audiofile/patches/audiofile-0.3.6-CVE-2015-7747.patch

Description: fix buffer overflow when changing both sample format and
 number of channels
Origin: https://github.com/mpruett/audiofile/pull/25
Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/audiofile/+bug/1502721
Bug-Debian: https://bugs.debian.org/801102

--- a/libaudiofile/modules/ModuleState.cpp
+++ b/libaudiofile/modules/ModuleState.cpp
@@ -402,7 +402,7 @@ status ModuleState::arrange(AFfilehandle
 		addModule(new Transform(outfc, in.pcm, out.pcm));
 
 	if (in.channelCount != out.channelCount)
-		addModule(new ApplyChannelMatrix(infc, isReading,
+		addModule(new ApplyChannelMatrix(outfc, isReading,
 			in.channelCount, out.channelCount,
 			in.pcm.minClip, in.pcm.maxClip,
 			track->channelMatrix));
--- a/test/Makefile.am
+++ b/test/Makefile.am
@@ -26,6 +26,7 @@ TESTS = \
 	VirtualFile \
 	floatto24 \
 	query2 \
+	sixteen-stereo-to-eight-mono \
 	sixteen-to-eight \
 	testchannelmatrix \
 	testdouble \
@@ -139,6 +140,7 @@ printmarkers_SOURCES = printmarkers.c
 printmarkers_LDADD = $(LIBAUDIOFILE) -lm
 
 sixteen_to_eight_SOURCES = sixteen-to-eight.c TestUtilities.cpp TestUtilities.h
+sixteen_stereo_to_eight_mono_SOURCES = sixteen-stereo-to-eight-mono.c TestUtilities.cpp TestUtilities.h
 
 testchannelmatrix_SOURCES = testchannelmatrix.c TestUtilities.cpp TestUtilities.h
 
--- /dev/null
+++ b/test/sixteen-stereo-to-eight-mono.c
@@ -0,0 +1,118 @@
+/*
+	Audio File Library
+
+	Copyright 2000, Silicon Graphics, Inc.
+
+	This program is free software; you can redistribute it and/or modify
+	it under the terms of the GNU General Public License as published by
+	the Free Software Foundation; either version 2 of the License, or
+	(at your option) any later version.
+
+	This program is distributed in the hope that it will be useful,
+	but WITHOUT ANY WARRANTY; without even the implied warranty of
+	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+	GNU General Public License for more details.
+
+	You should have received a copy of the GNU General Public License along
+	with this program; if not, write to the Free Software Foundation, Inc.,
+	51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+*/
+
+/*
+	sixteen-stereo-to-eight-mono.c
+
+	This program tests the conversion from 2-channel 16-bit integers to
+	1-channel 8-bit	integers.
+*/
+
+#ifdef HAVE_CONFIG_H
+#include <config.h>
+#endif
+
+#include <stdint.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+#include <limits.h>
+
+#include <audiofile.h>
+
+#include "TestUtilities.h"
+
+int main (int argc, char **argv)
+{
+	AFfilehandle file;
+	AFfilesetup setup;
+	int16_t frames16[] = {14298, 392, 3923, -683, 958, -1921};
+	int8_t frames8[] = {28, 6, -2};
+	int i, frameCount = 3;
+	int8_t byte;
+	AFframecount result;
+
+	setup = afNewFileSetup();
+
+	afInitFileFormat(setup, AF_FILE_WAVE);
+
+	afInitSampleFormat(setup, AF_DEFAULT_TRACK, AF_SAMPFMT_TWOSCOMP, 16);
+	afInitChannels(setup, AF_DEFAULT_TRACK, 2);
+
+	char *testFileName;
+	if (!createTemporaryFile("sixteen-to-eight", &testFileName))
+	{
+		fprintf(stderr, "Could not create temporary file.\n");
+		exit(EXIT_FAILURE);
+	}
+
+	file = afOpenFile(testFileName, "w", setup);
+	if (file == AF_NULL_FILEHANDLE)
+	{
+		fprintf(stderr, "could not open file for writing\n");
+		exit(EXIT_FAILURE);
+	}
+
+	afFreeFileSetup(setup);
+
+	afWriteFrames(file, AF_DEFAULT_TRACK, frames16, frameCount);
+
+	afCloseFile(file);
+
+	file = afOpenFile(testFileName, "r", AF_NULL_FILESETUP);
+	if (file == AF_NULL_FILEHANDLE)
+	{
+		fprintf(stderr, "could not open file for reading\n");
+		exit(EXIT_FAILURE);
+	}
+
+	afSetVirtualSampleFormat(file, AF_DEFAULT_TRACK, AF_SAMPFMT_TWOSCOMP, 8);
+	afSetVirtualChannels(file, AF_DEFAULT_TRACK, 1);
+
+	for (i=0; i<frameCount; i++)
+	{
+		/* Read one frame. */
+		result = afReadFrames(file, AF_DEFAULT_TRACK, &byte, 1);
+
+		if (result != 1)
+			break;
+
+		/* Compare the byte read with its precalculated value. */
+		if (memcmp(&byte, &frames8[i], 1) != 0)
+		{
+			printf("error\n");
+			printf("expected %d, got %d\n", frames8[i], byte);
+			exit(EXIT_FAILURE);
+		}
+		else
+		{
+#ifdef DEBUG
+			printf("got what was expected: %d\n", byte);
+#endif
+		}
+	}
+
+	afCloseFile(file);
+	unlink(testFileName);
+	free(testFileName);
+
+	exit(EXIT_SUCCESS);
+}
1	niro	3077	Description: fix buffer overflow when changing both sample format and
2			number of channels
3			Origin: https://github.com/mpruett/audiofile/pull/25
4			Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/audiofile/+bug/1502721
5			Bug-Debian: https://bugs.debian.org/801102
6
7			--- a/libaudiofile/modules/ModuleState.cpp
8			+++ b/libaudiofile/modules/ModuleState.cpp
9			@@ -402,7 +402,7 @@ status ModuleState::arrange(AFfilehandle
10			addModule(new Transform(outfc, in.pcm, out.pcm));
11
12			if (in.channelCount != out.channelCount)
13			- addModule(new ApplyChannelMatrix(infc, isReading,
14			+ addModule(new ApplyChannelMatrix(outfc, isReading,
15			in.channelCount, out.channelCount,
16			in.pcm.minClip, in.pcm.maxClip,
17			track->channelMatrix));
18			--- a/test/Makefile.am
19			+++ b/test/Makefile.am
20			@@ -26,6 +26,7 @@ TESTS = \
21			VirtualFile \
22			floatto24 \
23			query2 \
24			+ sixteen-stereo-to-eight-mono \
25			sixteen-to-eight \
26			testchannelmatrix \
27			testdouble \
28			@@ -139,6 +140,7 @@ printmarkers_SOURCES = printmarkers.c
29			printmarkers_LDADD = $(LIBAUDIOFILE) -lm
30
31			sixteen_to_eight_SOURCES = sixteen-to-eight.c TestUtilities.cpp TestUtilities.h
32			+sixteen_stereo_to_eight_mono_SOURCES = sixteen-stereo-to-eight-mono.c TestUtilities.cpp TestUtilities.h
33
34			testchannelmatrix_SOURCES = testchannelmatrix.c TestUtilities.cpp TestUtilities.h
35
36			--- /dev/null
37			+++ b/test/sixteen-stereo-to-eight-mono.c
38			@@ -0,0 +1,118 @@
39			+/*
40			+ Audio File Library
41			+
42			+ Copyright 2000, Silicon Graphics, Inc.
43			+
44			+ This program is free software; you can redistribute it and/or modify
45			+ it under the terms of the GNU General Public License as published by
46			+ the Free Software Foundation; either version 2 of the License, or
47			+ (at your option) any later version.
48			+
49			+ This program is distributed in the hope that it will be useful,
50			+ but WITHOUT ANY WARRANTY; without even the implied warranty of
51			+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
52			+ GNU General Public License for more details.
53			+
54			+ You should have received a copy of the GNU General Public License along
55			+ with this program; if not, write to the Free Software Foundation, Inc.,
56			+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
57			+*/
58			+
59			+/*
60			+ sixteen-stereo-to-eight-mono.c
61			+
62			+ This program tests the conversion from 2-channel 16-bit integers to
63			+ 1-channel 8-bit integers.
64			+*/
65			+
66			+#ifdef HAVE_CONFIG_H
67			+#include <config.h>
68			+#endif
69			+
70			+#include <stdint.h>
71			+#include <stdio.h>
72			+#include <stdlib.h>
73			+#include <string.h>
74			+#include <unistd.h>
75			+#include <limits.h>
76			+
77			+#include <audiofile.h>
78			+
79			+#include "TestUtilities.h"
80			+
81			+int main (int argc, char **argv)
82			+{
83			+ AFfilehandle file;
84			+ AFfilesetup setup;
85			+ int16_t frames16[] = {14298, 392, 3923, -683, 958, -1921};
86			+ int8_t frames8[] = {28, 6, -2};
87			+ int i, frameCount = 3;
88			+ int8_t byte;
89			+ AFframecount result;
90			+
91			+ setup = afNewFileSetup();
92			+
93			+ afInitFileFormat(setup, AF_FILE_WAVE);
94			+
95			+ afInitSampleFormat(setup, AF_DEFAULT_TRACK, AF_SAMPFMT_TWOSCOMP, 16);
96			+ afInitChannels(setup, AF_DEFAULT_TRACK, 2);
97			+
98			+ char *testFileName;
99			+ if (!createTemporaryFile("sixteen-to-eight", &testFileName))
100			+ {
101			+ fprintf(stderr, "Could not create temporary file.\n");
102			+ exit(EXIT_FAILURE);
103			+ }
104			+
105			+ file = afOpenFile(testFileName, "w", setup);
106			+ if (file == AF_NULL_FILEHANDLE)
107			+ {
108			+ fprintf(stderr, "could not open file for writing\n");
109			+ exit(EXIT_FAILURE);
110			+ }
111			+
112			+ afFreeFileSetup(setup);
113			+
114			+ afWriteFrames(file, AF_DEFAULT_TRACK, frames16, frameCount);
115			+
116			+ afCloseFile(file);
117			+
118			+ file = afOpenFile(testFileName, "r", AF_NULL_FILESETUP);
119			+ if (file == AF_NULL_FILEHANDLE)
120			+ {
121			+ fprintf(stderr, "could not open file for reading\n");
122			+ exit(EXIT_FAILURE);
123			+ }
124			+
125			+ afSetVirtualSampleFormat(file, AF_DEFAULT_TRACK, AF_SAMPFMT_TWOSCOMP, 8);
126			+ afSetVirtualChannels(file, AF_DEFAULT_TRACK, 1);
127			+
128			+ for (i=0; i<frameCount; i++)
129			+ {
130			+ /* Read one frame. */
131			+ result = afReadFrames(file, AF_DEFAULT_TRACK, &byte, 1);
132			+
133			+ if (result != 1)
134			+ break;
135			+
136			+ /* Compare the byte read with its precalculated value. */
137			+ if (memcmp(&byte, &frames8[i], 1) != 0)
138			+ {
139			+ printf("error\n");
140			+ printf("expected %d, got %d\n", frames8[i], byte);
141			+ exit(EXIT_FAILURE);
142			+ }
143			+ else
144			+ {
145			+#ifdef DEBUG
146			+ printf("got what was expected: %d\n", byte);
147			+#endif
148			+ }
149			+ }
150			+
151			+ afCloseFile(file);
152			+ unlink(testFileName);
153			+ free(testFileName);
154			+
155			+ exit(EXIT_SUCCESS);
156			+}