/[pkg-src]/trunk/audiofile/patches/audiofile-0.3.6-Check-for-multiplication-overflow-in-MSADPCM-decodeSam.patch |
Contents of /trunk/audiofile/patches/audiofile-0.3.6-Check-for-multiplication-overflow-in-MSADPCM-decodeSam.patch
Parent Directory | Revision Log
Revision 3077 -
(show annotations)
(download)
Mon Jan 22 12:38:50 2018 UTC (6 years, 8 months ago) by niro
File size: 3707 byte(s)
Mon Jan 22 12:38:50 2018 UTC (6 years, 8 months ago) by niro
File size: 3707 byte(s)
-added several security and build fixes
1 | From: Antonio Larrosa <larrosa@kde.org> |
2 | Date: Mon, 6 Mar 2017 13:43:53 +0100 |
3 | Subject: Check for multiplication overflow in MSADPCM decodeSample |
4 | |
5 | Check for multiplication overflow (using __builtin_mul_overflow |
6 | if available) in MSADPCM.cpp decodeSample and return an empty |
7 | decoded block if an error occurs. |
8 | |
9 | This fixes the 00193-audiofile-signintoverflow-MSADPCM case of #41 |
10 | --- |
11 | libaudiofile/modules/BlockCodec.cpp | 5 ++-- |
12 | libaudiofile/modules/MSADPCM.cpp | 47 +++++++++++++++++++++++++++++++++---- |
13 | 2 files changed, 46 insertions(+), 6 deletions(-) |
14 | |
15 | diff --git a/libaudiofile/modules/BlockCodec.cpp b/libaudiofile/modules/BlockCodec.cpp |
16 | index 45925e8..4731be1 100644 |
17 | --- a/libaudiofile/modules/BlockCodec.cpp |
18 | +++ b/libaudiofile/modules/BlockCodec.cpp |
19 | @@ -52,8 +52,9 @@ void BlockCodec::runPull() |
20 | // Decompress into m_outChunk. |
21 | for (int i=0; i<blocksRead; i++) |
22 | { |
23 | - decodeBlock(static_cast<const uint8_t *>(m_inChunk->buffer) + i * m_bytesPerPacket, |
24 | - static_cast<int16_t *>(m_outChunk->buffer) + i * m_framesPerPacket * m_track->f.channelCount); |
25 | + if (decodeBlock(static_cast<const uint8_t *>(m_inChunk->buffer) + i * m_bytesPerPacket, |
26 | + static_cast<int16_t *>(m_outChunk->buffer) + i * m_framesPerPacket * m_track->f.channelCount)==0) |
27 | + break; |
28 | |
29 | framesRead += m_framesPerPacket; |
30 | } |
31 | diff --git a/libaudiofile/modules/MSADPCM.cpp b/libaudiofile/modules/MSADPCM.cpp |
32 | index 8ea3c85..ef9c38c 100644 |
33 | --- a/libaudiofile/modules/MSADPCM.cpp |
34 | +++ b/libaudiofile/modules/MSADPCM.cpp |
35 | @@ -101,24 +101,60 @@ static const int16_t adaptationTable[] = |
36 | 768, 614, 512, 409, 307, 230, 230, 230 |
37 | }; |
38 | |
39 | +int firstBitSet(int x) |
40 | +{ |
41 | + int position=0; |
42 | + while (x!=0) |
43 | + { |
44 | + x>>=1; |
45 | + ++position; |
46 | + } |
47 | + return position; |
48 | +} |
49 | + |
50 | +#ifndef __has_builtin |
51 | +#define __has_builtin(x) 0 |
52 | +#endif |
53 | + |
54 | +int multiplyCheckOverflow(int a, int b, int *result) |
55 | +{ |
56 | +#if (defined __GNUC__ && __GNUC__ >= 5) || ( __clang__ && __has_builtin(__builtin_mul_overflow)) |
57 | + return __builtin_mul_overflow(a, b, result); |
58 | +#else |
59 | + if (firstBitSet(a)+firstBitSet(b)>31) // int is signed, so we can't use 32 bits |
60 | + return true; |
61 | + *result = a * b; |
62 | + return false; |
63 | +#endif |
64 | +} |
65 | + |
66 | + |
67 | // Compute a linear PCM value from the given differential coded value. |
68 | static int16_t decodeSample(ms_adpcm_state &state, |
69 | - uint8_t code, const int16_t *coefficient) |
70 | + uint8_t code, const int16_t *coefficient, bool *ok=NULL) |
71 | { |
72 | int linearSample = (state.sample1 * coefficient[0] + |
73 | state.sample2 * coefficient[1]) >> 8; |
74 | + int delta; |
75 | |
76 | linearSample += ((code & 0x08) ? (code - 0x10) : code) * state.delta; |
77 | |
78 | linearSample = clamp(linearSample, MIN_INT16, MAX_INT16); |
79 | |
80 | - int delta = (state.delta * adaptationTable[code]) >> 8; |
81 | + if (multiplyCheckOverflow(state.delta, adaptationTable[code], &delta)) |
82 | + { |
83 | + if (ok) *ok=false; |
84 | + _af_error(AF_BAD_COMPRESSION, "Error decoding sample"); |
85 | + return 0; |
86 | + } |
87 | + delta >>= 8; |
88 | if (delta < 16) |
89 | delta = 16; |
90 | |
91 | state.delta = delta; |
92 | state.sample2 = state.sample1; |
93 | state.sample1 = linearSample; |
94 | + if (ok) *ok=true; |
95 | |
96 | return static_cast<int16_t>(linearSample); |
97 | } |
98 | @@ -212,13 +248,16 @@ int MSADPCM::decodeBlock(const uint8_t *encoded, int16_t *decoded) |
99 | { |
100 | uint8_t code; |
101 | int16_t newSample; |
102 | + bool ok; |
103 | |
104 | code = *encoded >> 4; |
105 | - newSample = decodeSample(*state[0], code, coefficient[0]); |
106 | + newSample = decodeSample(*state[0], code, coefficient[0], &ok); |
107 | + if (!ok) return 0; |
108 | *decoded++ = newSample; |
109 | |
110 | code = *encoded & 0x0f; |
111 | - newSample = decodeSample(*state[1], code, coefficient[1]); |
112 | + newSample = decodeSample(*state[1], code, coefficient[1], &ok); |
113 | + if (!ok) return 0; |
114 | *decoded++ = newSample; |
115 | |
116 | encoded++; |