Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Backports:SLE-15:Update
timidity
timidity-resample-frac-overflow-fix.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File timidity-resample-frac-overflow-fix.patch of Package timidity
From: Takashi Iwai <tiwai@suse.de> Subject: resample: Fix out-of-bound access in resamplers References: CVE-2017-11547 An adhoc fix for out-of-bound accesses in resamples. The offset might overflow the given data range. Signed-off-by: Takashi Iwai <tiwai@suse.de> --- a/timidity/resample.c +++ b/timidity/resample.c @@ -57,6 +57,8 @@ static resample_t resample_cspline(sample_t *src, splen_t ofs, resample_rec_t *r { int32 ofsi, ofsf, v0, v1, v2, v3, temp; + if (ofs + (1 << FRACTION_BITS) >= rec->data_length) + return src[ofs >> FRACTION_BITS]; ofsi = ofs >> FRACTION_BITS; v1 = src[ofsi]; v2 = src[ofsi + 1]; @@ -96,6 +98,8 @@ static resample_t resample_lagrange(sample_t *src, splen_t ofs, resample_rec_t * { int32 ofsi, ofsf, v0, v1, v2, v3; + if (ofs + (1 << FRACTION_BITS) >= rec->data_length) + return src[ofs >> FRACTION_BITS]; ofsi = ofs >> FRACTION_BITS; v1 = (int32)src[ofsi]; v2 = (int32)src[ofsi + 1]; @@ -154,6 +158,8 @@ static resample_t resample_gauss(sample_t *src, splen_t ofs, resample_rec_t *rec sample_t *sptr; int32 left, right, temp_n; + if (ofs + (1 << FRACTION_BITS) >= rec->data_length) + return src[ofs >> FRACTION_BITS]; left = (ofs>>FRACTION_BITS); right = (rec->data_length>>FRACTION_BITS) - left - 1; temp_n = (right<<1)-1; @@ -261,6 +267,8 @@ static resample_t resample_newton(sample_t *src, splen_t ofs, resample_rec_t *re int32 left, right, temp_n; int ii, jj; + if (ofs + (1 << FRACTION_BITS) >= rec->data_length) + return src[ofs >> FRACTION_BITS]; left = (ofs>>FRACTION_BITS); right = (rec->data_length>>FRACTION_BITS)-(ofs>>FRACTION_BITS)-1; temp_n = (right<<1)-1; @@ -330,6 +338,8 @@ static resample_t resample_linear(sample_t *src, splen_t ofs, resample_rec_t *re { int32 v1, v2, ofsi; + if (ofs + (1 << FRACTION_BITS) >= rec->data_length) + return src[ofs >> FRACTION_BITS]; ofsi = ofs >> FRACTION_BITS; v1 = src[ofsi]; v2 = src[ofsi + 1];
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor
