Overview

File audiofile-CVE-2022-24599.patch of Package audiofile

diff --unified --recursive --text --new-file --color audiofile-0.3.6.old/sfcommands/printinfo.c audiofile-0.3.6.new/sfcommands/printinfo.c
--- audiofile-0.3.6.old/sfcommands/printinfo.c	2013-03-06 13:30:03.000000000 +0800
+++ audiofile-0.3.6.new/sfcommands/printinfo.c	2025-04-30 15:18:24.778177640 +0800
@@ -37,6 +37,7 @@
 #include <stdint.h>
 #include <stdio.h>
 #include <stdlib.h>
+#include <limits.h>
 
 static char *copyrightstring (AFfilehandle file);
 
@@ -147,7 +148,11 @@
 	int		i, misccount;
 
 	misccount = afGetMiscIDs(file, NULL);
-	miscids = (int *) malloc(sizeof (int) * misccount);
+	if (!misccount)
+	    return NULL;
+	miscids = (int *)calloc(misccount, sizeof(int));
+	if (!miscids)
+	    return NULL;
 	afGetMiscIDs(file, miscids);
 
 	for (i=0; i<misccount; i++)
@@ -159,13 +164,16 @@
 			If this code executes, the miscellaneous chunk is a
 			copyright chunk.
 		*/
-		int datasize = afGetMiscSize(file, miscids[i]);
-		char *data = (char *) malloc(datasize);
+		size_t datasize = afGetMiscSize(file, miscids[i]);
+		if (datasize >= INT_MAX - 1)
+		    goto error;
+		char *data = (char *)calloc(datasize + 1, sizeof(char));
 		afReadMisc(file, miscids[i], data, datasize);
 		copyright = data;
 		break;
 	}
 
+error:
 	free(miscids);
 
 	return copyright;
openSUSE Build Service is sponsored by
Places