Sisyphus repositório
Última atualização: 1 outubro 2023 | SRPMs: 18631 | Visitas: 37567778
en ru br
ALT Linux repositórios
S:2.15.0-alt1.2
5.0: 2.13.2-alt9
4.1: 2.13.2-alt8
4.0: 2.13.2-alt6
3.0: 2.13.1-alt1.1

Group :: Som
RPM: TiMidity++

 Main   Changelog   Spec   Patches   Sources   Download   Gear   Bugs e FR  Repocop 

Patch: TiMidity++-suse-timidity-resample-frac-overflow-fix.patch
Download

From: Takashi Iwai <tiwai@suse.de>
Subject: resample: Fix out-of-bound access in resamplers
References: CVE-2017-11547
An adhoc fix for out-of-bound accesses in resamples.
The offset might overflow the given data range.
Signed-off-by: Takashi Iwai <tiwai@suse.de>
--- a/timidity/resample.c
+++ b/timidity/resample.c
@@ -57,6 +57,8 @@ static resample_t resample_cspline(sample_t *src, splen_t ofs, resample_rec_t *r
 {
     int32 ofsi, ofsf, v0, v1, v2, v3, temp;
 
+    if (ofs + (1 << FRACTION_BITS) >= rec->data_length)
+      return src[ofs >> FRACTION_BITS];
     ofsi = ofs >> FRACTION_BITS;
     v1 = src[ofsi];
     v2 = src[ofsi + 1];
@@ -96,6 +98,8 @@ static resample_t resample_lagrange(sample_t *src, splen_t ofs, resample_rec_t *
 {
     int32 ofsi, ofsf, v0, v1, v2, v3;
 
+    if (ofs + (1 << FRACTION_BITS) >= rec->data_length)
+      return src[ofs >> FRACTION_BITS];
     ofsi = ofs >> FRACTION_BITS;
     v1 = (int32)src[ofsi];
     v2 = (int32)src[ofsi + 1];
@@ -154,6 +158,8 @@ static resample_t resample_gauss(sample_t *src, splen_t ofs, resample_rec_t *rec
     sample_t *sptr;
     int32 left, right, temp_n;
 
+    if (ofs + (1 << FRACTION_BITS) >= rec->data_length)
+      return src[ofs >> FRACTION_BITS];
     left = (ofs>>FRACTION_BITS);
     right = (rec->data_length>>FRACTION_BITS) - left - 1;
     temp_n = (right<<1)-1;
@@ -261,6 +267,8 @@ static resample_t resample_newton(sample_t *src, splen_t ofs, resample_rec_t *re
     int32 left, right, temp_n;
     int ii, jj;
 
+    if (ofs + (1 << FRACTION_BITS) >= rec->data_length)
+      return src[ofs >> FRACTION_BITS];
     left = (ofs>>FRACTION_BITS);
     right = (rec->data_length>>FRACTION_BITS)-(ofs>>FRACTION_BITS)-1;
     temp_n = (right<<1)-1;
@@ -330,6 +338,8 @@ static resample_t resample_linear(sample_t *src, splen_t ofs, resample_rec_t *re
 {
     int32 v1, v2, ofsi;
 
+    if (ofs + (1 << FRACTION_BITS) >= rec->data_length)
+      return src[ofs >> FRACTION_BITS];
     ofsi = ofs >> FRACTION_BITS;
     v1 = src[ofsi];
     v2 = src[ofsi + 1];








 






	projeto & código: Vladimir Lettiev aka crux © 2004-2005, 
	Andrew Avramenko aka liks © 2007-2008

	mantenedor atual: Michael Shigorin

	mantenedor da tradução: Fernando Martini aka fmartini © 2009