Annotation of /trunk/audiofile/patches/audiofile-0.3.6-CVE-2015-7747.patch
Parent Directory | Revision Log
Revision 3077 -
(hide annotations)
(download)
Mon Jan 22 12:38:50 2018 UTC (6 years, 8 months ago) by niro
File size: 4300 byte(s)
Mon Jan 22 12:38:50 2018 UTC (6 years, 8 months ago) by niro
File size: 4300 byte(s)
-added several security and build fixes
1 | niro | 3077 | Description: fix buffer overflow when changing both sample format and |
2 | number of channels | ||
3 | Origin: https://github.com/mpruett/audiofile/pull/25 | ||
4 | Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/audiofile/+bug/1502721 | ||
5 | Bug-Debian: https://bugs.debian.org/801102 | ||
6 | |||
7 | --- a/libaudiofile/modules/ModuleState.cpp | ||
8 | +++ b/libaudiofile/modules/ModuleState.cpp | ||
9 | @@ -402,7 +402,7 @@ status ModuleState::arrange(AFfilehandle | ||
10 | addModule(new Transform(outfc, in.pcm, out.pcm)); | ||
11 | |||
12 | if (in.channelCount != out.channelCount) | ||
13 | - addModule(new ApplyChannelMatrix(infc, isReading, | ||
14 | + addModule(new ApplyChannelMatrix(outfc, isReading, | ||
15 | in.channelCount, out.channelCount, | ||
16 | in.pcm.minClip, in.pcm.maxClip, | ||
17 | track->channelMatrix)); | ||
18 | --- a/test/Makefile.am | ||
19 | +++ b/test/Makefile.am | ||
20 | @@ -26,6 +26,7 @@ TESTS = \ | ||
21 | VirtualFile \ | ||
22 | floatto24 \ | ||
23 | query2 \ | ||
24 | + sixteen-stereo-to-eight-mono \ | ||
25 | sixteen-to-eight \ | ||
26 | testchannelmatrix \ | ||
27 | testdouble \ | ||
28 | @@ -139,6 +140,7 @@ printmarkers_SOURCES = printmarkers.c | ||
29 | printmarkers_LDADD = $(LIBAUDIOFILE) -lm | ||
30 | |||
31 | sixteen_to_eight_SOURCES = sixteen-to-eight.c TestUtilities.cpp TestUtilities.h | ||
32 | +sixteen_stereo_to_eight_mono_SOURCES = sixteen-stereo-to-eight-mono.c TestUtilities.cpp TestUtilities.h | ||
33 | |||
34 | testchannelmatrix_SOURCES = testchannelmatrix.c TestUtilities.cpp TestUtilities.h | ||
35 | |||
36 | --- /dev/null | ||
37 | +++ b/test/sixteen-stereo-to-eight-mono.c | ||
38 | @@ -0,0 +1,118 @@ | ||
39 | +/* | ||
40 | + Audio File Library | ||
41 | + | ||
42 | + Copyright 2000, Silicon Graphics, Inc. | ||
43 | + | ||
44 | + This program is free software; you can redistribute it and/or modify | ||
45 | + it under the terms of the GNU General Public License as published by | ||
46 | + the Free Software Foundation; either version 2 of the License, or | ||
47 | + (at your option) any later version. | ||
48 | + | ||
49 | + This program is distributed in the hope that it will be useful, | ||
50 | + but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
51 | + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||
52 | + GNU General Public License for more details. | ||
53 | + | ||
54 | + You should have received a copy of the GNU General Public License along | ||
55 | + with this program; if not, write to the Free Software Foundation, Inc., | ||
56 | + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. | ||
57 | +*/ | ||
58 | + | ||
59 | +/* | ||
60 | + sixteen-stereo-to-eight-mono.c | ||
61 | + | ||
