File libsndfile-CVE-2011-2696.diff of Package libsndfile

Overview Repositories Revisions Requests Users Attributes Meta

File libsndfile-CVE-2011-2696.diff of Package libsndfile

=== modified file 'ChangeLog'
---
 src/common.h  |    1 +
 src/paf.c     |    7 +++++--
 src/sndfile.c |    1 +
 3 files changed, 7 insertions(+), 2 deletions(-)

--- a/src/common.h
+++ b/src/common.h
@@ -557,6 +557,7 @@
 	SFE_PAF_VERSION,
 	SFE_PAF_UNKNOWN_FORMAT,
 	SFE_PAF_SHORT_HEADER,
+	SFE_PAF_BAD_CHANNELS,
 
 	SFE_SVX_NO_FORM,
 	SFE_SVX_NO_BODY,
--- a/src/paf.c
+++ b/src/paf.c
@@ -163,6 +163,9 @@
 {	PAF_FMT		paf_fmt ;
 	int			marker ;
 
+	if (psf->filelength < PAF_HEADER_LENGTH)
+		return SFE_PAF_SHORT_HEADER ;
+
 	memset (&paf_fmt, 0, sizeof (paf_fmt)) ;
 	psf_binheader_readf (psf, "pm", 0, &marker) ;
 
@@ -199,8 +202,8 @@
 		psf->endian = SF_ENDIAN_BIG ;
 		} ;
 
-	if (psf->filelength < PAF_HEADER_LENGTH)
-		return SFE_PAF_SHORT_HEADER ;
+	if (paf_fmt.channels > SF_MAX_CHANNELS)
+		return SFE_PAF_BAD_CHANNELS ;
 
 	psf->datalength = psf->filelength - psf->dataoffset ;
 
--- a/src/sndfile.c
+++ b/src/sndfile.c
@@ -173,6 +173,7 @@
 	{	SFE_PAF_VERSION			, "Error in PAF file, bad version." },
 	{	SFE_PAF_UNKNOWN_FORMAT	, "Error in PAF file, unknown format." },
 	{	SFE_PAF_SHORT_HEADER	, "Error in PAF file. File shorter than minimal header." },
+	{	SFE_PAF_BAD_CHANNELS	, "Error in PAF file. Bad channel count." },
 
 	{	SFE_SVX_NO_FORM			, "Error in 8SVX / 16SV file, no 'FORM' marker." },
 	{	SFE_SVX_NO_BODY			, "Error in 8SVX / 16SV file, no 'BODY' marker." },

Places

File libsndfile-CVE-2011-2696.diff of Package libsndfile

Places