[Audacity-cvs] audacity-src/src/blockfile LegacyAliasBlockFile.cpp, 1.3.6.2, 1.3.6.3 LegacyBlockFile.cpp, 1.8.6.3, 1.8.6.4 PCMAliasBlockFile.cpp, 1.4.2.1.4.4, 1.4.2.1.4.5 SilentBlockFile.cpp, 1.1.8.1, 1.1.8.2 SimpleBlockFile.cpp, 1.8.2.2.2.3, 1.8.2.2.2.4

Wed, 20 Dec 2006 14:56:20 -0800 

Update of /cvsroot/audacity/audacity-src/src/blockfile
In directory sc8-pr-cvs11.sourceforge.net:/tmp/cvs-serv24768/blockfile

Modified Files:
      Tag: Audacity_UmixIt
        LegacyAliasBlockFile.cpp LegacyBlockFile.cpp 
        PCMAliasBlockFile.cpp SilentBlockFile.cpp SimpleBlockFile.cpp 
Log Message:
Further changes for NGS security vulnerability report for UmixIt, per comments 
from Markus.

Index: LegacyBlockFile.cpp
===================================================================
RCS file: /cvsroot/audacity/audacity-src/src/blockfile/LegacyBlockFile.cpp,v
retrieving revision 1.8.6.3
retrieving revision 1.8.6.4
diff -u -d -r1.8.6.3 -r1.8.6.4
--- LegacyBlockFile.cpp 18 Dec 2006 05:26:23 -0000      1.8.6.3
+++ LegacyBlockFile.cpp 20 Dec 2006 22:55:45 -0000      1.8.6.4
@@ -273,10 +273,10 @@
          if( !strcmp(attr, "len") )
             len = nValue;
          if( !strcmp(attr, "norms") )
-            noRMS = (bool)nValue;
+            noRMS = (nValue != 0);
          if( !strcmp(attr, "format") )
          {
-            if ((nValue != int16Sample) && (nValue != int24Sample) && (nValue 
!= floatSample))
+            if (!XMLValueChecker::IsValidSampleFormat(nValue))
                return NULL;
             format = (sampleFormat)nValue;
          }
@@ -287,7 +287,7 @@
 
    if (!XMLValueChecker::IsGoodFileName(fileName.GetFullName(), 
                                          fileName.GetPath(wxPATH_GET_VOLUME)) 
|| 
-         (len < 0) || (summaryLen < 0))
+         (len <= 0) || (summaryLen <= 0))
       return NULL;
 
    return new LegacyBlockFile(fileName, format, summaryLen, len, noRMS);

Index: LegacyAliasBlockFile.cpp
===================================================================
RCS file: 
/cvsroot/audacity/audacity-src/src/blockfile/LegacyAliasBlockFile.cpp,v
retrieving revision 1.3.6.2
retrieving revision 1.3.6.3
diff -u -d -r1.3.6.2 -r1.3.6.3
--- LegacyAliasBlockFile.cpp    17 Dec 2006 05:34:38 -0000      1.3.6.2
+++ LegacyAliasBlockFile.cpp    20 Dec 2006 22:55:45 -0000      1.3.6.3
@@ -124,7 +124,7 @@
          if( !wxStricmp(attr, "summarylen") )
             summaryLen = nValue;
          if( !wxStricmp(attr, "norms") )
-            noRMS = (bool)nValue;
+            noRMS = (nValue != 0);
        }
    }
 
@@ -132,7 +132,8 @@
                                          
summaryFileName.GetPath(wxPATH_GET_VOLUME)) || 
          !XMLValueChecker::IsGoodFileName(aliasFileName.GetFullName(), 
                                           
aliasFileName.GetPath(wxPATH_GET_VOLUME)) ||
-         (aliasStart < 0) || (aliasLen < 0) || (aliasChannel < 0) || 
(aliasChannel > 2) || (summaryLen < 0))
+         (aliasStart < 0) || (aliasLen <= 0) || 
+         !XMLValueChecker::IsValidChannel(aliasChannel) || (summaryLen <= 0))
       return NULL;
 
    return new LegacyAliasBlockFile(summaryFileName, aliasFileName,

Index: SilentBlockFile.cpp
===================================================================
RCS file: /cvsroot/audacity/audacity-src/src/blockfile/SilentBlockFile.cpp,v
retrieving revision 1.1.8.1
retrieving revision 1.1.8.2
diff -u -d -r1.1.8.1 -r1.1.8.2
--- SilentBlockFile.cpp 17 Dec 2006 05:34:38 -0000      1.1.8.1
+++ SilentBlockFile.cpp 20 Dec 2006 22:55:45 -0000      1.1.8.2
@@ -63,7 +63,7 @@
           len = nValue;
    }
 
-   if (len < 0)
+   if (len <= 0)
       return NULL;
 
    return new SilentBlockFile(len);

Index: SimpleBlockFile.cpp
===================================================================
RCS file: /cvsroot/audacity/audacity-src/src/blockfile/SimpleBlockFile.cpp,v
retrieving revision 1.8.2.2.2.3
retrieving revision 1.8.2.2.2.4
diff -u -d -r1.8.2.2.2.3 -r1.8.2.2.2.4
--- SimpleBlockFile.cpp 18 Dec 2006 05:26:23 -0000      1.8.2.2.2.3
+++ SimpleBlockFile.cpp 20 Dec 2006 22:55:45 -0000      1.8.2.2.2.4
@@ -279,7 +279,7 @@
 
    if (!XMLValueChecker::IsGoodFileName(fileName.GetFullName(), 
                                          fileName.GetPath(wxPATH_GET_VOLUME)) 
|| 
-         (len < 0) || (rms < 0.0))
+         (len <= 0) || (rms < 0.0))
       return NULL;
 
    return new SimpleBlockFile(fileName, len, min, max, rms);

Index: PCMAliasBlockFile.cpp
===================================================================
RCS file: /cvsroot/audacity/audacity-src/src/blockfile/PCMAliasBlockFile.cpp,v
retrieving revision 1.4.2.1.4.4
retrieving revision 1.4.2.1.4.5
diff -u -d -r1.4.2.1.4.4 -r1.4.2.1.4.5
--- PCMAliasBlockFile.cpp       18 Dec 2006 05:26:23 -0000      1.4.2.1.4.4
+++ PCMAliasBlockFile.cpp       20 Dec 2006 22:55:45 -0000      1.4.2.1.4.5
@@ -178,7 +178,8 @@
                                          
summaryFileName.GetPath(wxPATH_GET_VOLUME)) || 
          !XMLValueChecker::IsGoodFileName(aliasFileName.GetFullName(), 
                                           
aliasFileName.GetPath(wxPATH_GET_VOLUME)) ||
-         (aliasStart < 0) || (aliasLen < 0) || (aliasChannel < 0) || 
(aliasChannel > 2) || (rms < 0.0))
+         (aliasStart < 0) || (aliasLen <= 0) || 
+         !XMLValueChecker::IsValidChannel(aliasChannel) || (rms < 0.0))
       return NULL;
 
    return new PCMAliasBlockFile(summaryFileName, aliasFileName,


-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Audacity-cvs mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/audacity-cvs

Reply via email to