commit 18e39112376f488bf57ca6527d42afc644f06a94 (HEAD -> patch-queue/master)
Author: Bastien Roucariès <rouca@debian.org>
Date: Sat Nov 11 17:43:19 2023 +0000
Partial fix of CVE-2019-13147
This is the fix of the POC. Do not allow too many channel
Now it fail with:
Audio File Library: invalid file with 1633771873 channels [error 15]
Could not open file 'poc' for reading.
diff --git a/libaudiofile/NeXT.cpp b/libaudiofile/NeXT.cpp
index c462dbe..01c967c 100644
--- a/libaudiofile/NeXT.cpp
+++ b/libaudiofile/NeXT.cpp
@@ -32,6 +32,7 @@
#include <stdint.h>
#include <stdlib.h>
#include <string.h>
+#include <limits.h>
#include "File.h"
#include "Setup.h"
@@ -122,6 +123,12 @@ status NeXTFile::readInit(AFfilesetup setup)
_af_error(AF_BAD_CHANNELS, "invalid file with 0 channels");
return AF_FAIL;
}
+ /* avoid overflow of INT for double size rate */
+ if (channelCount > (INT32_MAX / (sizeof(double))))
+ {
+ _af_error(AF_BAD_CHANNELS, "invalid file with %i channels", channelCount);
+ return AF_FAIL;
+ }
Track *track = allocateTrack();
if (!track)