summary refs log tree commit diff
path: root/gnu/packages/patches/soundtouch-CVE-2018-14044-14045.patch
blob: cc0282fc7b87ced0e2910f63278391b58431e9d8 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
Fix CVE-2018-14044 and CVE-2018-14045:

https://gitlab.com/soundtouch/soundtouch/issues/7
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14044
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14045

Patch copied from upstream source repository:

https://gitlab.com/soundtouch/soundtouch/commit/107f2c5d201a4dfea1b7f15c5957ff2ac9e5f260

From 107f2c5d201a4dfea1b7f15c5957ff2ac9e5f260 Mon Sep 17 00:00:00 2001
From: oparviainen <oparviai@iki.fi>
Date: Sun, 12 Aug 2018 20:00:56 +0300
Subject: [PATCH] Replaced illegal-number-of-channel assertions with run-time
 exception

---
 include/FIFOSamplePipe.h               | 12 ++++++++++++
 include/STTypes.h                      |  3 +++
 source/SoundTouch/FIFOSampleBuffer.cpp |  3 ++-
 source/SoundTouch/RateTransposer.cpp   |  5 ++---
 source/SoundTouch/SoundTouch.cpp       |  8 ++------
 source/SoundTouch/TDStretch.cpp        |  5 ++---
 6 files changed, 23 insertions(+), 13 deletions(-)

diff --git a/include/FIFOSamplePipe.h b/include/FIFOSamplePipe.h
index 4ec9275..b08f836 100644
--- a/include/FIFOSamplePipe.h
+++ b/include/FIFOSamplePipe.h
@@ -51,6 +51,18 @@ namespace soundtouch
 /// Abstract base class for FIFO (first-in-first-out) sample processing classes.
 class FIFOSamplePipe
 {
+protected:
+
+    bool verifyNumberOfChannels(int nChannels) const
+    {
+        if ((nChannels > 0) && (nChannels <= SOUNDTOUCH_MAX_CHANNELS))
+        {
+            return true;
+        }
+        ST_THROW_RT_ERROR("Error: Illegal number of channels");
+        return false;
+    }
+
 public:
     // virtual default destructor
     virtual ~FIFOSamplePipe() {}
diff --git a/include/STTypes.h b/include/STTypes.h
index 03e7e07..862505e 100644
--- a/include/STTypes.h
+++ b/include/STTypes.h
@@ -56,6 +56,9 @@ typedef unsigned long   ulong;
 
 namespace soundtouch
 {
+    /// Max allowed number of channels
+    #define SOUNDTOUCH_MAX_CHANNELS     16
+
     /// Activate these undef's to overrule the possible sampletype 
     /// setting inherited from some other header file:
     //#undef SOUNDTOUCH_INTEGER_SAMPLES
diff --git a/source/SoundTouch/FIFOSampleBuffer.cpp b/source/SoundTouch/FIFOSampleBuffer.cpp
index f0d5e42..706e869 100644
--- a/source/SoundTouch/FIFOSampleBuffer.cpp
+++ b/source/SoundTouch/FIFOSampleBuffer.cpp
@@ -73,7 +73,8 @@ void FIFOSampleBuffer::setChannels(int numChannels)
 {
     uint usedBytes;
 
-    assert(numChannels > 0);
+    if (!verifyNumberOfChannels(numChannels)) return;
+
     usedBytes = channels * samplesInBuffer;
     channels = (uint)numChannels;
     samplesInBuffer = usedBytes / channels;
diff --git a/source/SoundTouch/RateTransposer.cpp b/source/SoundTouch/RateTransposer.cpp
index 8b66be3..d115a4c 100644
--- a/source/SoundTouch/RateTransposer.cpp
+++ b/source/SoundTouch/RateTransposer.cpp
@@ -179,11 +179,10 @@ void RateTransposer::processSamples(const SAMPLETYPE *src, uint nSamples)
 // Sets the number of channels, 1 = mono, 2 = stereo
 void RateTransposer::setChannels(int nChannels)
 {
-    assert(nChannels > 0);
+    if (!verifyNumberOfChannels(nChannels) ||
+        (pTransposer->numChannels == nChannels)) return;
 
-    if (pTransposer->numChannels == nChannels) return;
     pTransposer->setChannels(nChannels);
-
     inputBuffer.setChannels(nChannels);
     midBuffer.setChannels(nChannels);
     outputBuffer.setChannels(nChannels);
diff --git a/source/SoundTouch/SoundTouch.cpp b/source/SoundTouch/SoundTouch.cpp
index 7b6756b..06bdd56 100644
--- a/source/SoundTouch/SoundTouch.cpp
+++ b/source/SoundTouch/SoundTouch.cpp
@@ -139,18 +139,14 @@ uint SoundTouch::getVersionId()
 // Sets the number of channels, 1 = mono, 2 = stereo
 void SoundTouch::setChannels(uint numChannels)
 {
-    /*if (numChannels != 1 && numChannels != 2) 
-    {
-        //ST_THROW_RT_ERROR("Illegal number of channels");
-        return;
-    }*/
+    if (!verifyNumberOfChannels(numChannels)) return;
+
     channels = numChannels;
     pRateTransposer->setChannels((int)numChannels);
     pTDStretch->setChannels((int)numChannels);
 }
 
 
-
 // Sets new rate control value. Normal rate = 1.0, smaller values
 // represent slower rate, larger faster rates.
 void SoundTouch::setRate(double newRate)
diff --git a/source/SoundTouch/TDStretch.cpp b/source/SoundTouch/TDStretch.cpp
index 149cdb9..be2dc88 100644
--- a/source/SoundTouch/TDStretch.cpp
+++ b/source/SoundTouch/TDStretch.cpp
@@ -588,9 +588,8 @@ void TDStretch::setTempo(double newTempo)
 // Sets the number of channels, 1 = mono, 2 = stereo
 void TDStretch::setChannels(int numChannels)
 {
-    assert(numChannels > 0);
-    if (channels == numChannels) return;
-//    assert(numChannels == 1 || numChannels == 2);
+    if (!verifyNumberOfChannels(numChannels) ||
+        (channels == numChannels)) return;
 
     channels = numChannels;
     inputBuffer.setChannels(channels);
-- 
2.18.0