git » audiofile.git » commit 0eaa49a

Add fix for CVE-2019-13147

author David Runge
2025-08-25 19:27:19 UTC
committer David Runge
2025-08-25 19:27:19 UTC
parent d354bcfdc1f6752141291d33ca2b6d55d550f9c0
Add fix for CVE-2019-13147

Signed-off-by: David Runge <dvzrv@archlinux.org>
.SRCINFO +2 -0
13_CVE-2019-13147.patch +37 -0
PKGBUILD +3 -1
REUSE.toml +1 -0 
diff --git a/.SRCINFO b/.SRCINFO
index 50c0bfb..288951b 100644
--- a/.SRCINFO
+++ b/.SRCINFO
@@ -25,6 +25,7 @@ pkgbase = audiofile
 	source = 10_Check-for-division-by-zero-in-BlockCodec-runPull.patch
 	source = 11_CVE-2018-13440.patch
 	source = 12_CVE-2018-17095.patch
+	source = 13_CVE-2019-13147.patch
 	sha512sums = f9a1182d93e405c21eba79c5cc40962347bff13f1b3b732d9a396e3d1675297515188bd6eb43033aaa00e9bde74ff4628c1614462456529cabba464f03c1d5fa
 	sha512sums = ae11735970eaddb664251614743cb46ae029b4073f4f8ea7cd4570d50c0f4b7f7b426399901b011d1ea799bb99d4ac648e76be97f13a51e32d7a63f97b38a89f
 	sha512sums = 76ce5a29beaa394f3a24e7db7c40864f26119857e78087b6780853d06d4f44e80656c418b2c99d95224d29b69c23c51c54a4c8edac5dbaa4038a9d6c1ef7be06
@@ -38,5 +39,6 @@ pkgbase = audiofile
 	sha512sums = 234b0b520eebccc8e7782735615ad8fb2f7c03937da2b7dec0b091ca35b8a542d4e5c7ad22ed6715f019cdb36992838d7458ef58980bfb4fa80062e764d18ae2
 	sha512sums = e29ab46b2edcbbeb048a7d9e6210d0faac8b75d9a48a663f62b37881e03d34fa97ffaa05d61da53b49404f60f0cadfcbbbb58438ae82af40dd37d0117bf8c631
 	sha512sums = ace83995606f900543f65ce6199fe1a69c757b7b37e92561be1c49c2f827676f888e36132ab3fedf3b9f77d4382ea933480fe326859c092aa95ba2c24e777363
+	sha512sums = bb60d5c90fcadd1790e873aaee10bfef458242c2767b242aefff64687ae00c3b82350284f7b327c296aba7770c78623ab1bffe06e4b289ca47cba99c809fa372
 
 pkgname = audiofile
diff --git a/13_CVE-2019-13147.patch b/13_CVE-2019-13147.patch
new file mode 100644
index 0000000..5c66151
--- /dev/null
+++ b/13_CVE-2019-13147.patch
@@ -0,0 +1,37 @@
+commit 18e39112376f488bf57ca6527d42afc644f06a94 (HEAD -> patch-queue/master)
+Author: Bastien Roucariès <rouca@debian.org>
+Date:   Sat Nov 11 17:43:19 2023 +0000
+
+    Partial fix of CVE-2019-13147
+    
+    This is the fix of the POC. Do not allow too many channel
+    
+    Now it fail with:
+    Audio File Library: invalid file with 1633771873 channels [error 15]
+    Could not open file 'poc' for reading.
+
+diff --git a/libaudiofile/NeXT.cpp b/libaudiofile/NeXT.cpp
+index c462dbe..01c967c 100644
+--- a/libaudiofile/NeXT.cpp
++++ b/libaudiofile/NeXT.cpp
+@@ -32,6 +32,7 @@
+ #include <stdint.h>
+ #include <stdlib.h>
+ #include <string.h>
++#include <limits.h>
+ 
+ #include "File.h"
+ #include "Setup.h"
+@@ -122,6 +123,12 @@ status NeXTFile::readInit(AFfilesetup setup)
+ 		_af_error(AF_BAD_CHANNELS, "invalid file with 0 channels");
+ 		return AF_FAIL;
+ 	}
++	/* avoid overflow of INT for double size rate */
++	if (channelCount > (INT32_MAX / (sizeof(double))))
++	{
++		_af_error(AF_BAD_CHANNELS, "invalid file with %i channels", channelCount);
++		return AF_FAIL;
++	}
+ 
+ 	Track *track = allocateTrack();
+ 	if (!track)
diff --git a/PKGBUILD b/PKGBUILD
index 516ec87..0057af5 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -34,6 +34,7 @@ source=(
   10_Check-for-division-by-zero-in-BlockCodec-runPull.patch
   11_CVE-2018-13440.patch
   12_CVE-2018-17095.patch
+  13_CVE-2019-13147.patch
 )
 sha512sums=('f9a1182d93e405c21eba79c5cc40962347bff13f1b3b732d9a396e3d1675297515188bd6eb43033aaa00e9bde74ff4628c1614462456529cabba464f03c1d5fa'
             'ae11735970eaddb664251614743cb46ae029b4073f4f8ea7cd4570d50c0f4b7f7b426399901b011d1ea799bb99d4ac648e76be97f13a51e32d7a63f97b38a89f'
@@ -47,7 +48,8 @@ sha512sums=('f9a1182d93e405c21eba79c5cc40962347bff13f1b3b732d9a396e3d16752975151
             '51c92ce66e987ae1d4bda65247134097705ef45cf7670401af7943bf6bbfc674089bcfafa49983046b10573ea72900adb96c296739c234d5e98539098eebe022'
             '234b0b520eebccc8e7782735615ad8fb2f7c03937da2b7dec0b091ca35b8a542d4e5c7ad22ed6715f019cdb36992838d7458ef58980bfb4fa80062e764d18ae2'
             'e29ab46b2edcbbeb048a7d9e6210d0faac8b75d9a48a663f62b37881e03d34fa97ffaa05d61da53b49404f60f0cadfcbbbb58438ae82af40dd37d0117bf8c631'
-            'ace83995606f900543f65ce6199fe1a69c757b7b37e92561be1c49c2f827676f888e36132ab3fedf3b9f77d4382ea933480fe326859c092aa95ba2c24e777363')
+            'ace83995606f900543f65ce6199fe1a69c757b7b37e92561be1c49c2f827676f888e36132ab3fedf3b9f77d4382ea933480fe326859c092aa95ba2c24e777363'
+            'bb60d5c90fcadd1790e873aaee10bfef458242c2767b242aefff64687ae00c3b82350284f7b327c296aba7770c78623ab1bffe06e4b289ca47cba99c809fa372')
 
 prepare() {
   cd $pkgname-$pkgver
diff --git a/REUSE.toml b/REUSE.toml
index d360d2e..3d41600 100644
--- a/REUSE.toml
+++ b/REUSE.toml
@@ -35,6 +35,7 @@ path = [
     "10_Check-for-division-by-zero-in-BlockCodec-runPull.patch",
     "11_CVE-2018-13440.patch",
     "12_CVE-2018-17095.patch",
+    "13_CVE-2019-13147.patch",
 ]
 SPDX-FileCopyrightText = "audiofile contributors"
 SPDX-License-Identifier = "Apache-2.0 OR GPL-2.0-or-later OR LGPL-2.1-or-later"