summaryrefslogtreecommitdiff
path: root/audio/libsndfile/patches/patch-ae
diff options
context:
space:
mode:
Diffstat (limited to 'audio/libsndfile/patches/patch-ae')
-rw-r--r--audio/libsndfile/patches/patch-ae56
1 files changed, 56 insertions, 0 deletions
diff --git a/audio/libsndfile/patches/patch-ae b/audio/libsndfile/patches/patch-ae
new file mode 100644
index 00000000000..99248a01487
--- /dev/null
+++ b/audio/libsndfile/patches/patch-ae
@@ -0,0 +1,56 @@
+$NetBSD: patch-ae,v 1.7.2.2 2009/06/08 21:05:22 spz Exp $
+
+Upstream fix for DoS vulnerability taken from here:
+
+http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=530831
+
+--- src/sds.c.orig 2009-03-22 19:17:14.000000000 +0000
++++ src/sds.c 2009-06-08 10:03:02.000000000 +0100
+@@ -219,21 +219,40 @@
+ if (marker != 0xF07E || byte != 0x01)
+ return SFE_SDS_NOT_SDS ;
+
+- psf_log_printf (psf, "Midi Sample Dump Standard (.sds)\nF07E\n Midi Channel : %d\n", channel) ;
++ bytesread += psf_binheader_readf (psf, "e2", &sample_no) ;
++ sample_no = SDS_3BYTE_TO_INT_DECODE (sample_no) ;
+
+- bytesread += psf_binheader_readf (psf, "e213", &sample_no, &bitwidth, &samp_period) ;
++ psf_log_printf (psf, "Midi Sample Dump Standard (.sds)\nF07E\n"
++ " Midi Channel : %d\n Sample Number : %d\n",
++ channel, sample_no) ;
++
++ bytesread += psf_binheader_readf (psf, "e13", &bitwidth, &samp_period) ;
+
+- sample_no = SDS_3BYTE_TO_INT_DECODE (sample_no) ;
+ samp_period = SDS_3BYTE_TO_INT_DECODE (samp_period) ;
+
+ psds->bitwidth = bitwidth ;
+
+- psf->sf.samplerate = 1000000000 / samp_period ;
++ if (psds->bitwidth > 1)
++ psf_log_printf (psf, " Bit Width : %d\n", psds->bitwidth) ;
++ else
++ { psf_log_printf (psf, " Bit Width : %d (should be > 1)\n", psds->bitwidth) ;
++ return SFE_SDS_BAD_BIT_WIDTH ;
++ } ;
++
++ if (samp_period > 0)
++ { psf->sf.samplerate = 1000000000 / samp_period ;
+
+- psf_log_printf (psf, " Sample Number : %d\n"
+- " Bit Width : %d\n"
++ psf_log_printf (psf, " Sample Period : %d\n"
+ " Sample Rate : %d\n",
+- sample_no, psds->bitwidth, psf->sf.samplerate) ;
++ samp_period, psf->sf.samplerate) ;
++ }
++ else
++ { psf->sf.samplerate = 16000 ;
++
++ psf_log_printf (psf, " Sample Period : %d (should be > 0)\n"
++ " Sample Rate : %d (guessed)\n",
++ samp_period, psf->sf.samplerate) ;
++ } ;
+
+ bytesread += psf_binheader_readf (psf, "e3331", &data_length, &sustain_loop_start, &sustain_loop_end, &loop_type) ;
+
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-24 07:09:20 +0000