Home Esplora Aiuto
Accedi
rainmanp7
/
dragora
forkato da dragora/dragora
Segui 1
Vota 0
Forka 0
File
Ramo (Branch): master
Rami (Branch) Tag
dragora
/
patches
/
audiofile
/
03_CVE-2015-7747.patch

03_CVE-2015-7747.patch 4.2 KB
Permalink Cronologia Originale

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157 
  1. Description: fix buffer overflow when changing both sample format and
    2. 

  2.  number of channels
    3. 

  3. Origin: https://github.com/mpruett/audiofile/pull/25
    4. 

  4. Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/audiofile/+bug/1502721
    5. 

  5. Bug-Debian: https://bugs.debian.org/801102
    6. 

  6. 

  7. --- a/libaudiofile/modules/ModuleState.cpp
    8. 

  8. +++ b/libaudiofile/modules/ModuleState.cpp
    9. 

  9. @@ -402,7 +402,7 @@ status ModuleState::arrange(AFfilehandle
    10. 

  10.  		addModule(new Transform(outfc, in.pcm, out.pcm));
    11. 

  11.  
    12. 

  12.  	if (in.channelCount != out.channelCount)
    13. 

  13. -		addModule(new ApplyChannelMatrix(infc, isReading,
    14. 

  14. +		addModule(new ApplyChannelMatrix(outfc, isReading,
    15. 

  15.  			in.channelCount, out.channelCount,
    16. 

  16.  			in.pcm.minClip, in.pcm.maxClip,
    17. 

  17.  			track->channelMatrix));
    18. 

  18. --- a/test/Makefile.am
    19. 

  19. +++ b/test/Makefile.am
    20. 

  20. @@ -26,6 +26,7 @@ TESTS = \
    21. 

  21.  	VirtualFile \
    22. 

  22.  	floatto24 \
    23. 

  23.  	query2 \
    24. 

  24. +	sixteen-stereo-to-eight-mono \
    25. 

  25.  	sixteen-to-eight \
    26. 

  26.  	testchannelmatrix \
    27. 

  27.  	testdouble \
    28. 

  28. @@ -139,6 +140,7 @@ printmarkers_SOURCES = printmarkers.c
    29. 

  29.  printmarkers_LDADD = $(LIBAUDIOFILE) -lm
    30. 

  30.  
    31. 

  31.  sixteen_to_eight_SOURCES = sixteen-to-eight.c TestUtilities.cpp TestUtilities.h
    32. 

  32. +sixteen_stereo_to_eight_mono_SOURCES = sixteen-stereo-to-eight-mono.c TestUtilities.cpp TestUtilities.h
    33. 

  33.  
    34. 

  34.  testchannelmatrix_SOURCES = testchannelmatrix.c TestUtilities.cpp TestUtilities.h
    35. 

  35.  
    36. 

  36. --- /dev/null
    37. 

  37. +++ b/test/sixteen-stereo-to-eight-mono.c
    38. 

  38. @@ -0,0 +1,118 @@
    39. 

  39. +/*
    40. 

  40. +	Audio File Library
    41. 

  41. +
    42. 

  42. +	Copyright 2000, Silicon Graphics, Inc.
    43. 

  43. +
    44. 

  44. +	This program is free software; you can redistribute it and/or modify
    45. 

  45. +	it under the terms of the GNU General Public License as published by
    46. 

  46. +	the Free Software Foundation; either version 2 of the License, or
    47. 

  47. +	(at your option) any later version.
    48. 

  48. +
    49. 

  49. +	This program is distributed in the hope that it will be useful,
    50. 

  50. +	but WITHOUT ANY WARRANTY; without even the implied warranty of
    51. 

  51. +	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    52. 

  52. +	GNU General Public License for more details.
    53. 

  53. +
    54. 

  54. +	You should have received a copy of the GNU General Public License along
    55. 

  55. +	with this program; if not, write to the Free Software Foundation, Inc.,
    56. 

  56. +	51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
    57. 

  57. +*/
    58. 

  58. +
    59. 

  59. +/*
    60. 

  60. +	sixteen-stereo-to-eight-mono.c
    61. 

  61. +
    62. 

  62. +	This program tests the conversion from 2-channel 16-bit integers to
    63. 

  63. +	1-channel 8-bit	integers.
    64. 

  64. +*/
    65. 

  65. +
    66. 

  66. +#ifdef HAVE_CONFIG_H
    67. 

  67. +#include <config.h>
    68. 

  68. +#endif
    69. 

  69. +
    70. 

  70. +#include <stdint.h>
    71. 

