packages/wavpack
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!13 fix CVE-2020-35738

Browse Source 
From: @wangxiao65
Reviewed-by: @zhanghua1831,@small_leek
Signed-off-by: @small_leek
This commit is contained in:
openeuler-ci-bot 2021-03-04 14:06:35 +08:00 committed by Gitee
commit 9c55f1175d
2 changed files with 57 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

52
CVE-2020-35738.patch Normal file
View File

@ -0,0 +1,52 @@
From 89df160596132e3bd666322e1c20b2ebd4b92cd0 Mon Sep 17 00:00:00 2001
From: David Bryant <david@wavpack.com>
Date: Tue, 29 Dec 2020 20:47:19 -0800
Subject: [PATCH] issue #91: fix integer overflows resulting in buffer overruns
and sanitize a few more encoding parameters for clarity
---
src/pack_utils.c | 15 ++++++++++-----
1 file changed, 10 insertions(+), 5 deletions(-)
diff --git a/src/pack_utils.c b/src/pack_utils.c
index 17d9381..480ab90 100644
--- a/src/pack_utils.c
+++ b/src/pack_utils.c
@@ -200,8 +200,13 @@ int WavpackSetConfiguration64 (WavpackContext *wpc, WavpackConfig *config, int64
return FALSE;
}
- if (!num_chans) {
- strcpy (wpc->error_message, "channel count cannot be zero!");
+ if (num_chans <= 0 || num_chans > NEW_MAX_STREAMS * 2) {
+ strcpy (wpc->error_message, "invalid channel count!");
+ return FALSE;
+ }
+
+ if (config->block_samples && (config->block_samples < 16 || config->block_samples > 131072)) {
+ strcpy (wpc->error_message, "invalid custom block samples!");
return FALSE;
}
@@ -523,7 +528,7 @@ int WavpackPackInit (WavpackContext *wpc)
if (wpc->config.num_channels == 1)
wpc->block_samples *= 2;
- while (wpc->block_samples > 12000 && wpc->block_samples * wpc->config.num_channels > 300000)
+ while (wpc->block_samples > 12000 && (int64_t) wpc->block_samples * wpc->config.num_channels > 300000)
wpc->block_samples /= 2;
}
else {
@@ -534,10 +539,10 @@ int WavpackPackInit (WavpackContext *wpc)
wpc->block_samples = wpc->config.sample_rate / divisor;
- while (wpc->block_samples > 12000 && wpc->block_samples * wpc->config.num_channels > 75000)
+ while (wpc->block_samples > 12000 && (int64_t) wpc->block_samples * wpc->config.num_channels > 75000)
wpc->block_samples /= 2;
- while (wpc->block_samples * wpc->config.num_channels < 20000)
+ while ((int64_t) wpc->block_samples * wpc->config.num_channels < 20000)
wpc->block_samples *= 2;
}

6
wavpack.spec
View File

@ -1,10 +1,11 @@
Name: wavpack
Version: 5.3.0
Release: 1
Release: 2
Summary: Hybrid Lossless Wavefile Compressor
License: BSD
Url: http://www.wavpack.com/
Source: https://github.com/dbry/WavPack/releases/download/%{version}/%{name}-%{version}.tar.xz
Patch0000: CVE-2020-35738.patch
BuildRequires: autoconf automake libtool
@ -65,6 +66,9 @@ autoreconf -ivf
%{_mandir}/man1/*.1*
%changelog
* Thu Mar 4 2021 wangxiao <wangxiao65@huawei.com> - 5.3.0-2
- Fix CVE-2020-35738
* Sat Nov 28 2020 lingsheng <lingsheng@huawei.com> - 5.3.0-1
- Update to 5.3.0
- Fix OSS-Fuzz issue 19925 19928 20060 20448