Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Evergreen:11.1
libsndfile
libsndfile-CVE-2011-2696.diff
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File libsndfile-CVE-2011-2696.diff of Package libsndfile
diff --git a/src/common.h b/src/common.h index 30367fb..b6466b2 100644 --- a/src/common.h +++ b/src/common.h @@ -454,6 +454,7 @@ enum SFE_PAF_VERSION, SFE_PAF_UNKNOWN_FORMAT, SFE_PAF_SHORT_HEADER, + SFE_PAF_BAD_CHANNELS, SFE_SVX_NO_FORM, SFE_SVX_NO_BODY, diff --git a/src/paf.c b/src/paf.c index d98263c..12a46bf 100644 --- a/src/paf.c +++ b/src/paf.c @@ -163,6 +163,9 @@ paf_read_header (SF_PRIVATE *psf) { PAF_FMT paf_fmt ; int marker ; + if (psf->filelength < PAF_HEADER_LENGTH) + return SFE_PAF_SHORT_HEADER ; + memset (&paf_fmt, 0, sizeof (paf_fmt)) ; psf_binheader_readf (psf, "pm", 0, &marker) ; @@ -199,8 +202,8 @@ paf_read_header (SF_PRIVATE *psf) psf->endian = SF_ENDIAN_BIG ; } ; - if (psf->filelength < PAF_HEADER_LENGTH) - return SFE_PAF_SHORT_HEADER ; + if (paf_fmt.channels > 256) + return SFE_PAF_BAD_CHANNELS ; psf->datalength = psf->filelength - psf->dataoffset ; diff --git a/src/sndfile.c b/src/sndfile.c index 93a2974..a06fb67 100644 --- a/src/sndfile.c +++ b/src/sndfile.c @@ -146,6 +146,7 @@ ErrorStruct SndfileErrors [] = { SFE_PAF_VERSION , "Error in PAF file, bad version." }, { SFE_PAF_UNKNOWN_FORMAT , "Error in PAF file, unknown format." }, { SFE_PAF_SHORT_HEADER , "Error in PAF file. File shorter than minimal header." }, + { SFE_PAF_BAD_CHANNELS , "Error in PAF file. Bad channel count." }, { SFE_SVX_NO_FORM , "Error in 8SVX / 16SV file, no 'FORM' marker." }, { SFE_SVX_NO_BODY , "Error in 8SVX / 16SV file, no 'BODY' marker." },
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor