Home Explore Help
Sign In
PUBLIC_REPOS
/
buildroot
mirror of git://git.buildroot.net/buildroot
2
1
Fork 0
Files
Tree: e675ffd964
Branches Tags
buildroot
/
package
/
libsndfile
/
0004-sds-fix-int-overflow-warning-in-sample-calculations.patch

0004-sds-fix-int-overflow-warning-in-sample-calculations.patch 2.3 KB
History Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061 
  1. From 2e9f71dd5d5c85b5bd4a0573d1fa05b5b89b33a7 Mon Sep 17 00:00:00 2001
    2. 

  2. From: Alex Stewart <alex.stewart@ni.com>
    3. 

  3. Date: Wed, 11 Oct 2023 16:54:21 -0400
    4. 

  4. Subject: [PATCH] sds: fix int overflow warning in sample calculations
    5. 

  5. 

  6. The sds_*byte_read() functions compose their uint_32 sample buffers by
    7. 

  7. shifting 7bit samples into a 32bit wide buffer, and adding them
    8. 

  8. together. Because the 7bit samples are stored in 32bit ints, code
    9. 

  9. fuzzers become concerned that the addition operation can overflow and
    10. 

  10. cause undefined behavior.
    11. 

  11. 

  12. Instead, bitwise-OR the bytes together - which should accomplish the
    13. 

  13. same arithmetic operation, without risking an int-overflow.
    14. 

  14. 

  15. CVE: CVE-2022-33065
    16. 

  16. Fixes: https://github.com/libsndfile/libsndfile/issues/833
    17. 

  17. 

  18. Signed-off-by: Alex Stewart <alex.stewart@ni.com>
    19. 

  19. 

  20. Do the same for the 3byte and 4byte read functions.
    21. 

  21. 

  22. Upstream: https://github.com/libsndfile/libsndfile/commit/2e9f71dd5d5c85b5bd4a0573d1fa05b5b89b33a7
    23. 

  23. Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
    24. 

  24. ---
    25. 

  25.  src/sds.c | 6 +++---
    26. 

  26.  1 file changed, 3 insertions(+), 3 deletions(-)
    27. 

  27. 

  28. diff --git a/src/sds.c b/src/sds.c
    29. 

  29. index 6bc76171..2a0f164c 100644
    30. 

  30. --- a/src/sds.c
    31. 

  31. +++ b/src/sds.c
    32. 

  32. @@ -454,7 +454,7 @@ sds_2byte_read (SF_PRIVATE *psf, SDS_PRIVATE *psds)
    33. 

  33.  
    34. 

  34.  	ucptr = psds->read_data + 5 ;
    35. 

  35.  	for (k = 0 ; k < 120 ; k += 2)
    36. 

  36. -	{	sample = arith_shift_left (ucptr [k], 25) + arith_shift_left (ucptr [k + 1], 18) ;
    37. 

  37. +	{	sample = arith_shift_left (ucptr [k], 25) | arith_shift_left (ucptr [k + 1], 18) ;
    38. 

  38.  		psds->read_samples [k / 2] = (int) (sample - 0x80000000) ;
    39. 

  39.  		} ;
    40. 

  40.  
    41. 

  41. @@ -498,7 +498,7 @@ sds_3byte_read (SF_PRIVATE *psf, SDS_PRIVATE *psds)
    42. 

  42.  
    43. 

  43.  	ucptr = psds->read_data + 5 ;
    44. 

  44.  	for (k = 0 ; k < 120 ; k += 3)
    45. 

  45. -	{	sample = (((uint32_t) ucptr [k]) << 25) + (ucptr [k + 1] << 18) + (ucptr [k + 2] << 11) ;
    46. 

  46. +	{	sample = (((uint32_t) ucptr [k]) << 25) | (ucptr [k + 1] << 18) | (ucptr [k + 2] << 11) ;
    47. 

  47.  		psds->read_samples [k / 3] = (int) (sample - 0x80000000) ;
    48. 

  48.  		} ;
    49. 

  49.  
    50. 

  50. @@ -542,7 +542,7 @@ sds_4byte_read (SF_PRIVATE *psf, SDS_PRIVATE *psds)
    51. 

  51.  
    52. 

  52.  	ucptr = psds->read_data + 5 ;
    53. 

  53.  	for (k = 0 ; k < 120 ; k += 4)
    54. 

  54. -	{	sample = (((uint32_t) ucptr [k]) << 25) + (ucptr [k + 1] << 18) + (ucptr [k + 2] << 11) + (ucptr [k + 3] << 4) ;
    55. 

  55. +	{	sample = (((uint32_t) ucptr [k]) << 25) | (ucptr [k + 1] << 18) | (ucptr [k + 2] << 11) | (ucptr [k + 3] << 4) ;
    56. 

  56.  		psds->read_samples [k / 4] = (int) (sample - 0x80000000) ;
    57. 

  57.  		} ;
    58. 

  58.  
    59. 

  59. -- 
    60. 

  60. 2.39.5
    61. 

  61.