summary refs log tree commit diff
path: root/gnu/packages/patches/wavpack-CVE-2018-7253.patch
diff options
context:
space:
mode:
Diffstat (limited to 'gnu/packages/patches/wavpack-CVE-2018-7253.patch')
-rw-r--r--gnu/packages/patches/wavpack-CVE-2018-7253.patch29
1 files changed, 0 insertions, 29 deletions
diff --git a/gnu/packages/patches/wavpack-CVE-2018-7253.patch b/gnu/packages/patches/wavpack-CVE-2018-7253.patch
deleted file mode 100644
index 651755afd0..0000000000
--- a/gnu/packages/patches/wavpack-CVE-2018-7253.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-Fix CVE-2018-7253:
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7253
-
-Copied from upstream:
-https://github.com/dbry/WavPack/commit/36a24c7881427d2e1e4dc1cef58f19eee0d13aec
-
-diff --git a/cli/dsdiff.c b/cli/dsdiff.c
-index 410dc1c..c016df9 100644
---- a/cli/dsdiff.c
-+++ b/cli/dsdiff.c
-@@ -153,7 +153,17 @@ int ParseDsdiffHeaderConfig (FILE *infile, char *infilename, char *fourcc, Wavpa
-                 error_line ("dsdiff file version = 0x%08x", version);
-         }
-         else if (!strncmp (dff_chunk_header.ckID, "PROP", 4)) {
--            char *prop_chunk = malloc ((size_t) dff_chunk_header.ckDataSize);
-+            char *prop_chunk;
-+
-+            if (dff_chunk_header.ckDataSize < 4 || dff_chunk_header.ckDataSize > 1024) {
-+                error_line ("%s is not a valid .DFF file!", infilename);
-+                return WAVPACK_SOFT_ERROR;
-+            }
-+
-+            if (debug_logging_mode)
-+                error_line ("got PROP chunk of %d bytes total", (int) dff_chunk_header.ckDataSize);
-+
-+            prop_chunk = malloc ((size_t) dff_chunk_header.ckDataSize);
- 
-             if (!DoReadFile (infile, prop_chunk, (uint32_t) dff_chunk_header.ckDataSize, &bcount) ||
-                 bcount != dff_chunk_header.ckDataSize) {
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-11-29 04:40:07 +0000