View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0002173 | ardour | bugs | public | 2008-04-03 21:57 | 2020-04-19 20:13 |
| Reporter | gothicx | Assigned To | paul | ||
| Priority | normal | Severity | major | Reproducibility | always |
| Status | closed | Resolution | fixed | ||
| Product Version | 2.1 | ||||
| Summary | 0002173: Patch to fix CVE security bug | ||||
| Description | I'll attach the patch to fix this bug. | ||||
| Additional Information | CVE-2007-4974 | ||||
| Tags | No tags attached. | ||||
|
2008-04-03 21:57
|
CVE-2007-4974.patch (1,488 bytes)
diff -Nurad ardour-2.1~/libs/libsndfile/src/flac.c ardour-2.1/libs/libsndfile/src/flac.c
--- ardour-2.1~/libs/libsndfile/src/flac.c 2007-12-04 17:21:35.000000000 +0100
+++ ardour-2.1/libs/libsndfile/src/flac.c 2007-12-04 17:25:32.000000000 +0100
@@ -50,7 +50,7 @@
** Private static functions.
*/
-#define ENC_BUFFER_SIZE 4096
+#define ENC_BUFFER_SIZE 8192
typedef enum
{ PFLAC_PCM_SHORT = 0,
@@ -172,6 +172,17 @@
const FLAC__int32* const *buffer = pflac->wbuffer ;
unsigned i = 0, j, offset ;
+ /*
+ ** frame->header.blocksize is variable and we're using a constant blocksize
+ ** of FLAC__MAX_BLOCK_SIZE.
+ ** Check our assumptions here.
+ */
+ if (frame->header.blocksize > FLAC__MAX_BLOCK_SIZE)
+ { psf_log_printf (psf, "Ooops : frame->header.blocksize (%d) > FLAC__MAX_BLOCK_SIZE (%d)\n", __func__, __LINE__, frame->header.blocksize, FLAC__MAX_BLOCK_SIZE) ;
+ psf->error = SFE_INTERNAL ;
+ return 0 ;
+ }
+
if (pflac->ptr == NULL)
{ /*
** Not sure why this code is here and not elsewhere.
@@ -180,7 +191,7 @@
pflac->bufferbackup = SF_TRUE ;
for (i = 0 ; i < frame->header.channels ; i++)
{ if (pflac->rbuffer [i] == NULL)
- pflac->rbuffer [i] = calloc (frame->header.blocksize, sizeof (FLAC__int32)) ;
+ pflac->rbuffer [i] = calloc (FLAC__MAX_BLOCK_SIZE, sizeof (FLAC__int32)) ;
memcpy (pflac->rbuffer [i], buffer [i], frame->header.blocksize * sizeof (FLAC__int32)) ;
} ;
pflac->wbuffer = (const FLAC__int32* const*) pflac->rbuffer ;
|
|
|
applied and soon to be committed |
|
|
Issue has been closed automatically, by Trigger Close Plugin. Feel free to re-open with additional information if you think the issue is not resolved. |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2008-04-03 21:57 | gothicx | New Issue | |
| 2008-04-03 21:57 | gothicx | File Added: CVE-2007-4974.patch | |
| 2008-04-17 06:05 | paul | Status | new => resolved |
| 2008-04-17 06:05 | paul | Resolution | open => fixed |
| 2008-04-17 06:05 | paul | Assigned To | => paul |
| 2008-04-17 06:05 | paul | Note Added: 0004868 | |
| 2020-04-19 20:13 | system | Note Added: 0021686 | |
| 2020-04-19 20:13 | system | Status | resolved => closed |
