Sign Up
Log In
Sign Up
Username:
*
Email:
*
Password:
*
Password confirmation:
*
or
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
Games:steam:SLE-15-SP3
SDL
CVE-2019-7575.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-2019-7575.patch of Package SDL
diff --git a/src/audio/SDL_wave.c b/src/audio/SDL_wave.c index e42d01c..b6c49de 100644 --- a/src/audio/SDL_wave.c +++ b/src/audio/SDL_wave.c @@ -115,7 +115,7 @@ static Sint32 MS_ADPCM_nibble(struct MS_ADPCM_decodestate *state, static int MS_ADPCM_decode(Uint8 **audio_buf, Uint32 *audio_len) { struct MS_ADPCM_decodestate *state[2]; - Uint8 *freeable, *encoded, *encoded_end, *decoded; + Uint8 *freeable, *encoded, *encoded_end, *decoded, *decoded_end; Sint32 encoded_len, samplesleft; Sint8 nybble, stereo; Sint16 *coeff[2]; @@ -135,6 +135,7 @@ static int MS_ADPCM_decode(Uint8 **audio_buf, Uint32 *audio_len) return(-1); } decoded = *audio_buf; + decoded_end = decoded + *audio_len; /* Get ready... Go! */ stereo = (MS_ADPCM_state.wavefmt.channels == 2); @@ -142,7 +143,7 @@ static int MS_ADPCM_decode(Uint8 **audio_buf, Uint32 *audio_len) state[1] = &MS_ADPCM_state.state[stereo]; while ( encoded_len >= MS_ADPCM_state.wavefmt.blockalign ) { /* Grab the initial information for this block */ - if (encoded + 7 + (stereo ? 7 : 0) > encoded_end) goto too_short; + if (encoded + 7 + (stereo ? 7 : 0) > encoded_end) goto invalid_size; state[0]->hPredictor = *encoded++; if ( stereo ) { state[1]->hPredictor = *encoded++; @@ -169,6 +170,7 @@ static int MS_ADPCM_decode(Uint8 **audio_buf, Uint32 *audio_len) coeff[1] = MS_ADPCM_state.aCoeff[state[1]->hPredictor]; /* Store the two initial samples we start with */ + if (decoded + 4 + (stereo ? 4 : 0) > decoded_end) goto invalid_size; decoded[0] = state[0]->iSamp2&0xFF; decoded[1] = state[0]->iSamp2>>8; decoded += 2; @@ -190,7 +192,8 @@ static int MS_ADPCM_decode(Uint8 **audio_buf, Uint32 *audio_len) samplesleft = (MS_ADPCM_state.wSamplesPerBlock-2)* MS_ADPCM_state.wavefmt.channels; while ( samplesleft > 0 ) { - if (encoded + 1 > encoded_end) goto too_short; + if (encoded + 1 > encoded_end) goto invalid_size; + if (decoded + 4 > decoded_end) goto invalid_size; nybble = (*encoded)>>4; new_sample = MS_ADPCM_nibble(state[0],nybble,coeff[0]); @@ -213,8 +216,8 @@ static int MS_ADPCM_decode(Uint8 **audio_buf, Uint32 *audio_len) } SDL_free(freeable); return(0); -too_short: - SDL_SetError("Too short chunk for a MS ADPCM decoder"); +invalid_size: + SDL_SetError("Unexpected chunk length for a MS ADPCM decoder"); SDL_free(freeable); return(-1); }
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Contact
Support
@OBShq
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor
