Sign Up
Log In
Sign Up
Username:
*
Email:
*
Password:
*
Password confirmation:
*
or
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
Games:steam:SLE-15-SP3
SDL
CVE-2019-7572.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-2019-7572.patch of Package SDL
diff --git a/src/audio/SDL_wave.c b/src/audio/SDL_wave.c index 2968b3d..caf41ee 100644 --- a/src/audio/SDL_wave.c +++ b/src/audio/SDL_wave.c @@ -275,6 +275,13 @@ static Sint32 IMA_ADPCM_nibble(struct IMA_ADPCM_decodestate *state,Uint8 nybble) }; Sint32 delta, step; + if ( state->index > 88 ) { + state->index = 88; + } else + if ( state->index < 0 ) { + state->index = 0; + } + /* Compute difference and new sample value */ step = step_table[state->index]; delta = step >> 3; @@ -334,7 +341,7 @@ static void Fill_IMA_ADPCM_block(Uint8 *decoded, Uint8 *encoded, static int IMA_ADPCM_decode(Uint8 **audio_buf, Uint32 *audio_len) { struct IMA_ADPCM_decodestate *state; - Uint8 *freeable, *encoded, *encoded_end, *decoded; + Uint8 *freeable, *encoded, *encoded_end, *decoded, *decoded_end; Sint32 encoded_len, samplesleft; unsigned int c, channels; @@ -361,7 +368,7 @@ static int IMA_ADPCM_decode(Uint8 **audio_buf, Uint32 *audio_len) return(-1); } decoded = *audio_buf; - + decoded_end = decoded + *audio_len; /* Get ready... Go! */ while ( encoded_len >= IMA_ADPCM_state.wavefmt.blockalign ) { /* Grab the initial information for this block */ @@ -380,6 +387,7 @@ static int IMA_ADPCM_decode(Uint8 **audio_buf, Uint32 *audio_len) } /* Store the initial sample we start with */ + if (decoded + 2 > decoded_end) goto invalid_size; decoded[0] = (Uint8)(state[c].sample&0xFF); decoded[1] = (Uint8)(state[c].sample>>8); decoded += 2; @@ -390,6 +398,7 @@ static int IMA_ADPCM_decode(Uint8 **audio_buf, Uint32 *audio_len) while ( samplesleft > 0 ) { for ( c=0; c<channels; ++c ) { if (encoded + 4 > encoded_end) goto invalid_size; + if (decoded + 4 * 4 * channels > decoded_end) goto invalid_size; Fill_IMA_ADPCM_block(decoded, encoded, c, channels, &state[c]); encoded += 4;
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Contact
Support
@OBShq
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor
