Overview

File wavpack-CVE-2022-2476.patch of Package wavpack.25158

From 25b4a2725d8568212e7cf89ca05ca29d128af7ac Mon Sep 17 00:00:00 2001
From: David Bryant <david@wavpack.com>
Date: Tue, 5 Jul 2022 18:58:19 -0700
Subject: [PATCH] issue #121: NULL pointer dereference in wvunpack.c

* check for NULL pointer before dereferencing in wvunpack.c
* sanitize custom extensions to be alphanumeric only
---
 ChangeLog        |  5 +++++
 cli/wvunpack.c   |  6 ++++--
 src/open_utils.c | 10 ++++++++--
 3 files changed, 17 insertions(+), 4 deletions(-)

Index: wavpack-5.4.0/cli/wvunpack.c
===================================================================
--- wavpack-5.4.0.orig/cli/wvunpack.c
+++ wavpack-5.4.0/cli/wvunpack.c
@@ -830,8 +830,10 @@ int main(int argc, char **argv)
 
             // clean up in preparation for potentially another file
 
-            if (outpath)
-                *filespec_name (outfilename) = '\0';
+            if (outpath) {
+                if (filespec_name (outfilename))
+                    *filespec_name (outfilename) = '\0';
+            }
             else if (*outfilename != '-') {
                 free (outfilename);
                 outfilename = NULL;
openSUSE Build Service is sponsored by
Places