packages/speex
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!10 wav_io: check for EOF when seeking in wav

Browse Source 
From: @tong_1001 
Reviewed-by: @overweight 
Signed-off-by: @overweight
This commit is contained in:
openeuler-ci-bot 2022-06-21 01:26:42 +00:00 committed by Gitee
commit 4822420ecb
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
2 changed files with 67 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

59
backport-wav_io-check-for-EOF-when-seeking-in-wav.patch Normal file
View File

@ -0,0 +1,59 @@
From bdc392257c330e49872a5217dfb56becd1ee8f45 Mon Sep 17 00:00:00 2001
From: Tristan Matthews <tmatth@videolan.org>
Date: Tue, 11 Sep 2018 05:12:53 -0400
Subject: [PATCH] wav_io: check for EOF when seeking in wav
Fixes hang discovered by fuzzing: https://github.com/xiph/speex/issues/9
---
src/wav_io.c | 24 +++++++++++++++++-------
1 file changed, 17 insertions(+), 7 deletions(-)
diff --git a/src/wav_io.c b/src/wav_io.c
index c2e2bc85..b5183015 100644
--- a/src/wav_io.c
+++ b/src/wav_io.c
@@ -75,8 +75,11 @@ int read_wav_header(FILE *file, int *rate, int *channels, int *format, spx_int32
itmp = le_int(itmp);
/*fprintf (stderr, "skip=%d\n", itmp);*/
/*strange way of seeking, but it works even for pipes*/
- for (i=0;i<itmp;i++)
- fgetc(file);
+ for (i=0;i<itmp;i++) {
+ if (fgetc(file) == EOF) {
+ break;
+ }
+ }
/*fseek(file, itmp, SEEK_CUR);*/
fread(ch, 1, 4, file);
if (feof(file))
@@ -152,9 +155,13 @@ int read_wav_header(FILE *file, int *rate, int *channels, int *format, spx_int32
/*strange way of seeking, but it works even for pipes*/
- if (skip_bytes>0)
- for (i=0;i<skip_bytes;i++)
- fgetc(file);
+ if (skip_bytes>0) {
+ for (i=0;i<skip_bytes;i++) {
+ if (fgetc(file) == EOF) {
+ break;
+ }
+ }
+ }
/*fseek(file, skip_bytes, SEEK_CUR);*/
@@ -164,8 +171,11 @@ int read_wav_header(FILE *file, int *rate, int *channels, int *format, spx_int32
fread(&itmp, 4, 1, file);
itmp = le_int(itmp);
/*strange way of seeking, but it works even for pipes*/
- for (i=0;i<itmp;i++)
- fgetc(file);
+ for (i=0;i<itmp;i++) {
+ if (fgetc(file) == EOF) {
+ break;
+ }
+ }
/*fseek(file, itmp, SEEK_CUR);*/
fread(ch, 1, 4, file);
if (feof(file))

9
speex.spec
View File

@ -1,6 +1,6 @@
Name: speex
Version: 1.2.0
Release: 6
Release: 7
Summary: A Free Codec For Free Speech
License: BSD
URL: https://www.speex.org/
@ -8,6 +8,7 @@ Source0: http://downloads.us.xiph.org/releases/speex/%{name}-%{version}.tar.gz
Patch6000: backport-math_approx-use-unsigned-int-for-LCG-pseudorandom-ge.patch
Patch6001: backport-CVE-2020-23903.patch
Patch6002: backport-wav_io-check-for-EOF-when-seeking-in-wav.patch
BuildRequires: gcc git pkgconfig(ogg) pkgconfig(speexdsp)
@ -70,6 +71,12 @@ This package is the development and files for speex.
%{_mandir}/man1/speexdec.1.gz
%changelog
* Mon Jun 20 2022 shixuantong<shixuantong@h-partners.com> - 1.2.0-7
- Type:bugfix
- ID:NA
- SUG:NA
- DESC:check for EOF when seeking in wav
* Mon Jun 06 2022 shixuantong<shixuantong@h-partners.com> - 1.2.0-6
- Type:CVE
- ID:CVE-2020-23903