packages/wavpack
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

add CVE patch

Browse Source
This commit is contained in:
xiangshuaizhx 2020-03-16 18:25:35 +08:00
parent 48e5c8dcfa
commit 4ca8d81957
3 changed files with 75 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
CVE-2018-19841.patch Normal file
View File

@ -0,0 +1,29 @@
From bba5389dc598a92bdf2b297c3ea34620b6679b5b Mon Sep 17 00:00:00 2001
From: David Bryant <david@wavpack.com>
Date: Thu, 29 Nov 2018 21:53:51 -0800
Subject: [PATCH] issue #54: fix potential out-of-bounds heap read
---
src/open_utils.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/open_utils.c b/src/open_utils.c
index 80051fc..4fe0d67 100644
--- a/src/open_utils.c
+++ b/src/open_utils.c
@@ -1258,13 +1258,13 @@ int WavpackVerifySingleBlock (unsigned char *buffer, int verify_checksum)
#endif
if (meta_bc == 4) {
- if (*dp++ != (csum & 0xff) || *dp++ != ((csum >> 8) & 0xff) || *dp++ != ((csum >> 16) & 0xff) || *dp++ != ((csum >> 24) & 0xff))
+ if (*dp != (csum & 0xff) || dp[1] != ((csum >> 8) & 0xff) || dp[2] != ((csum >> 16) & 0xff) || dp[3] != ((csum >> 24) & 0xff))
return FALSE;
}
else {
csum ^= csum >> 16;
- if (*dp++ != (csum & 0xff) || *dp++ != ((csum >> 8) & 0xff))
+ if (*dp != (csum & 0xff) || dp[1] != ((csum >> 8) & 0xff))
return FALSE;
}

36
wavpack-CVE-2019-11498.patch Normal file
View File

@ -0,0 +1,36 @@
From bc6cba3f552c44565f7f1e66dc1580189addb2b4 Mon Sep 17 00:00:00 2001
From: David Bryant <david@wavpack.com>
Date: Tue, 5 Mar 2019 21:32:27 -0800
Subject: [PATCH] issue #67: make sure sample rate is specified and non-zero in
DFF files
---
cli/dsdiff.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/cli/dsdiff.c b/cli/dsdiff.c
index f357181..193adee 100644
--- a/cli/dsdiff.c
+++ b/cli/dsdiff.c
@@ -171,7 +171,7 @@ int ParseDsdiffHeaderConfig (FILE *infile, char *infilename, char *fourcc, Wavpa
if (!strncmp (prop_chunk, "SND ", 4)) {
char *cptr = prop_chunk + 4, *eptr = prop_chunk + dff_chunk_header.ckDataSize;
uint16_t numChannels, chansSpecified, chanMask = 0;
- uint32_t sampleRate;
+ uint32_t sampleRate = 0;
while (eptr - cptr >= sizeof (dff_chunk_header)) {
memcpy (&dff_chunk_header, cptr, sizeof (dff_chunk_header));
@@ -263,6 +263,12 @@ int ParseDsdiffHeaderConfig (FILE *infile, char *infilename, char *fourcc, Wavpa
free (prop_chunk);
}
else if (!strncmp (dff_chunk_header.ckID, "DSD ", 4)) {
+
+ if (!config->num_channels || !config->sample_rate) {
+ error_line ("%s is not a valid .DFF file!", infilename);
+ return WAVPACK_SOFT_ERROR;
+ }
+
total_samples = dff_chunk_header.ckDataSize / config->num_channels;
break;
}

13
wavpack.spec
View File

@ -1,6 +1,6 @@
Name: wavpack
Version: 5.1.0
Release: 10
Release: 11
Summary: Hybrid Lossless Wavefile Compressor
License: BSD
Url: http://www.wavpack.com/
@ -10,7 +10,10 @@ Patch0001: wavpack-0002-issue-28-do-not-overwrite-heap-on-corrupt-DSDIFF-fi
Patch0002: wavpack-0003-issue-28-fix-buffer-overflows-and-bad-allocs-on-corr.patch
Patch0003: wavpack-0004-issue-33-sanitize-size-of-unknown-chunks-before-mall.patch
Patch0004: wavpack-0005-issue-30-issue-31-issue-32-no-multiple-format-chunks.patch
# fix potential out-of-bounds heapo read
Patch0005: wavpack-CVE-2019-11498.patch
# make sure sample rate is specified and non-zero in DFF files
Patch0006: CVE-2018-19841.patch
Patch6000: CVE-2018-19840.patch
BuildRequires: autoconf automake libtool
@ -37,7 +40,7 @@ Buildarch: noarch
Help document for the wavpack package.
%prep
%autosetup -p1
%autosetup -n %{name}-%{version} -p1
%build
autoreconf -ivf
@ -69,5 +72,9 @@ autoreconf -ivf
%{_mandir}/man1/*.1*
%changelog
* Sat Mar 14 2020 wangzhishun <wangzhishun1@huawei.com> - 5.1.0-11
- Make sure sample rate is specified and non-zero in DFF files
- Fix potential out-of-bounds heap read
* Fri Oct 25 2019 Lijin Yang <yanglijin@huawei.com> - 5.1.0-10
- Package init