File soundtouch-round-buffer.patch of Package soundtouch.9260

Overview Repositories Revisions Requests Users Attributes Meta

File soundtouch-round-buffer.patch of Package soundtouch.9260

From 09e04252dde9ef02a7d254315b13089996afe302 Mon Sep 17 00:00:00 2001
From: Olli <oparviai@iki.fi>
Date: Sun, 28 Oct 2018 15:51:15 +0200
Subject: [PATCH] Fix CVE-2018-17097 by rounding working buffer size up to
 nearest 4-byte boundary. Replaced also tab characters with spaces in
 indentation.

---
 source/SoundStretch/WavFile.cpp | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/source/SoundStretch/WavFile.cpp b/source/SoundStretch/WavFile.cpp
index 9d90b8a..fd33f6a 100644
--- a/source/SoundStretch/WavFile.cpp
+++ b/source/SoundStretch/WavFile.cpp
@@ -924,7 +924,8 @@ void WavOutFile::write(const float *buffer, int numElems)
 
     bytesPerSample = header.format.bits_per_sample / 8;
     numBytes = numElems * bytesPerSample;
-    short *temp = (short*)getConvBuffer(numBytes);
+    int confBufBytes = (numBytes + 3) & -4; // round up to nearest multiple of four to avoid overflow with 24bit-value assignment
+    void *temp = getConvBuffer(confBufBytes);
 
     switch (bytesPerSample)
     {
-- 
2.18.1

Places

File soundtouch-round-buffer.patch of Package soundtouch.9260

Places