forked from mirrors/nixpkgs
sox: 14.4.1 -> 14.4.2
This commit is contained in:
taku0
parent
6727f76739
commit
cec63e87a2
|
|
@ -1,28 +0,0 @@
|
||||||
From 55e33019afcb3256cccedf606548b86816f6da59 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Chris Bagwell <chris@cnpbagwell.com>
|
|
||||||
Date: Sat, 13 Dec 2014 12:48:37 -0600
|
|
||||||
Subject: [PATCH 1/2] Check for minimum size sphere headers
|
|
||||||
|
|
||||||
---
|
|
||||||
src/sphere.c | 5 +++++
|
|
||||||
1 file changed, 5 insertions(+)
|
|
||||||
|
|
||||||
diff --git a/src/sphere.c b/src/sphere.c
|
|
||||||
index 479a552..a3fd1c6 100644
|
|
||||||
--- a/src/sphere.c
|
|
||||||
+++ b/src/sphere.c
|
|
||||||
@@ -47,6 +47,11 @@ static int start_read(sox_format_t * ft)
|
|
||||||
|
|
||||||
/* Determine header size, and allocate a buffer large enough to hold it. */
|
|
||||||
sscanf(fldsval, "%lu", &header_size_ul);
|
|
||||||
+ if (header_size_ul < 16) {
|
|
||||||
+ lsx_fail_errno(ft, SOX_EHDR, "Error reading Sphere header");
|
|
||||||
+ return (SOX_EOF);
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
buf = lsx_malloc(header_size = header_size_ul);
|
|
||||||
|
|
||||||
/* Skip what we have read so far */
|
|
||||||
--
|
|
||||||
2.1.0
|
|
||||||
|
|
||||||
|
|
@ -1,28 +0,0 @@
|
||||||
From ebb64cddde59ecc9cedf3741ce2337c72148cc0c Mon Sep 17 00:00:00 2001
|
|
||||||
From: Chris Bagwell <chris@cnpbagwell.com>
|
|
||||||
Date: Sat, 13 Dec 2014 12:49:55 -0600
|
|
||||||
Subject: [PATCH 2/2] More checks for invalid MS ADPCM blocks.
|
|
||||||
|
|
||||||
If block doesn't exacty match blockAlign then do not allow
|
|
||||||
number of samples in invalid size block to ever be more than
|
|
||||||
what WAV header defined as samplesPerBlock.
|
|
||||||
---
|
|
||||||
src/wav.c | 2 +-
|
|
||||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/src/wav.c b/src/wav.c
|
|
||||||
index 61d5908..5202556 100644
|
|
||||||
--- a/src/wav.c
|
|
||||||
+++ b/src/wav.c
|
|
||||||
@@ -168,7 +168,7 @@ static unsigned short AdpcmReadBlock(sox_format_t * ft)
|
|
||||||
/* work with partial blocks. Specs say it should be null */
|
|
||||||
/* padded but I guess this is better than trailing quiet. */
|
|
||||||
samplesThisBlock = lsx_ms_adpcm_samples_in((size_t)0, (size_t)ft->signal.channels, bytesRead, (size_t)0);
|
|
||||||
- if (samplesThisBlock == 0)
|
|
||||||
+ if (samplesThisBlock == 0 || samplesThisBlock > wav->samplesPerBlock)
|
|
||||||
{
|
|
||||||
lsx_warn("Premature EOF on .wav input file");
|
|
||||||
return 0;
|
|
||||||
--
|
|
||||||
2.1.0
|
|
||||||
|
|
||||||
|
|
@ -11,20 +11,13 @@
|
||||||
with stdenv.lib;
|
with stdenv.lib;
|
||||||
|
|
||||||
stdenv.mkDerivation rec {
|
stdenv.mkDerivation rec {
|
||||||
name = "sox-14.4.1";
|
name = "sox-14.4.2";
|
||||||
|
|
||||||
src = fetchurl {
|
src = fetchurl {
|
||||||
url = "mirror://sourceforge/sox/${name}.tar.gz";
|
url = "mirror://sourceforge/sox/${name}.tar.gz";
|
||||||
sha256 = "16x8gykfjdhxg0kdxwzcwgwpm5caa08y2mx18siqsq0ywmpjr34s";
|
sha256 = "0v2znlxkxxcd3f48hf3dx9pq7i6fdhb62kgj7wv8xggz8f35jpxl";
|
||||||
};
|
};
|
||||||
|
|
||||||
patches = [
|
|
||||||
# Patches for CVE-2014-8145, found via RedHat bug 1174792. It was not
|
|
||||||
# clear whether these address a NULL deref and a division by zero.
|
|
||||||
./0001-Check-for-minimum-size-sphere-headers.patch
|
|
||||||
./0002-More-checks-for-invalid-MS-ADPCM-blocks.patch
|
|
||||||
];
|
|
||||||
|
|
||||||
buildInputs =
|
buildInputs =
|
||||||
optional (enableAlsa && stdenv.isLinux) alsaLib ++
|
optional (enableAlsa && stdenv.isLinux) alsaLib ++
|
||||||
optional enableLibao libao ++
|
optional enableLibao libao ++
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue