/[pkg-src]/trunk/audiofile/patches/audiofile-0.3.6-Check-for-multiplication-overflow-in-MSADPCM-decodeSam.patch |
Annotation of /trunk/audiofile/patches/audiofile-0.3.6-Check-for-multiplication-overflow-in-MSADPCM-decodeSam.patch
Parent Directory | Revision Log
Revision 3077 -
(hide annotations)
(download)
Mon Jan 22 12:38:50 2018 UTC (6 years, 8 months ago) by niro
File size: 3707 byte(s)
Mon Jan 22 12:38:50 2018 UTC (6 years, 8 months ago) by niro
File size: 3707 byte(s)
-added several security and build fixes
1 | niro | 3077 | From: Antonio Larrosa <larrosa@kde.org> |
2 | Date: Mon, 6 Mar 2017 13:43:53 +0100 | ||
3 | Subject: Check for multiplication overflow in MSADPCM decodeSample | ||
4 | |||
5 | Check for multiplication overflow (using __builtin_mul_overflow | ||
6 | if available) in MSADPCM.cpp decodeSample and return an empty | ||
7 | decoded block if an error occurs. | ||
8 | |||
9 | This fixes the 00193-audiofile-signintoverflow-MSADPCM case of #41 | ||
10 | --- | ||
11 | libaudiofile/modules/BlockCodec.cpp | 5 ++-- | ||
12 | libaudiofile/modules/MSADPCM.cpp | 47 +++++++++++++++++++++++++++++++++---- | ||
13 | 2 files changed, 46 insertions(+), 6 deletions(-) | ||
14 | |||
15 | diff --git a/libaudiofile/modules/BlockCodec.cpp b/libaudiofile/modules/BlockCodec.cpp | ||
16 | index 45925e8..4731be1 100644 | ||
17 | --- a/libaudiofile/modules/BlockCodec.cpp | ||
18 | +++ b/libaudiofile/modules/BlockCodec.cpp | ||
19 | @@ -52,8 +52,9 @@ void BlockCodec::runPull() | ||
20 | // Decompress into m_outChunk. | ||
21 | for (int i=0; i<blocksRead; i++) | ||
22 | { | ||
23 | - decodeBlock(static_cast<const uint8_t *>(m_inChunk->buffer) + i * m_bytesPerPacket, | ||
24 | - static_cast<int16_t *>(m_outChunk->buffer) + i * m_framesPerPacket * m_track->f.channelCount); | ||
25 | + if (decodeBlock(static_cast<const uint8_t *>(m_inChunk->buffer) + i * m_bytesPerPacket, | ||
26 | + static_cast<int16_t *>(m_outChunk->buffer) + i * m_framesPerPacket * m_track->f.channelCount)==0) | ||
27 | + break; | ||
28 | |||
29 | framesRead += m_framesPerPacket; | ||
30 | } | ||
31 | diff --git a/libaudiofile/modules/MSADPCM.cpp b/libaudiofile/modules/MSADPCM.cpp | ||
32 | index 8ea3c85..ef9c38c 100644 | ||
33 | --- a/libaudiofile/modules/MSADPCM.cpp | ||
34 | +++ b/libaudiofile/modules/MSADPCM.cpp | ||
35 | @@ -101,24 +101,60 @@ static const int16_t adaptationTable[] = | ||
36 | 768, 614, 512, 409, 307, 230, 230, 230 | ||
37 | }; | ||
38 | |||
39 | +int firstBitSet(int x) | ||
40 | +{ | ||
41 | + int position=0; | ||
42 | + while (x!=0) | ||
43 | + { | ||
44 | + x>>=1; | ||
45 | + ++position; | ||
46 | + } | ||
47 | + return position; | ||
48 | +} | ||
49 | + | ||
50 | +#ifndef __has_builtin | ||
51 | +#define __has_builtin(x) 0 | ||
52 | +#endif | ||
53 | + | ||
54 | +int multiplyCheckOverflow(int a, int b, int *result) | ||
55 | +{ | ||
56 | +#if (defined __GNUC__ && __GNUC__ >= 5) || ( __clang__ && __has_builtin(__builtin_mul_overflow)) | ||
57 | + return __builtin_mul_overflow(a, b, result); | ||
58 | +#else | ||
59 | + if (firstBitSet(a)+firstBitSet(b)>31) // int is signed, so we can't use 32 bits | ||
60 | + return true; | ||
61 | + *result = a * b; | ||
62 | + return false; | ||
63 | +#endif | ||
64 | +} | ||
65 | + | ||
66 | + | ||
67 | // Compute a linear PCM value from the given differential coded value. | ||
68 | static int16_t decodeSample(ms_adpcm_state &state, | ||
69 | - uint8_t code, const int16_t *coefficient) | ||
70 | + uint8_t code, const int16_t *coefficient, bool *ok=NULL) | ||
71 | { | ||
72 | int linearSample = (state.sample1 * coefficient[0] + | ||
73 | state.sample2 * coefficient[1]) >> 8; | ||
74 | + int delta; | ||
75 | |||
76 | linearSample += ((code & 0x08) ? (code - 0x10) : code) * state.delta; | ||
77 | |||
78 | linearSample = clamp(linearSample, MIN_INT16, MAX_INT16); | ||
79 | |||
80 | - int delta = (state.delta * adaptationTable[code]) >> 8; | ||
81 | + if (multiplyCheckOverflow(state.delta, adaptationTable[code], &delta)) | ||
82 | + { | ||
83 | + if (ok) *ok=false; | ||
84 | + _af_error(AF_BAD_COMPRESSION, "Error decoding sample"); | ||
85 | + return 0; | ||
86 | + } | ||
87 | + delta >>= 8; | ||
88 | if (delta < 16) | ||
89 | delta = 16; | ||
90 | |||
91 | state.delta = delta; | ||
92 | state.sample2 = state.sample1; | ||
93 | state.sample1 = linearSample; | ||
94 | + if (ok) *ok=true; | ||
95 | |||
96 | return static_cast<int16_t>(linearSample); | ||
97 | } | ||
98 | @@ -212,13 +248,16 @@ int MSADPCM::decodeBlock(const uint8_t *encoded, int16_t *decoded) | ||
99 | { | ||
100 | uint8_t code; | ||
101 | int16_t newSample; | ||
102 | + bool ok; | ||
103 | |||
104 | code = *encoded >> 4; | ||
105 | - newSample = decodeSample(*state[0], code, coefficient[0]); | ||
106 | + newSample = decodeSample(*state[0], code, coefficient[0], &ok); | ||
107 | + if (!ok) return 0; | ||
108 | *decoded++ = newSample; | ||
109 | |||
110 | code = *encoded & 0x0f; | ||
111 | - newSample = decodeSample(*state[1], code, coefficient[1]); | ||
112 | + newSample = decodeSample(*state[1], code, coefficient[1], &ok); | ||
113 | + if (!ok) return 0; | ||
114 | *decoded++ = newSample; | ||
115 | |||
116 | encoded++; |