Skip to content

Commit

Permalink
fixes for 4 fuzz failures posted to SourceForge mailing list
Browse files Browse the repository at this point in the history
  • Loading branch information
@dbry
dbry committed Dec 22, 2016
1 parent df0488c commit 4bc05fc
Show file tree
Hide file tree
Showing 2 changed files with 9 additions and 1 deletion.
6 changes: 5 additions & 1 deletion src/open_utils.c
View file
Expand Up @@ -560,7 +560,7 @@ static int read_new_config_info (WavpackContext *wpc, WavpackMetadata *wpmd)

// if there's any data, the first two bytes are file_format and qmode flags

if (bytecnt) {
if (bytecnt >= 2) {
wpc->file_format = *byteptr++;
wpc->config.qmode = (wpc->config.qmode & ~0xff) | *byteptr++;
bytecnt -= 2;
Expand Down Expand Up @@ -593,6 +593,10 @@ static int read_new_config_info (WavpackContext *wpc, WavpackMetadata *wpmd)
for (i = 0; i < nchans; ++i)
if (bytecnt) {
wpc->channel_reordering [i] = *byteptr++;

if (wpc->channel_reordering [i] >= nchans) // make sure index is in range
wpc->channel_reordering [i] = 0;

bytecnt--;
}
else
Expand Down
4 changes: 4 additions & 0 deletions src/read_words.c
View file
Expand Up @@ -288,6 +288,10 @@ int32_t FASTCALL get_word (WavpackStream *wps, int chan, int32_t *correction)

low &= 0x7fffffff;
high &= 0x7fffffff;

if (low > high) // make sure high and low make sense
high = low;

mid = (high + low + 1) >> 1;

if (!c->error_limit)
Expand Down

4 comments on commit 4bc05fc

@carnil
Copy link

@carnil carnil commented on 4bc05fc Jan 29, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Four CVEs habe been assigned for the issues fixed by this commit:

http://www.openwall.com/lists/oss-security/2017/01/28/9

@sergiomb2
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

and fixes for WavPack 4.80.0 Release ?
this patch is not applicable to the current version 4.80.0 [1] not even exist the function read_new_config_info only read_config_info and is quite different in
src/open_utils.c
https://bugzilla.redhat.com/show_bug.cgi?id=1417853

@dbry
Copy link
Owner Author

@dbry dbry commented on 4bc05fc Feb 1, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Two of the three fixes here are only related to features added since 4.80, so they would not apply. Only the fix in read_words.c could be backported.

There have actually been several other similar fixes since 4.80, but many of these are also specific to new features, and so would have to be examined on a case-by-case basis. Also, some of the fixes affect only encoding (not decoding) so they do not pose a risk.

cbdf3fd
6e7936b
7235ce7
3cc16c5
bfe11dd

I do not understand the rationale behind trying to apply these fixes to previous versions, especially because applying the patches without all the context and more testing could even trigger other issues.

Wouldn't it be just as easy to upgrade to the most recent release? The current release has been extensively tested by AFL and is probably the most robust WavPack release to date. It is also 100% functionally compatible with 4.80 (no broken apps).

@sergiomb2
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Wouldn't it be just as easy to upgrade to the most recent release?

Hello , oops I think I confused WavPack with touchsound , I though I can't update it without rebuild a bunch of packages do a soname bump [1] , so now, IIRC is smooth update wavpack (all others packages will still work) I will update first on f26 and in my local computer if no problems , I will update lower versions and also EPEL packages.
Thank you for the feedback.

[1] for example https://ask.fedoraproject.org/en/question/83662/why-audacity-is-not-working/?answer=83736#post-id-83736

Please sign in to comment.