Update of /cvsroot/audacity/audacity-src/src/blockfile
In directory sc8-pr-cvs11.sourceforge.net:/tmp/cvs-serv12696/src/blockfile
Modified Files:
Tag: AUDACITY_1_2
LegacyAliasBlockFile.cpp LegacyBlockFile.cpp
PCMAliasBlockFile.cpp SilentBlockFile.cpp SimpleBlockFile.cpp
Log Message:
Backport NGS security fixes for UmixIt to AUDACITY_1_2,
plus a fix to reduce flickering when importing multiple files.
Index: LegacyBlockFile.cpp
===================================================================
RCS file: /cvsroot/audacity/audacity-src/src/blockfile/LegacyBlockFile.cpp,v
retrieving revision 1.8
retrieving revision 1.8.2.1
diff -u -d -r1.8 -r1.8.2.1
--- LegacyBlockFile.cpp 19 Sep 2003 08:09:24 -0000 1.8
+++ LegacyBlockFile.cpp 12 Jan 2007 00:27:43 -0000 1.8.2.1
@@ -251,24 +251,45 @@
wxFileName fileName;
sampleCount summaryLen = 0;
int noRMS = 0;
+ long nValue;
while(*attrs)
{
const char *attr = *attrs++;
const char *value = *attrs++;
+ if (!value)
+ break;
+
+ const wxString strValue = value;
if( !strcmp(attr, "name") )
- fileName.Assign(projDir, value);
+ {
+ if (!XMLValueChecker::IsGoodFileName(strValue, projDir))
+ return NULL;
+ fileName.Assign(projDir, strValue);
+ }
+ else if (XMLValueChecker::IsGoodInt(strValue) &&
strValue.ToLong(&nValue))
+ { // integer parameters
if( !strcmp(attr, "len") )
- len = atoi(value);
+ len = nValue;
if( !strcmp(attr, "norms") )
noRMS = (bool)atoi(value);
if( !strcmp(attr, "format") )
- format = (sampleFormat)atoi(value);
+ {
+ if (!XMLValueChecker::IsValidSampleFormat(nValue))
+ return NULL;
+ format = (sampleFormat)nValue;
+ }
if( !strcmp(attr, "summarylen") )
- summaryLen = atoi(value);
+ summaryLen = nValue;
+ }
}
+ if (!XMLValueChecker::IsGoodFileName(fileName.GetFullName(),
+ fileName.GetPath(wxPATH_GET_VOLUME))
||
+ (len <= 0) || (summaryLen <= 0))
+ return NULL;
+
return new LegacyBlockFile(fileName, format, summaryLen, len, noRMS);
}
Index: LegacyAliasBlockFile.cpp
===================================================================
RCS file:
/cvsroot/audacity/audacity-src/src/blockfile/LegacyAliasBlockFile.cpp,v
retrieving revision 1.3
retrieving revision 1.3.2.1
diff -u -d -r1.3 -r1.3.2.1
--- LegacyAliasBlockFile.cpp 15 Jun 2003 07:24:39 -0000 1.3
+++ LegacyAliasBlockFile.cpp 12 Jan 2007 00:27:43 -0000 1.3.2.1
@@ -83,32 +83,59 @@
{
wxFileName summaryFileName;
wxFileName aliasFileName;
-
int aliasStart=0, aliasLen=0, aliasChannel=0;
int summaryLen=0;
bool noRMS = false;
+ long nValue;
while(*attrs)
{
const char *attr = *attrs++;
const char *value = *attrs++;
+ if (!value)
+ break;
+
+ const wxString strValue = value;
if( !wxStricmp(attr, "name") )
- summaryFileName.Assign(projDir, value, "");
- if( !wxStricmp(attr, "aliaspath") )
- aliasFileName.Assign(value);
+ {
+ if (!XMLValueChecker::IsGoodFileName(strValue, projDir))
+ return NULL;
+ summaryFileName.Assign(projDir, strValue, "");
+ }
+ else if ( !wxStricmp(attr, "aliaspath") )
+ {
+ if (XMLValueChecker::IsGoodPathName(strValue))
+ aliasFileName.Assign(strValue);
+ else if (XMLValueChecker::IsGoodFileName(strValue, projDir))
+ // Allow fallback of looking for the file name, located in the
data directory.
