[Vorbis-dev] [PATCH] oggenc: Fix crash by invalid channels in WAV files
Takashi Iwai
tiwai at suse.de
Wed Feb 4 16:55:17 UTC 2015
Fix the crash of oggenc when parsing a WAV file including zero or a
negative number of channels.
Fixes for both CVE-2014-9638 and CVE-2014-9639
---
oggenc/audio.c | 6 ++++++
1 file changed, 6 insertions(+)
--- a/oggenc/audio.c
+++ b/oggenc/audio.c
@@ -455,6 +455,12 @@ int wav_open(FILE *in, oe_enc_opt *opt,
format.align = READ_U16_LE(buf+12);
format.samplesize = READ_U16_LE(buf+14);
+ if(format.channels <= 0)
+ {
+ fprintf(stderr,"ERROR: Invalid number of channels (%d) found in WAV file\n", format.channels);
+ return 0;
+ }
+
if(format.format == -2) /* WAVE_FORMAT_EXTENSIBLE */
{
if(len<40)
More information about the Vorbis-dev
mailing list