commit: 22ab7121945950659d4325be712f786164699a6c Author: Miroslav Šulc <fordfrog <AT> gentoo <DOT> org> AuthorDate: Sat Jan 2 11:53:18 2021 +0000 Commit: Miroslav Šulc <fordfrog <AT> gentoo <DOT> org> CommitDate: Sat Jan 2 11:53:24 2021 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=22ab7121
media-sound/wavpack: fixed out of bound write Bug: https://bugs.gentoo.org/762154 Package-Manager: Portage-3.0.12, Repoman-3.0.2 Signed-off-by: Miroslav Šulc <fordfrog <AT> gentoo.org> .../files/wavpack-5.3.2-fix-overflows.patch | 52 ++++++++++++++++++++++ ...avpack-5.3.2.ebuild => wavpack-5.3.2-r1.ebuild} | 6 ++- 2 files changed, 57 insertions(+), 1 deletion(-) diff --git a/media-sound/wavpack/files/wavpack-5.3.2-fix-overflows.patch b/media-sound/wavpack/files/wavpack-5.3.2-fix-overflows.patch new file mode 100644 index 00000000000..fbbd40ba8bd --- /dev/null +++ b/media-sound/wavpack/files/wavpack-5.3.2-fix-overflows.patch @@ -0,0 +1,52 @@ +From 89df160596132e3bd666322e1c20b2ebd4b92cd0 Mon Sep 17 00:00:00 2001 +From: David Bryant <[email protected]> +Date: Tue, 29 Dec 2020 20:47:19 -0800 +Subject: [PATCH] issue #91: fix integer overflows resulting in buffer overruns + and sanitize a few more encoding parameters for clarity + +--- + src/pack_utils.c | 15 ++++++++++----- + 1 file changed, 10 insertions(+), 5 deletions(-) + +diff --git a/src/pack_utils.c b/src/pack_utils.c +index 17d9381..480ab90 100644 +--- a/src/pack_utils.c ++++ b/src/pack_utils.c +@@ -200,8 +200,13 @@ int WavpackSetConfiguration64 (WavpackContext *wpc, WavpackConfig *config, int64 + return FALSE; + } + +- if (!num_chans) { +- strcpy (wpc->error_message, "channel count cannot be zero!"); ++ if (num_chans <= 0 || num_chans > NEW_MAX_STREAMS * 2) { ++ strcpy (wpc->error_message, "invalid channel count!"); ++ return FALSE; ++ } ++ ++ if (config->block_samples && (config->block_samples < 16 || config->block_samples > 131072)) { ++ strcpy (wpc->error_message, "invalid custom block samples!"); + return FALSE; + } + +@@ -523,7 +528,7 @@ int WavpackPackInit (WavpackContext *wpc) + if (wpc->config.num_channels == 1) + wpc->block_samples *= 2; + +- while (wpc->block_samples > 12000 && wpc->block_samples * wpc->config.num_channels > 300000) ++ while (wpc->block_samples > 12000 && (int64_t) wpc->block_samples * wpc->config.num_channels > 300000) + wpc->block_samples /= 2; + } + else { +@@ -534,10 +539,10 @@ int WavpackPackInit (WavpackContext *wpc) + + wpc->block_samples = wpc->config.sample_rate / divisor; + +- while (wpc->block_samples > 12000 && wpc->block_samples * wpc->config.num_channels > 75000) ++ while (wpc->block_samples > 12000 && (int64_t) wpc->block_samples * wpc->config.num_channels > 75000) + wpc->block_samples /= 2; + +- while (wpc->block_samples * wpc->config.num_channels < 20000) ++ while ((int64_t) wpc->block_samples * wpc->config.num_channels < 20000) + wpc->block_samples *= 2; + } + diff --git a/media-sound/wavpack/wavpack-5.3.2.ebuild b/media-sound/wavpack/wavpack-5.3.2-r1.ebuild similarity index 91% rename from media-sound/wavpack/wavpack-5.3.2.ebuild rename to media-sound/wavpack/wavpack-5.3.2-r1.ebuild index 33880cc9703..c34faa9eee4 100644 --- a/media-sound/wavpack/wavpack-5.3.2.ebuild +++ b/media-sound/wavpack/wavpack-5.3.2-r1.ebuild @@ -1,4 +1,4 @@ -# Copyright 1999-2020 Gentoo Authors +# Copyright 1999-2021 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=7 @@ -23,6 +23,10 @@ DEPEND="${RDEPEND}" S="${WORKDIR}/WavPack-${COMMIT}" +PATCHES=( + "${FILESDIR}/${P}-fix-overflows.patch" +) + src_prepare() { default eautoreconf
