[pkgsrc/trunk]: pkgsrc/audio/libaudiofile (attempt to) fix CVE-2008-5824 (buf...

To: pkgsrc-changes-hg%NetBSD.org@localhost
Subject: [pkgsrc/trunk]: pkgsrc/audio/libaudiofile (attempt to) fix CVE-2008-5824 (buf...
From: drochner <drochner%pkgsrc.org@localhost>
Date: Thu, 14 Oct 2021 07:12:56 +0000

details:   https://anonhg.NetBSD.org/pkgsrc/rev/18789a007741
branches:  trunk
changeset: 553457:18789a007741
user:      drochner <drochner%pkgsrc.org@localhost>
date:      Wed Jan 21 15:19:27 2009 +0000

description:
(attempt to) fix CVE-2008-5824 (buffer overflow in msadpcm.c),
see Debian bug #510205, just done correctly.
The IMA code might have similar problems. The code appearently can't
handle stereo files correctly anyway, so bail out if >1 channel
which should avoid the problem.
bump PKGREVISION

diffstat:

 audio/libaudiofile/Makefile         |   4 ++--
 audio/libaudiofile/distinfo         |   4 +++-
 audio/libaudiofile/patches/patch-ac |  24 ++++++++++++++++++++++++
 audio/libaudiofile/patches/patch-ad |  27 +++++++++++++++++++++++++++
 4 files changed, 56 insertions(+), 3 deletions(-)

diffs (87 lines):

diff -r 184c150fcddb -r 18789a007741 audio/libaudiofile/Makefile
--- a/audio/libaudiofile/Makefile       Wed Jan 21 14:19:14 2009 +0000
+++ b/audio/libaudiofile/Makefile       Wed Jan 21 15:19:27 2009 +0000
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.42 2008/05/25 14:45:16 tron Exp $
+# $NetBSD: Makefile,v 1.43 2009/01/21 15:19:27 drochner Exp $
 
 DISTNAME=              audiofile-0.2.6
 PKGNAME=               lib${DISTNAME}
-PKGREVISION=           1
+PKGREVISION=           2
 CATEGORIES=            audio
 MASTER_SITES=          http://www.68k.org/~michael/audiofile/ \
                        ${MASTER_SITE_GNOME:=sources/audiofile/0.2/}
diff -r 184c150fcddb -r 18789a007741 audio/libaudiofile/distinfo
--- a/audio/libaudiofile/distinfo       Wed Jan 21 14:19:14 2009 +0000
+++ b/audio/libaudiofile/distinfo       Wed Jan 21 15:19:27 2009 +0000
@@ -1,7 +1,9 @@
-$NetBSD: distinfo,v 1.11 2005/04/27 08:59:41 wiz Exp $
+$NetBSD: distinfo,v 1.12 2009/01/21 15:19:27 drochner Exp $
 
 SHA1 (audiofile-0.2.6.tar.gz) = 94a6ab8e5122bc1971cf186e5a52d032811c9bc5
 RMD160 (audiofile-0.2.6.tar.gz) = b61fbc856768a5838ca5c0fad602f35205e8d037
 Size (audiofile-0.2.6.tar.gz) = 374688 bytes
 SHA1 (patch-aa) = 7c498a63fe055f1f7e16f45f655341a9b6708f71
 SHA1 (patch-ab) = cd292a827aa18b9839305b2c62c3dbd526384430
+SHA1 (patch-ac) = 7f3f10988bb198a1d673147098fee89de3dbcde4
+SHA1 (patch-ad) = 0986c009c104c18c5a85c847c53213756cf0c8a5
diff -r 184c150fcddb -r 18789a007741 audio/libaudiofile/patches/patch-ac
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/audio/libaudiofile/patches/patch-ac       Wed Jan 21 15:19:27 2009 +0000
@@ -0,0 +1,24 @@
+$NetBSD: patch-ac,v 1.1 2009/01/21 15:19:27 drochner Exp $
+
+--- libaudiofile/modules/msadpcm.c.orig        2004-03-06 07:39:23.000000000 +0100
++++ libaudiofile/modules/msadpcm.c
+@@ -129,8 +129,7 @@ static int ms_adpcm_decode_block (ms_adp
+       ms_adpcm_state  *state[2];
+ 
+       /* Calculate the number of bytes needed for decoded data. */
+-      outputLength = msadpcm->samplesPerBlock * sizeof (int16_t) *
+-              msadpcm->track->f.channelCount;
++      outputLength = msadpcm->samplesPerBlock * sizeof (int16_t);
+ 
+       channelCount = msadpcm->track->f.channelCount;
+ 
+@@ -180,8 +179,7 @@ static int ms_adpcm_decode_block (ms_adp
+               The first two samples have already been 'decoded' in
+               the block header.
+       */
+-      samplesRemaining = (msadpcm->samplesPerBlock - 2) *
+-              msadpcm->track->f.channelCount;
++      samplesRemaining = msadpcm->samplesPerBlock - (2 * channelCount);
+ 
+       while (samplesRemaining > 0)
+       {
diff -r 184c150fcddb -r 18789a007741 audio/libaudiofile/patches/patch-ad
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/audio/libaudiofile/patches/patch-ad       Wed Jan 21 15:19:27 2009 +0000
@@ -0,0 +1,27 @@
+$NetBSD: patch-ad,v 1.1 2009/01/21 15:19:27 drochner Exp $
+
+--- libaudiofile/wave.c.orig   2004-03-06 07:39:23.000000000 +0100
++++ libaudiofile/wave.c
+@@ -220,7 +220,8 @@ static status ParseFormat (AFfilehandle 
+                       extraByteCount = LENDIAN_TO_HOST_INT16(extraByteCount);
+ 
+                       af_fread(&samplesPerBlock, 1, 2, fp);
+-                      samplesPerBlock = LENDIAN_TO_HOST_INT16(samplesPerBlock);
++                      samplesPerBlock = LENDIAN_TO_HOST_INT16(samplesPerBlock)
++                              * track->f.channelCount;
+ 
+                       af_fread(&numCoefficients, 1, 2, fp);
+                       numCoefficients = LENDIAN_TO_HOST_INT16(numCoefficients);
+@@ -281,6 +282,12 @@ static status ParseFormat (AFfilehandle 
+                       u_int16_t       bitsPerSample, extraByteCount,
+                                       samplesPerBlock;
+ 
++                      if (track->f.channelCount != 1) {
++                              _af_error(AF_BAD_CHANNELS,
++                                      "WAVE file with IMA compression: "
++                                      "can only handle 1 channel");
++                      }
++
+                       af_fread(&bitsPerSample, 1, 2, fp);
+                       bitsPerSample = LENDIAN_TO_HOST_INT16(bitsPerSample);
+

Prev by Date: [pkgsrc/trunk]: pkgsrc/lang/mono Fix PLIST by adding monodoc entries. From abs@
Next by Date: [pkgsrc/trunk]: pkgsrc/print/teTeX3-bin make sure teTeX3 compiles even if flo...
Previous by Thread: [pkgsrc/trunk]: pkgsrc/lang/mono Fix PLIST by adding monodoc entries. From abs@
Next by Thread: [pkgsrc/trunk]: pkgsrc/print/teTeX3-bin make sure teTeX3 compiles even if flo...
Indexes:

Home | Main Index | Thread Index | Old Index