diff options
Diffstat (limited to 'gnu/packages/patches/wavpack-CVE-2018-7253.patch')
| -rw-r--r-- | gnu/packages/patches/wavpack-CVE-2018-7253.patch | 29 |
1 files changed, 0 insertions, 29 deletions
diff --git a/gnu/packages/patches/wavpack-CVE-2018-7253.patch b/gnu/packages/patches/wavpack-CVE-2018-7253.patch deleted file mode 100644 index 651755afd0..0000000000 --- a/gnu/packages/patches/wavpack-CVE-2018-7253.patch +++ /dev/null @@ -1,29 +0,0 @@ -Fix CVE-2018-7253: -https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7253 - -Copied from upstream: -https://github.com/dbry/WavPack/commit/36a24c7881427d2e1e4dc1cef58f19eee0d13aec - -diff --git a/cli/dsdiff.c b/cli/dsdiff.c -index 410dc1c..c016df9 100644 ---- a/cli/dsdiff.c -+++ b/cli/dsdiff.c -@@ -153,7 +153,17 @@ int ParseDsdiffHeaderConfig (FILE *infile, char *infilename, char *fourcc, Wavpa - error_line ("dsdiff file version = 0x%08x", version); - } - else if (!strncmp (dff_chunk_header.ckID, "PROP", 4)) { -- char *prop_chunk = malloc ((size_t) dff_chunk_header.ckDataSize); -+ char *prop_chunk; -+ -+ if (dff_chunk_header.ckDataSize < 4 || dff_chunk_header.ckDataSize > 1024) { -+ error_line ("%s is not a valid .DFF file!", infilename); -+ return WAVPACK_SOFT_ERROR; -+ } -+ -+ if (debug_logging_mode) -+ error_line ("got PROP chunk of %d bytes total", (int) dff_chunk_header.ckDataSize); -+ -+ prop_chunk = malloc ((size_t) dff_chunk_header.ckDataSize); - - if (!DoReadFile (infile, prop_chunk, (uint32_t) dff_chunk_header.ckDataSize, &bcount) || - bcount != dff_chunk_header.ckDataSize) { |