blob: 0e475a3e44e6f20b64a476c4f4cde07e0e9fe2fa (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
|
Description: Fix CVE-2017-9258, CVE-2017-9259, CVE-2017-9260
Based on an upstream commit, original commit message was: "Added sanity
checks against illegal input audio stream parameters e.g. wildly excessive
samplerate".
.
There is no reference to CVEs or bugs, the commit was made after disclosure
of the CVEs and all three proofs of concept (crafted wav files) fail after
this commit.
.
The commit was made after version 2.0.0, so that version is also vulnerable.
.
Unrelated changes were stripped away by patch author, upstream commit author
is Olli Parviainen <oparviai@iki.fi>.
Author: Gabor Karsay <gabor.karsay@gmx.at>
Origin: upstream, https://sourceforge.net/p/soundtouch/code/256/
Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870854
Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870856
Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870857
---
This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
--- a/source/SoundTouch/TDStretch.cpp
+++ b/source/SoundTouch/TDStretch.cpp
@@ -128,7 +128,12 @@
int aSeekWindowMS, int aOverlapMS)
{
// accept only positive parameter values - if zero or negative, use old values instead
- if (aSampleRate > 0) this->sampleRate = aSampleRate;
+ if (aSampleRate > 0)
+ {
+ if (aSampleRate > 192000) ST_THROW_RT_ERROR("Error: Excessive samplerate");
+ this->sampleRate = aSampleRate;
+ }
+
if (aOverlapMS > 0) this->overlapMs = aOverlapMS;
if (aSequenceMS > 0)
|