3
5
Fork 0
mirror of git://git.savannah.gnu.org/guix.git synced 2023-12-14 03:33:07 +01:00
guix/gnu/packages/patches/mpg321-CVE-2019-14247.patch
Kei Kebreau 109f58444b
gnu: mpg321: Fix CVE-2019-14247.
* gnu/packages/patches/mpg321-CVE-2019-14247.patch: New file.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/mp3.scm (mpg321)[source]: Apply it.

Signed-off-by: Léo Le Bouter <lle-bout@zaclys.net>
Signed-off-by: Leo Famulari <leo@famulari.name>
2021-03-16 19:12:36 +01:00

23 lines
1 KiB
Diff

This patch was downloaded from https://sourceforge.net/p/mpg321/bugs/51/ and
fixes CVE-2019-14247.
Description: Handle illegal bitrate value
Author: Chrysostomos Nanakos <cnanakos@debian.org>
Bug-Debian: https://bugs.debian.org/870406
Bug-Debian: https://bugs.debian.org/887057
--- mpg321-0.3.2.orig/mad.c
+++ mpg321-0.3.2/mad.c
@@ -574,6 +574,12 @@ void scan(void const *ptr, ssize_t len,
if (!is_vbr)
{
+ if (header.bitrate <= 0)
+ {
+ fprintf(stderr, "Illegal bit allocation value\n");
+ return;
+ }
+
double time = (len * 8.0) / (header.bitrate); /* time in seconds */
double timefrac = (double)time - ((long)(time));
long nsamples = 32 * MAD_NSBSAMPLES(&header); /* samples per frame */