首页 发现 帮助
登录
PUBLIC_REPOS
/
buildroot
镜像自地址 git://git.buildroot.net/buildroot
2
1
派生 0
文件
目录树: e675ffd964
分支列表 标签列表
buildroot
/
package
/
libsndfile
/
0004-sds-fix-int-overflow-warning-in-sample-calculations.patch

0004-sds-fix-int-overflow-warning-in-sample-calculations.patch 2.3 KB
文件历史 原始文件

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061 
  1. From 2e9f71dd5d5c85b5bd4a0573d1fa05b5b89b33a7 Mon Sep 17 00:00:00 2001
    2. 

  2. From: Alex Stewart <alex.stewart@ni.com>
    3. 

  3. Date: Wed, 11 Oct 2023 16:54:21 -0400
    4. 

  4. Subject: [PATCH] sds: fix int overflow warning in sample calculations
    5. 

  5. 

  6. The sds_*byte_read() functions compose their uint_32 sample buffers by
    7. 

  7. shifting 7bit samples into a 32bit wide buffer, and adding them
    8. 

  8. together. Because the 7bit samples are stored in 32bit ints, code
    9. 

  9. fuzzers become concerned that the addition operation can overflow and
    10. 

  10. cause undefined behavior.
    11. 

  11. 

  12. Instead, bitwise-OR the bytes together - which should accomplish the
    13. 

  13. same arithmetic operation, without risking an int-overflow.
    14. 

  14. 

  15. CVE: CVE-2022-33065
    16. 

  16. Fixes: https://github.com/libsndfile/libsndfile/issues/833
    17. 

  17. 

  18. Signed-off-by: Alex Stewart <alex.stewart@ni.com>
    19. 

  19. 

  20. Do the same for the 3byte and 4byte read functions.
    21. 

  21. 

  22. Upstream: https://github.com/libsndfile/libsndfile/commit/2e9f71dd5d5c85b5bd4a0573d1fa05b5b89b33a7
    23. 

  23. Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
    24. 

  24. ---
    25. 

  25.  src/sds.c | 6 +++---
    26. 

  26.  1 file changed, 3 insertions(+), 3 deletions(-)
    27. 

  27. 

  28. diff --git a/src/sds.c b/src/sds.c
    29. 

  29. index 6bc76171..2a0f164c 100644
    30. 

  30. --- a/src/sds.c
    31. 

  31. +++ b/src/sds.c
    32. 

  32. @@ -454,7 +454,7 @@ sds_2byte_read (SF_PRIVATE *psf, SDS_PRIVATE *psds)
    33. 

  33.  
    34. 

  34.  	ucptr = psds->read_data + 5 ;
    35. 

  35.  	for (k = 0 ; k < 120 ; k += 2)
    36. 

  36. -	{	sample = arith_shift_left (ucptr [k], 25) + arith_shift_left (ucptr [k + 1], 18) ;
    37. 

  37. +	{	sample = arith_shift_left (ucptr [k], 25) | arith_shift_left (ucptr [k + 1], 18) ;
    38. 

  38.  		psds->read_samples [k / 2] = (int) (sample - 0x80000000) ;
    39. 

  39.  		} ;
    40. 

  40.  
    41. 

  41. @@ -498,7 +498,7 @@ sds_3byte_read (SF_PRIVATE *psf, SDS_PRIVATE *psds)
    42. 

  42.  
    43. 

  43.  	ucptr = psds->read_data + 5 ;
    44. 

  44.  	for (k = 0 ; k < 120 ; k += 3)
    45. 

  45. -	{	sample = (((uint32_t) ucptr [k]) << 25) + (ucptr [k + 1] << 18) + (ucptr [k + 2] << 11) ;
    46. 

  46. +	{	sample = (((uint32_t) ucptr [k]) << 25) | (ucptr [k + 1] << 18) | (ucptr [k + 2] << 11) ;
    47. 

  47.  		psds->read_samples [k / 3] = (int) (sample - 0x80000000) ;
    48. 

  48.  		} ;
    49. 

  49.  
    50. 

  50. @@ -542,7 +542,7 @@ sds_4byte_read (SF_PRIVATE *psf, SDS_PRIVATE *psds)
    51. 

  51.  
    52. 

  52.  	ucptr = psds->read_data + 5 ;
    53. 

  53.  	for (k = 0 ; k < 120 ; k += 4)
    54. 

  54. -	{	sample = (((uint32_t) ucptr [k]) << 25) + (ucptr [k + 1] << 18) + (ucptr [k + 2] << 11) + (ucptr [k + 3] << 4) ;
    55. 

  55. +	{	sample = (((uint32_t) ucptr [k]) << 25) | (ucptr [k + 1] << 18) | (ucptr [k + 2] << 11) | (ucptr [k + 3] << 4) ;
    56. 

  56.  		psds->read_samples [k / 4] = (int) (sample - 0x80000000) ;
    57. 

  57.  		} ;
    58. 

  58.  
    59. 

  59. -- 
    60. 

  60. 2.39.5
    61. 

  61.