gnu: soundtouch: Fix CVE-2018-{1000223,14044,14045}.

* gnu/packages/patches/soundtouch-CVE-2018-14044-14045.patch,
gnu/packages/patches/soundtouch-CVE-2018-1000223.patch: New files.
* gnu/local.mk (dist_patch_DATA): Add them.
* gnu/packages/audio.scm (soundtouch)[source]: Use them.

1 files changed, 138 insertions, 0 deletions

diff --git a/gnu/packages/patches/soundtouch-CVE-2018-14044-14045.patch b/gnu/packages/patches/soundtouch-CVE-2018-14044-14045.patch
new file mode 100644
index 0000000000..cc0282fc7b
--- /dev/null
+++ b/gnu/packages/patches/soundtouch-CVE-2018-14044-14045.patch
@@ -0,0 +1,138 @@
+Fix CVE-2018-14044 and CVE-2018-14045:
+
+https://gitlab.com/soundtouch/soundtouch/issues/7
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14044
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14045
+
+Patch copied from upstream source repository:
+
+https://gitlab.com/soundtouch/soundtouch/commit/107f2c5d201a4dfea1b7f15c5957ff2ac9e5f260
+
+From 107f2c5d201a4dfea1b7f15c5957ff2ac9e5f260 Mon Sep 17 00:00:00 2001
+From: oparviainen <oparviai@iki.fi>
+Date: Sun, 12 Aug 2018 20:00:56 +0300
+Subject: [PATCH] Replaced illegal-number-of-channel assertions with run-time
+ exception
+
+---
+ include/FIFOSamplePipe.h               | 12 ++++++++++++
+ include/STTypes.h                      |  3 +++
+ source/SoundTouch/FIFOSampleBuffer.cpp |  3 ++-
+ source/SoundTouch/RateTransposer.cpp   |  5 ++---
+ source/SoundTouch/SoundTouch.cpp       |  8 ++------
+ source/SoundTouch/TDStretch.cpp        |  5 ++---
+ 6 files changed, 23 insertions(+), 13 deletions(-)
+
+diff --git a/include/FIFOSamplePipe.h b/include/FIFOSamplePipe.h
+index 4ec9275..b08f836 100644
+--- a/include/FIFOSamplePipe.h
++++ b/include/FIFOSamplePipe.h
+@@ -51,6 +51,18 @@ namespace soundtouch
+ /// Abstract base class for FIFO (first-in-first-out) sample processing classes.

+ class FIFOSamplePipe

+ {

++protected:

++

++    bool verifyNumberOfChannels(int nChannels) const

++    {

++        if ((nChannels > 0) && (nChannels <= SOUNDTOUCH_MAX_CHANNELS))

++        {

++            return true;

++        }

++        ST_THROW_RT_ERROR("Error: Illegal number of channels");

++        return false;

++    }

++

+ public:

+     // virtual default destructor

+     virtual ~FIFOSamplePipe() {}

+diff --git a/include/STTypes.h b/include/STTypes.h
+index 03e7e07..862505e 100644
+--- a/include/STTypes.h
++++ b/include/STTypes.h
+@@ -56,6 +56,9 @@ typedef unsigned long   ulong;
+ 

+ namespace soundtouch

+ {

++    /// Max allowed number of channels

++    #define SOUNDTOUCH_MAX_CHANNELS     16

++

+     /// Activate these undef's to overrule the possible sampletype 

+     /// setting inherited from some other header file:

+     //#undef SOUNDTOUCH_INTEGER_SAMPLES

+diff --git a/source/SoundTouch/FIFOSampleBuffer.cpp b/source/SoundTouch/FIFOSampleBuffer.cpp
+index f0d5e42..706e869 100644
+--- a/source/SoundTouch/FIFOSampleBuffer.cpp
++++ b/source/SoundTouch/FIFOSampleBuffer.cpp
+@@ -73,7 +73,8 @@ void FIFOSampleBuffer::setChannels(int numChannels)
+ {

+     uint usedBytes;

+ 

+-    assert(numChannels > 0);

++    if (!verifyNumberOfChannels(numChannels)) return;

++

+     usedBytes = channels * samplesInBuffer;

+     channels = (uint)numChannels;

+     samplesInBuffer = usedBytes / channels;

+diff --git a/source/SoundTouch/RateTransposer.cpp b/source/SoundTouch/RateTransposer.cpp
+index 8b66be3..d115a4c 100644
+--- a/source/SoundTouch/RateTransposer.cpp
++++ b/source/SoundTouch/RateTransposer.cpp
+@@ -179,11 +179,10 @@ void RateTransposer::processSamples(const SAMPLETYPE *src, uint nSamples)
+ // Sets the number of channels, 1 = mono, 2 = stereo

+ void RateTransposer::setChannels(int nChannels)

+ {

+-    assert(nChannels > 0);

++    if (!verifyNumberOfChannels(nChannels) ||

++        (pTransposer->numChannels == nChannels)) return;

+ 

+-    if (pTransposer->numChannels == nChannels) return;

+     pTransposer->setChannels(nChannels);

+-

+     inputBuffer.setChannels(nChannels);

+     midBuffer.setChannels(nChannels);

+     outputBuffer.setChannels(nChannels);

+diff --git a/source/SoundTouch/SoundTouch.cpp b/source/SoundTouch/SoundTouch.cpp
+index 7b6756b..06bdd56 100644
+--- a/source/SoundTouch/SoundTouch.cpp
++++ b/source/SoundTouch/SoundTouch.cpp
+@@ -139,18 +139,14 @@ uint SoundTouch::getVersionId()
+ // Sets the number of channels, 1 = mono, 2 = stereo

+ void SoundTouch::setChannels(uint numChannels)

+ {

+-    /*if (numChannels != 1 && numChannels != 2) 

+-    {

+-        //ST_THROW_RT_ERROR("Illegal number of channels");

+-        return;

+-    }*/

++    if (!verifyNumberOfChannels(numChannels)) return;

++

+     channels = numChannels;

+     pRateTransposer->setChannels((int)numChannels);

+     pTDStretch->setChannels((int)numChannels);

+ }

+ 

+ 

+-

+ // Sets new rate control value. Normal rate = 1.0, smaller values

+ // represent slower rate, larger faster rates.

+ void SoundTouch::setRate(double newRate)

+diff --git a/source/SoundTouch/TDStretch.cpp b/source/SoundTouch/TDStretch.cpp
+index 149cdb9..be2dc88 100644
+--- a/source/SoundTouch/TDStretch.cpp
++++ b/source/SoundTouch/TDStretch.cpp
+@@ -588,9 +588,8 @@ void TDStretch::setTempo(double newTempo)
+ // Sets the number of channels, 1 = mono, 2 = stereo

+ void TDStretch::setChannels(int numChannels)

+ {

+-    assert(numChannels > 0);

+-    if (channels == numChannels) return;

+-//    assert(numChannels == 1 || numChannels == 2);

++    if (!verifyNumberOfChannels(numChannels) ||

++        (channels == numChannels)) return;

+ 

+     channels = numChannels;

+     inputBuffer.setChannels(channels);

+-- 
+2.18.0
+