src/wav.c: Fix heap read overflow

This is CVE-2018-19758.

Closes: https://github.com/erikd/libsndfile/issues/435

Gbp-Pq: Name src-wav.c-Fix-heap-read-overflow.patch
This commit is contained in:
Erik de Castro Lopo 2019-01-01 20:11:46 +11:00 committed by openKylinBot
parent c9e4c46886
commit 2f9f04989a
1 changed files with 3 additions and 1 deletions

View File

@ -1,5 +1,5 @@
/*
** Copyright (C) 1999-2016 Erik de Castro Lopo <erikd@mega-nerd.com>
** Copyright (C) 1999-2019 Erik de Castro Lopo <erikd@mega-nerd.com>
** Copyright (C) 2004-2005 David Viens <davidv@plogue.com>
**
** This program is free software; you can redistribute it and/or modify
@ -1098,6 +1098,8 @@ wav_write_header (SF_PRIVATE *psf, int calc_length)
if (psf->instrument->loop_count > ARRAY_LEN (psf->instrument->loops))
psf->instrument->loop_count = ARRAY_LEN (psf->instrument->loops) ;
/* Loop count is signed 16 bit number so we limit it range to something sensible. */
psf->instrument->loop_count &= 0x7fff ;
for (tmp = 0 ; tmp < psf->instrument->loop_count ; tmp++)
{ int type ;