4af7a4c..3421bca 100644
---- a/source/SoundStretch/WavFile.cpp
-+++ b/source/SoundStretch/WavFile.cpp
-@@ -518,13 +518,13 @@ int WavInFile::readHeaderBlock()
-         // swap byte order if necessary

-         _swap32(nLen);

- 

--        // verify that header length isn't smaller than expected

--        if (nLen < sizeof(header.format) - 8) return -1;

-+        // calculate how much length differs from expected 

-+        nDump = nLen - ((int)sizeof(header.format) - 8);

- 

--        header.format.format_len = nLen;

-+        // verify that header length isn't smaller than expected structure

-+        if (nDump < 0) return -1;

- 

--        // calculate how much length differs from expected

--        nDump = nLen - ((int)sizeof(header.format) - 8);

-+        header.format.format_len = nLen;

- 

-         // if format_len is larger than expected, read only as much data as we've space for

-         if (nDump > 0)

-@@ -561,16 +561,16 @@ int WavInFile::readHeaderBlock()
-         // read length of the fact field

-         if (fread(&nLen, sizeof(int), 1, fptr) != 1) return -1;

-         // swap byte order if necessary

--        _swap32(nLen); // int fact_len;

--

--        // verify that fact length isn't smaller than expected

--        if (nLen < sizeof(header.fact) - 8) return -1;

--

--        header.fact.fact_len = nLen;

-+        _swap32(nLen);

- 

-         // calculate how much length differs from expected

-         nDump = nLen - ((int)sizeof(header.fact) - 8);

- 

-+        // verify that fact length isn't smaller than expected structure

-+        if (nDump < 0) return -1;

-+

-+        header.fact.fact_len = nLen;

-+

-         // if format_len is larger than expected, read only as much data as we've space for

-         if (nDump > 0)

-         {

--- 
-2.18.0
-
-From 46531e5b92dd80dd9a7947463d6224fc7cb21967 Mon Sep 17 00:00:00 2001
-From: olli <oparviai@iki.fi>
-Date: Mon, 13 Aug 2018 19:42:58 +0300
-Subject: [PATCH] Improved WavFile header/fact not-too-small check
-
----
- source/SoundStretch/WavFile.cpp | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/source/SoundStretch/WavFile.cpp b/source/SoundStretch/WavFile.cpp
-index 3421bca..9d90b8a 100644
---- a/source/SoundStretch/WavFile.cpp
-+++ b/source/SoundStretch/WavFile.cpp
-@@ -522,7 +522,7 @@ int WavInFile::readHeaderBlock()
-         nDump = nLen - ((int)sizeof(header.format) - 8);

- 

-         // verify that header length isn't smaller than expected structure

--        if (nDump < 0) return -1;

-+        if ((nLen < 0) || (nDump < 0)) return -1;

- 

-         header.format.format_len = nLen;

- 

-@@ -567,7 +567,7 @@ int WavInFile::readHeaderBlock()
-         nDump = nLen - ((int)sizeof(header.fact) - 8);

- 

-         // verify that fact length isn't smaller than expected structure

--        if (nDump < 0) return -1;

-+        if ((nLen < 0) || (nDump < 0)) return -1;

- 

-         header.fact.fact_len = nLen;

- 

--- 
-2.18.0
-