Update of /cvsroot/audacity/audacity-src/src
In directory sc8-pr-cvs11.sourceforge.net:/tmp/cvs-serv24768
Modified Files:
Tag: Audacity_UmixIt
Envelope.cpp LabelTrack.cpp Sequence.cpp Tags.cpp
WaveTrack.cpp
Log Message:
Further changes for NGS security vulnerability report for UmixIt, per comments
from Markus.
Index: LabelTrack.cpp
===================================================================
RCS file: /cvsroot/audacity/audacity-src/src/LabelTrack.cpp,v
retrieving revision 1.21.2.7.2.2
retrieving revision 1.21.2.7.2.3
diff -u -d -r1.21.2.7.2.2 -r1.21.2.7.2.3
--- LabelTrack.cpp 18 Dec 2006 05:26:23 -0000 1.21.2.7.2.2
+++ LabelTrack.cpp 20 Dec 2006 22:55:45 -0000 1.21.2.7.2.3
@@ -419,7 +419,7 @@
return true;
}
else if (!strcmp(tag, "labeltrack")) {
- long nValue;
+ long nValue = -1;
while (*attrs) {
const char *attr = *attrs++;
const char *value = *attrs++;
Index: WaveTrack.cpp
===================================================================
RCS file: /cvsroot/audacity/audacity-src/src/WaveTrack.cpp,v
retrieving revision 1.51.2.2.2.2
retrieving revision 1.51.2.2.2.3
diff -u -d -r1.51.2.2.2.2 -r1.51.2.2.2.3
--- WaveTrack.cpp 18 Dec 2006 05:26:23 -0000 1.51.2.2.2.2
+++ WaveTrack.cpp 20 Dec 2006 22:55:45 -0000 1.51.2.2.2.3
@@ -911,7 +911,7 @@
}
else if (!strcmp(attr, "linked") &&
XMLValueChecker::IsGoodInt(strValue) &&
strValue.ToLong(&nValue))
- mLinked = (bool)nValue;
+ mLinked = (nValue != 0);
} // while
return true;
Index: Sequence.cpp
===================================================================
RCS file: /cvsroot/audacity/audacity-src/src/Sequence.cpp,v
retrieving revision 1.21.4.5.2.4
retrieving revision 1.21.4.5.2.5
diff -u -d -r1.21.4.5.2.4 -r1.21.4.5.2.5
--- Sequence.cpp 18 Dec 2006 05:26:23 -0000 1.21.4.5.2.4
+++ Sequence.cpp 20 Dec 2006 22:55:45 -0000 1.21.4.5.2.5
@@ -666,7 +666,7 @@
}
else if (!strcmp(attr, "sampleformat"))
{
- if ((nValue != int16Sample) && (nValue != int24Sample) && (nValue
!= floatSample))
+ if (!XMLValueChecker::IsValidSampleFormat(nValue))
{
mErrorOpening = true;
return false;
Index: Tags.cpp
===================================================================
RCS file: /cvsroot/audacity/audacity-src/src/Tags.cpp,v
retrieving revision 1.20.2.4.2.1
retrieving revision 1.20.2.4.2.2
diff -u -d -r1.20.2.4.2.1 -r1.20.2.4.2.2
--- Tags.cpp 17 Dec 2006 05:34:38 -0000 1.20.2.4.2.1
+++ Tags.cpp 20 Dec 2006 22:55:45 -0000 1.20.2.4.2.2
@@ -137,7 +137,7 @@
else if (!strcmp(attr, "comments") &&
XMLValueChecker::IsGoodString(strValue))
mComments = strValue;
else if (!strcmp(attr, "id3v2") && XMLValueChecker::IsGoodInt(strValue)
&& strValue.ToLong(&nValue))
- mID3V2 = (bool)nValue;
+ mID3V2 = (nValue != 0);
} // while
return true;
Index: Envelope.cpp
===================================================================
RCS file: /cvsroot/audacity/audacity-src/src/Envelope.cpp,v
retrieving revision 1.27.2.6.2.2
retrieving revision 1.27.2.6.2.3
diff -u -d -r1.27.2.6.2.2 -r1.27.2.6.2.3
--- Envelope.cpp 18 Dec 2006 05:26:22 -0000 1.27.2.6.2.2
+++ Envelope.cpp 20 Dec 2006 22:55:45 -0000 1.27.2.6.2.3
@@ -208,7 +208,7 @@
{
if (!strcmp(tag, "envelope")) {
int numPoints = 0;
- long nValue;
+ long nValue = -1;
while (*attrs) {
const char *attr = *attrs++;
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Audacity-cvs mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/audacity-cvs
