1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
|
From 6f3266277bed16525f0ac2f0f03ff4626f1923e5 Mon Sep 17 00:00:00 2001
From: Erik de Castro Lopo <erikd@mega-nerd.com>
Date: Thu, 8 Mar 2018 18:00:21 +1100
Subject: [PATCH] Fix max channel count bug
The code was allowing files to be written with a channel count of exactly
`SF_MAX_CHANNELS` but was failing to read some file formats with the same
channel count.
Upstream-Status: Backport [https://github.com/erikd/libsndfile/
commit/6f3266277bed16525f0ac2f0f03ff4626f1923e5]
CVE: CVE-2018-19432
Signed-off-by: Changqing Li <changqing.li@windriver.com>
---
src/aiff.c | 6 +++---
src/rf64.c | 4 ++--
src/w64.c | 4 ++--
src/wav.c | 4 ++--
4 files changed, 9 insertions(+), 9 deletions(-)
diff --git a/src/aiff.c b/src/aiff.c
index fbd43cb..6386bce 100644
--- a/src/aiff.c
+++ b/src/aiff.c
@@ -1,5 +1,5 @@
/*
-** Copyright (C) 1999-2016 Erik de Castro Lopo <erikd@mega-nerd.com>
+** Copyright (C) 1999-2018 Erik de Castro Lopo <erikd@mega-nerd.com>
** Copyright (C) 2005 David Viens <davidv@plogue.com>
**
** This program is free software; you can redistribute it and/or modify
@@ -950,7 +950,7 @@ aiff_read_header (SF_PRIVATE *psf, COMM_
if (psf->sf.channels < 1)
return SFE_CHANNEL_COUNT_ZERO ;
- if (psf->sf.channels >= SF_MAX_CHANNELS)
+ if (psf->sf.channels > SF_MAX_CHANNELS)
return SFE_CHANNEL_COUNT ;
if (! (found_chunk & HAVE_FORM))
@@ -1030,7 +1030,7 @@ aiff_read_comm_chunk (SF_PRIVATE *psf, C
psf_log_printf (psf, " Sample Rate : %d\n", samplerate) ;
psf_log_printf (psf, " Frames : %u%s\n", comm_fmt->numSampleFrames, (comm_fmt->numSampleFrames == 0 && psf->filelength > 104) ? " (Should not be 0)" : "") ;
- if (comm_fmt->numChannels < 1 || comm_fmt->numChannels >= SF_MAX_CHANNELS)
+ if (comm_fmt->numChannels < 1 || comm_fmt->numChannels > SF_MAX_CHANNELS)
{ psf_log_printf (psf, " Channels : %d (should be >= 1 and < %d)\n", comm_fmt->numChannels, SF_MAX_CHANNELS) ;
return SFE_CHANNEL_COUNT_BAD ;
} ;
diff --git a/src/rf64.c b/src/rf64.c
index d57f0f3..876cd45 100644
--- a/src/rf64.c
+++ b/src/rf64.c
@@ -1,5 +1,5 @@
/*
-** Copyright (C) 2008-2017 Erik de Castro Lopo <erikd@mega-nerd.com>
+** Copyright (C) 2008-2018 Erik de Castro Lopo <erikd@mega-nerd.com>
** Copyright (C) 2009 Uli Franke <cls@nebadje.org>
**
** This program is free software; you can redistribute it and/or modify
@@ -382,7 +382,7 @@ rf64_read_header (SF_PRIVATE *psf, int *
if (psf->sf.channels < 1)
return SFE_CHANNEL_COUNT_ZERO ;
- if (psf->sf.channels >= SF_MAX_CHANNELS)
+ if (psf->sf.channels > SF_MAX_CHANNELS)
return SFE_CHANNEL_COUNT ;
/* WAVs can be little or big endian */
diff --git a/src/w64.c b/src/w64.c
index 939b716..a37d2c5 100644
--- a/src/w64.c
+++ b/src/w64.c
@@ -1,5 +1,5 @@
/*
-** Copyright (C) 1999-2016 Erik de Castro Lopo <erikd@mega-nerd.com>
+** Copyright (C) 1999-2018 Erik de Castro Lopo <erikd@mega-nerd.com>
**
** This program is free software; you can redistribute it and/or modify
** it under the terms of the GNU Lesser General Public License as published by
@@ -383,7 +383,7 @@ w64_read_header (SF_PRIVATE *psf, int *b
if (psf->sf.channels < 1)
return SFE_CHANNEL_COUNT_ZERO ;
- if (psf->sf.channels >= SF_MAX_CHANNELS)
+ if (psf->sf.channels > SF_MAX_CHANNELS)
return SFE_CHANNEL_COUNT ;
psf->endian = SF_ENDIAN_LITTLE ; /* All W64 files are little endian. */
diff --git a/src/wav.c b/src/wav.c
index 7bd97bc..dc97545 100644
--- a/src/wav.c
+++ b/src/wav.c
@@ -1,5 +1,5 @@
/*
-** Copyright (C) 1999-2016 Erik de Castro Lopo <erikd@mega-nerd.com>
+** Copyright (C) 1999-2018 Erik de Castro Lopo <erikd@mega-nerd.com>
** Copyright (C) 2004-2005 David Viens <davidv@plogue.com>
**
** This program is free software; you can redistribute it and/or modify
@@ -627,7 +627,7 @@ wav_read_header (SF_PRIVATE *psf, int *b
if (psf->sf.channels < 1)
return SFE_CHANNEL_COUNT_ZERO ;
- if (psf->sf.channels >= SF_MAX_CHANNELS)
+ if (psf->sf.channels > SF_MAX_CHANNELS)
return SFE_CHANNEL_COUNT ;
if (format != WAVE_FORMAT_PCM && (parsestage & HAVE_fact) == 0)
--
1.7.9.5
|