+ aliasFileName.Assign(projDir, strValue);
+ else
+ return NULL;
+ }
+ else if (XMLValueChecker::IsGoodInt(strValue) &&
strValue.ToLong(&nValue))
+ { // integer parameters
if( !wxStricmp(attr, "aliasstart") )
- aliasStart = atoi(value);
+ aliasStart = nValue;
if( !wxStricmp(attr, "aliaslen") )
- aliasLen = atoi(value);
+ aliasLen = nValue;
if( !wxStricmp(attr, "aliaschannel") )
- aliasChannel = atoi(value);
+ aliasChannel = nValue;
if( !wxStricmp(attr, "summarylen") )
- summaryLen = atoi(value);
+ summaryLen = nValue;
if( !wxStricmp(attr, "norms") )
- noRMS = (bool)atoi(value);
+ noRMS = (nValue != 0);
+ }
}
+ if (!XMLValueChecker::IsGoodFileName(summaryFileName.GetFullName(),
+
summaryFileName.GetPath(wxPATH_GET_VOLUME)) ||
+ !XMLValueChecker::IsGoodFileName(aliasFileName.GetFullName(),
+
aliasFileName.GetPath(wxPATH_GET_VOLUME)) ||
+ (aliasStart < 0) || (aliasLen <= 0) ||
+ !XMLValueChecker::IsValidChannel(aliasChannel) || (summaryLen <= 0))
+ return NULL;
+
return new LegacyAliasBlockFile(summaryFileName, aliasFileName,
aliasStart, aliasLen, aliasChannel,
summaryLen, noRMS);
Index: SilentBlockFile.cpp
===================================================================
RCS file: /cvsroot/audacity/audacity-src/src/blockfile/SilentBlockFile.cpp,v
retrieving revision 1.1
retrieving revision 1.1.4.1
diff -u -d -r1.1 -r1.1.4.1
--- SilentBlockFile.cpp 27 Apr 2003 21:11:14 -0000 1.1
+++ SilentBlockFile.cpp 12 Jan 2007 00:27:48 -0000 1.1.4.1
@@ -46,6 +46,7 @@
/// static
BlockFile *SilentBlockFile::BuildFromXML(wxString projDir, const char **attrs)
{
+ long nValue;
sampleCount len = 0;
while(*attrs)
@@ -53,10 +54,18 @@
const char *attr = *attrs++;
const char *value = *attrs++;
- if( !strcmp(attr, "len") )
- len = atoi(value);
+ if (!value)
+ break;
+
+ const wxString strValue = value;
+ if( !strcmp(attr, "len") &&
+ XMLValueChecker::IsGoodInt(strValue) && strValue.ToLong(&nValue))
+ len = nValue;
}
+ if (len <= 0)
+ return NULL;
+
return new SilentBlockFile(len);
}
Index: SimpleBlockFile.cpp
===================================================================
RCS file: /cvsroot/audacity/audacity-src/src/blockfile/SimpleBlockFile.cpp,v
retrieving revision 1.8.2.2
retrieving revision 1.8.2.3
diff -u -d -r1.8.2.2 -r1.8.2.3
--- SimpleBlockFile.cpp 29 May 2004 04:57:50 -0000 1.8.2.2
+++ SimpleBlockFile.cpp 12 Jan 2007 00:27:48 -0000 1.8.2.3
@@ -246,24 +246,42 @@
wxFileName fileName;
float min=0, max=0, rms=0;
sampleCount len = 0;
+ double dblValue;
+ long nValue;
while(*attrs)
{
const char *attr = *attrs++;
const char *value = *attrs++;
+ if (!value)
+ break;
+
+ const wxString strValue = value;
if( !strcmp(attr, "filename") )
- fileName.Assign(projDir, value);
- if( !strcmp(attr, "len") )
- len = atoi(value);
- if( !strcmp(attr, "min") )
- min = Internat::CompatibleToDouble(value);
- if( !strcmp(attr, "max") )
- max = Internat::CompatibleToDouble(value);
- if( !strcmp(attr, "rms") )
- rms = Internat::CompatibleToDouble(value);
+ {
+ if (!XMLValueChecker::IsGoodFileName(strValue, projDir))
+ return NULL;
+ fileName.Assign(projDir, strValue);
+ }
+ else if( !strcmp(attr, "len") && XMLValueChecker::IsGoodInt(strValue)
&& strValue.ToLong(&nValue))
+ len = nValue;
+ else if( !strcmp(attr, "min") &&
+ XMLValueChecker::IsGoodString(strValue) &&
Internat::CompatibleToDouble(strValue, &dblValue))
+ min = dblValue;
+ else if( !strcmp(attr, "max") &&
+ XMLValueChecker::IsGoodString(strValue) &&
Internat::CompatibleToDouble(strValue, &dblValue))
+ max = dblValue;
+ else if( !strcmp(attr, "rms") &&
+ XMLValueChecker::IsGoodString(strValue) &&
Internat::CompatibleToDouble(strValue, &dblValue))
+ rms = dblValue;
}
+ if (!XMLValueChecker::IsGoodFileName(fileName.GetFullName(),
+ fileName.GetPath(wxPATH_GET_VOLUME))
||
+ (len <= 0) || (rms < 0.0))
+ return NULL;
+
return new SimpleBlockFile(fileName, len, min, max, rms);
}
Index: PCMAliasBlockFile.cpp
===================================================================
RCS file: /cvsroot/audacity/audacity-src/src/blockfile/PCMAliasBlockFile.cpp,v
retrieving revision 1.4.2.2
retrieving revision 1.4.2.3
diff -u -d -r1.4.2.2 -r1.4.2.3
--- PCMAliasBlockFile.cpp 5 Dec 2006 03:36:08 -0000 1.4.2.2
+++ PCMAliasBlockFile.cpp 12 Jan 2007 00:27:44 -0000 1.4.2.3
@@ -38,8 +38,6 @@
{
}
-wxString gProjDir = ""; // Needs to be set in BuildFromXML, so just use a
global instead of a member.