62 | + This program tests the conversion from 2-channel 16-bit integers to | ||
63 | + 1-channel 8-bit integers. | ||
64 | +*/ | ||
65 | + | ||
66 | +#ifdef HAVE_CONFIG_H | ||
67 | +#include <config.h> | ||
68 | +#endif | ||
69 | + | ||
70 | +#include <stdint.h> | ||
71 | +#include <stdio.h> | ||
72 | +#include <stdlib.h> | ||
73 | +#include <string.h> | ||
74 | +#include <unistd.h> | ||
75 | +#include <limits.h> | ||
76 | + | ||
77 | +#include <audiofile.h> | ||
78 | + | ||
79 | +#include "TestUtilities.h" | ||
80 | + | ||
81 | +int main (int argc, char **argv) | ||
82 | +{ | ||
83 | + AFfilehandle file; | ||
84 | + AFfilesetup setup; | ||
85 | + int16_t frames16[] = {14298, 392, 3923, -683, 958, -1921}; | ||
86 | + int8_t frames8[] = {28, 6, -2}; | ||
87 | + int i, frameCount = 3; | ||
88 | + int8_t byte; | ||
89 | + AFframecount result; | ||
90 | + | ||
91 | + setup = afNewFileSetup(); | ||
92 | + | ||
93 | + afInitFileFormat(setup, AF_FILE_WAVE); | ||
94 | + | ||
95 | + afInitSampleFormat(setup, AF_DEFAULT_TRACK, AF_SAMPFMT_TWOSCOMP, 16); | ||
96 | + afInitChannels(setup, AF_DEFAULT_TRACK, 2); | ||
97 | + | ||
98 | + char *testFileName; | ||
99 | + if (!createTemporaryFile("sixteen-to-eight", &testFileName)) | ||
100 | + { | ||
101 | + fprintf(stderr, "Could not create temporary file.\n"); | ||
102 | + exit(EXIT_FAILURE); | ||
103 | + } | ||
104 | + | ||
105 | + file = afOpenFile(testFileName, "w", setup); | ||
106 | + if (file == AF_NULL_FILEHANDLE) | ||
107 | + { | ||
108 | + fprintf(stderr, "could not open file for writing\n"); | ||
109 | + exit(EXIT_FAILURE); | ||
110 | + } | ||
111 | + | ||
112 | + afFreeFileSetup(setup); | ||
113 | + | ||
114 | + afWriteFrames(file, AF_DEFAULT_TRACK, frames16, frameCount); | ||
115 | + | ||
116 | + afCloseFile(file); | ||
117 | + | ||
118 | + file = afOpenFile(testFileName, "r", AF_NULL_FILESETUP); | ||
119 | + if (file == AF_NULL_FILEHANDLE) | ||
120 | + { | ||
121 | + fprintf(stderr, "could not open file for reading\n"); | ||
122 | + exit(EXIT_FAILURE); | ||
123 | + } | ||
124 | + | ||
125 | + afSetVirtualSampleFormat(file, AF_DEFAULT_TRACK, AF_SAMPFMT_TWOSCOMP, 8); | ||
126 | + afSetVirtualChannels(file, AF_DEFAULT_TRACK, 1); | ||
127 | + | ||
128 | + for (i=0; i<frameCount; i++) | ||
129 | + { | ||
130 | + /* Read one frame. */ | ||
131 | + result = afReadFrames(file, AF_DEFAULT_TRACK, &byte, 1); | ||
132 | + | ||
133 | + if (result != 1) | ||
134 | + break; | ||
135 | + | ||
136 | + /* Compare the byte read with its precalculated value. */ | ||
137 | + if (memcmp(&byte, &frames8[i], 1) != 0) | ||
138 | + { | ||
139 | + printf("error\n"); | ||
140 | + printf("expected %d, got %d\n", frames8[i], byte); | ||
141 | + exit(EXIT_FAILURE); | ||
142 | + } | ||
143 | + else | ||
144 | + { | ||
145 | +#ifdef DEBUG | ||
146 | + printf("got what was expected: %d\n", byte); | ||
147 | +#endif | ||
148 | + } | ||
149 | + } | ||
150 | + | ||
151 | + afCloseFile(file); | ||
152 | + unlink(testFileName); | ||
153 | + free(testFileName); | ||
154 | + | ||
155 | + exit(EXIT_SUCCESS); | ||
156 | +} |