File wavpack-CVE-2020-35738.patch of Package wavpack.25158

+++ a/src/wputils.c
Index: wavpack-4.70.0/src/wputils.c
===================================================================
--- wavpack-4.70.0.orig/src/wputils.c	2021-03-16 11:48:14.767189525 +0100
+++ wavpack-4.70.0/src/wputils.c	2021-03-16 12:12:13.722917470 +0100
@@ -942,8 +942,18 @@ int WavpackSetConfiguration (WavpackCont
     int num_chans = config->num_channels;
     int i;
 
-    if (!config->sample_rate) {
-        strcpy (wpc->error_message, "sample rate cannot be zero!");
+    if (config->sample_rate <= 0) {
+        strcpy (wpc->error_message, "sample rate cannot be zero or negative!");
+        return FALSE;
+    }
+
+    if (num_chans <= 0 || num_chans > NEW_MAX_STREAMS * 2) {
+        strcpy (wpc->error_message, "invalid channel count!");
+        return FALSE;
+    }
+
+    if (config->block_samples && (config->block_samples < 16 || config->block_samples > 131072)) {
+        strcpy (wpc->error_message, "invalid custom block samples!");
         return FALSE;
     }
 
@@ -1096,10 +1106,10 @@ int WavpackPackInit (WavpackContext *wpc
     else
         wpc->block_samples = wpc->config.sample_rate;
 
-    while (wpc->block_samples * wpc->config.num_channels > 150000)
+    while ((int64_t) wpc->block_samples * wpc->config.num_channels > 150000)
         wpc->block_samples /= 2;
 
-    while (wpc->block_samples * wpc->config.num_channels < 40000)
+    while ((int64_t) wpc->block_samples * wpc->config.num_channels < 40000)
         wpc->block_samples *= 2;
 
     if (wpc->config.block_samples) {
Places

File wavpack-CVE-2020-35738.patch of Package wavpack.25158

Places