-
/// Reads the specified data from the aliased file, using libsndfile,
/// and converts it to the given sample format.
///
@@ -54,13 +52,7 @@
memset(&info, 0, sizeof(info));
- wxString strFullPath = mAliasedFileName.GetFullPath();
- SNDFILE *sf = sf_open(FILENAME(strFullPath), SFM_READ, &info);
- if (!sf) {
- // Allow fallback of looking for the file name, located in the data
directory.
- strFullPath = gProjDir + "\\" + mAliasedFileName.GetFullName();
- sf = sf_open(FILENAME(strFullPath), SFM_READ, &info);
- }
+ SNDFILE *sf = sf_open(FILENAME(mAliasedFileName.GetFullPath()), SFM_READ,
&info);
if (!sf)
return 0;
@@ -135,36 +127,61 @@
BlockFile *PCMAliasBlockFile::BuildFromXML(wxString projDir, const char
**attrs)
{
- gProjDir = projDir;
-
wxFileName summaryFileName;
wxFileName aliasFileName;
int aliasStart=0, aliasLen=0, aliasChannel=0;
float min=0, max=0, rms=0;
+ long nValue;
while(*attrs)
{
const char *attr = *attrs++;
const char *value = *attrs++;
+ if (!value)
+ break;
+ const wxString strValue = value;
if( !wxStricmp(attr, "summaryfile") )
- summaryFileName.Assign(projDir, value);
- if( !wxStricmp(attr, "aliasfile") )
- aliasFileName.Assign(value);
+ {
+ if (!XMLValueChecker::IsGoodFileName(strValue, projDir))
+ return NULL;
+ summaryFileName.Assign(projDir, strValue);
+ }
+ else if( !wxStricmp(attr, "aliasfile") )
+ {
+ if (XMLValueChecker::IsGoodPathName(strValue))
+ aliasFileName.Assign(strValue);
+ else if (XMLValueChecker::IsGoodFileName(strValue, projDir))
+ // Allow fallback of looking for the file name, located in the
data directory.
+ aliasFileName.Assign(projDir, strValue);
+ else
+ return NULL;
+ }
+ else if (XMLValueChecker::IsGoodInt(strValue) &&
strValue.ToLong(&nValue))
+ { // integer parameters
if( !wxStricmp(attr, "aliasstart") )
- aliasStart = atoi(value);
- if( !wxStricmp(attr, "aliaslen") )
- aliasLen = atoi(value);
- if( !wxStricmp(attr, "aliaschannel") )
- aliasChannel = atoi(value);
- if( !wxStricmp(attr, "min") )
- min = atoi(value);
- if( !wxStricmp(attr, "max") )
- max = atoi(value);
- if( !wxStricmp(attr, "rms") )
- rms = atoi(value);
+ aliasStart = nValue;
+ else if( !wxStricmp(attr, "aliaslen") )
+ aliasLen = nValue;
+ else if( !wxStricmp(attr, "aliaschannel") )
+ aliasChannel = nValue;
+ else if( !wxStricmp(attr, "min") )
+ min = nValue;
+ else if( !wxStricmp(attr, "max") )
+ max = nValue;
+ else if( !wxStricmp(attr, "rms") )
+ rms = nValue;
+ }
}
+ if (!XMLValueChecker::IsGoodFileName(summaryFileName.GetFullName(),
+
summaryFileName.GetPath(wxPATH_GET_VOLUME)) ||
+ !XMLValueChecker::IsGoodFileName(aliasFileName.GetFullName(),
+
aliasFileName.GetPath(wxPATH_GET_VOLUME)) ||
+ (aliasStart < 0) || (aliasLen <= 0) ||
+ !XMLValueChecker::IsValidChannel(aliasChannel) || (rms < 0.0))
+ return NULL;
+
return new PCMAliasBlockFile(summaryFileName, aliasFileName,
aliasStart, aliasLen, aliasChannel,
min, max, rms);
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Audacity-cvs mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/audacity-cvs
