From 89df160596132e3bd666322e1c20b2ebd4b92cd0 Mon Sep 17 00:00:00 2001 From: David Bryant Date: Tue, 29 Dec 2020 20:47:19 -0800 Subject: [PATCH] issue #91: fix integer overflows resulting in buffer overruns and sanitize a few more encoding parameters for clarity --- src/pack_utils.c | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/src/pack_utils.c b/src/pack_utils.c index 17d9381..480ab90 100644 --- a/src/pack_utils.c +++ b/src/pack_utils.c @@ -200,8 +200,13 @@ int WavpackSetConfiguration64 (WavpackContext *wpc, WavpackConfig *config, int64 return FALSE; } - if (!num_chans) { - strcpy (wpc->error_message, "channel count cannot be zero!"); + if (num_chans <= 0 || num_chans > NEW_MAX_STREAMS * 2) { + strcpy (wpc->error_message, "invalid channel count!"); + return FALSE; + } + + if (config->block_samples && (config->block_samples < 16 || config->block_samples > 131072)) { + strcpy (wpc->error_message, "invalid custom block samples!"); return FALSE; } @@ -523,7 +528,7 @@ int WavpackPackInit (WavpackContext *wpc) if (wpc->config.num_channels == 1) wpc->block_samples *= 2; - while (wpc->block_samples > 12000 && wpc->block_samples * wpc->config.num_channels > 300000) + while (wpc->block_samples > 12000 && (int64_t) wpc->block_samples * wpc->config.num_channels > 300000) wpc->block_samples /= 2; } else { @@ -534,10 +539,10 @@ int WavpackPackInit (WavpackContext *wpc) wpc->block_samples = wpc->config.sample_rate / divisor; - while (wpc->block_samples > 12000 && wpc->block_samples * wpc->config.num_channels > 75000) + while (wpc->block_samples > 12000 && (int64_t) wpc->block_samples * wpc->config.num_channels > 75000) wpc->block_samples /= 2; - while (wpc->block_samples * wpc->config.num_channels < 20000) + while ((int64_t) wpc->block_samples * wpc->config.num_channels < 20000) wpc->block_samples *= 2; }