  71. +#include <stdio.h>
    72. 

  72. +#include <stdlib.h>
    73. 

  73. +#include <string.h>
    74. 

  74. +#include <unistd.h>
    75. 

  75. +#include <limits.h>
    76. 

  76. +
    77. 

  77. +#include <audiofile.h>
    78. 

  78. +
    79. 

  79. +#include "TestUtilities.h"
    80. 

  80. +
    81. 

  81. +int main (int argc, char **argv)
    82. 

  82. +{
    83. 

  83. +	AFfilehandle file;
    84. 

  84. +	AFfilesetup setup;
    85. 

  85. +	int16_t frames16[] = {14298, 392, 3923, -683, 958, -1921};
    86. 

  86. +	int8_t frames8[] = {28, 6, -2};
    87. 

  87. +	int i, frameCount = 3;
    88. 

  88. +	int8_t byte;
    89. 

  89. +	AFframecount result;
    90. 

  90. +
    91. 

  91. +	setup = afNewFileSetup();
    92. 

  92. +
    93. 

  93. +	afInitFileFormat(setup, AF_FILE_WAVE);
    94. 

  94. +
    95. 

  95. +	afInitSampleFormat(setup, AF_DEFAULT_TRACK, AF_SAMPFMT_TWOSCOMP, 16);
    96. 

  96. +	afInitChannels(setup, AF_DEFAULT_TRACK, 2);
    97. 

  97. +
    98. 

  98. +	char *testFileName;
    99. 

  99. +	if (!createTemporaryFile("sixteen-to-eight", &testFileName))
    100. 

  100. +	{
    101. 

  101. +		fprintf(stderr, "Could not create temporary file.\n");
    102. 

  102. +		exit(EXIT_FAILURE);
    103. 

  103. +	}
    104. 

  104. +
    105. 

  105. +	file = afOpenFile(testFileName, "w", setup);
    106. 

  106. +	if (file == AF_NULL_FILEHANDLE)
    107. 

  107. +	{
    108. 

  108. +		fprintf(stderr, "could not open file for writing\n");
    109. 

  109. +		exit(EXIT_FAILURE);
    110. 

  110. +	}
    111. 

  111. +
    112. 

  112. +	afFreeFileSetup(setup);
    113. 

  113. +
    114. 

  114. +	afWriteFrames(file, AF_DEFAULT_TRACK, frames16, frameCount);
    115. 

  115. +
    116. 

  116. +	afCloseFile(file);
    117. 

  117. +
    118. 

  118. +	file = afOpenFile(testFileName, "r", AF_NULL_FILESETUP);
    119. 

  119. +	if (file == AF_NULL_FILEHANDLE)
    120. 

  120. +	{
    121. 

  121. +		fprintf(stderr, "could not open file for reading\n");
    122. 

  122. +		exit(EXIT_FAILURE);
    123. 

  123. +	}
    124. 

  124. +
    125. 

  125. +	afSetVirtualSampleFormat(file, AF_DEFAULT_TRACK, AF_SAMPFMT_TWOSCOMP, 8);
    126. 

  126. +	afSetVirtualChannels(file, AF_DEFAULT_TRACK, 1);
    127. 

  127. +
    128. 

  128. +	for (i=0; i<frameCount; i++)
    129. 

  129. +	{
    130. 

  130. +		/* Read one frame. */
    131. 

  131. +		result = afReadFrames(file, AF_DEFAULT_TRACK, &byte, 1);
    132. 

  132. +
    133. 

  133. +		if (result != 1)
    134. 

  134. +			break;
    135. 

  135. +
    136. 

  136. +		/* Compare the byte read with its precalculated value. */
    137. 

  137. +		if (memcmp(&byte, &frames8[i], 1) != 0)
    138. 

  138. +		{
    139. 

  139. +			printf("error\n");
    140. 

  140. +			printf("expected %d, got %d\n", frames8[i], byte);
    141. 

  141. +			exit(EXIT_FAILURE);
    142. 

  142. +		}
    143. 

  143. +		else
    144. 

  144. +		{
    145. 

  145. +#ifdef DEBUG
    146. 

  146. +			printf("got what was expected: %d\n", byte);
    147. 

  147. +#endif
    148. 

  148. +		}
    149. 

  149. +	}
    150. 

  150. +
    151. 

  151. +	afCloseFile(file);
    152. 

  152. +	unlink(testFileName);
    153. 

  153. +	free(testFileName);
    154. 

  154. +
    155. 

  155. +	exit(EXIT_SUCCESS);
    156. 

  156. +}
    157. 

  157.