ports/audio/sox/patches/patch-src_hcom_c

https://marc.info/?l=oss-security&m=167571683504082&w=2

Index: src/hcom.c
--- src/hcom.c.orig
+++ src/hcom.c
@@ -141,6 +141,11 @@ static int startread(sox_format_t * ft)
                 return (SOX_EOF);
         }
         lsx_readw(ft, &dictsize);
+        if (dictsize == 0 || dictsize > 511)
+        {
+                lsx_fail_errno(ft, SOX_EHDR, "Implausible dictionary size in HCOM header");
+                return SOX_EOF;
+        }
 
         /* Translate to sox parameters */
         ft->encoding.encoding = SOX_ENCODING_HCOM;
@@ -161,13 +166,18 @@ static int startread(sox_format_t * ft)
                        p->dictionary[i].dict_rightson);
                 if (!dictvalid(i, dictsize, p->dictionary[i].dict_leftson,
                                p->dictionary[i].dict_rightson)) {
+                        free(p->dictionary);
+                        p->dictionary = NULL;
                         lsx_fail_errno(ft, SOX_EHDR, "Invalid dictionary");
                         return SOX_EOF;
                 }
         }
         rc = lsx_skipbytes(ft, (size_t) 1); /* skip pad byte */
-        if (rc)
+        if (rc) {
+            free(p->dictionary);
+            p->dictionary = NULL;
             return rc;
+        }
 
         /* Initialized the decompression engine */
         p->checksum = checksum;
@@ -249,6 +259,9 @@ static int stopread(sox_format_t * ft)
 {
         register priv_t *p = (priv_t *) ft->priv;
 
+        free(p->dictionary);
+        p->dictionary = NULL;
+
         if (p->huffcount != 0)
         {
                 lsx_fail_errno(ft,SOX_EFMT,"not all HCOM data read");
@@ -259,8 +272,7 @@ static int stopread(sox_format_t * ft)
                 lsx_fail_errno(ft,SOX_EFMT,"checksum error in HCOM data");
                 return (SOX_EOF);
         }
-        free(p->dictionary);
-        p->dictionary = NULL;
+
         return (SOX_SUCCESS);
 }
SecBSD's official ports repository 2023-08-16 22:26:55 +00:00			`https://marc.info/?l=oss-security&m=167571683504082&w=2`

			`Index: src/hcom.c`
			`--- src/hcom.c.orig`
			`+++ src/hcom.c`
			`@@ -141,6 +141,11 @@ static int startread(sox_format_t * ft)`
			`return (SOX_EOF);`
			`}`
			`lsx_readw(ft, &dictsize);`
			`+ if (dictsize == 0 \|\| dictsize > 511)`
			`+ {`
			`+ lsx_fail_errno(ft, SOX_EHDR, "Implausible dictionary size in HCOM header");`
			`+ return SOX_EOF;`
			`+ }`

			`/* Translate to sox parameters */`
			`ft->encoding.encoding = SOX_ENCODING_HCOM;`
			`@@ -161,13 +166,18 @@ static int startread(sox_format_t * ft)`
			`p->dictionary[i].dict_rightson);`
			`if (!dictvalid(i, dictsize, p->dictionary[i].dict_leftson,`
			`p->dictionary[i].dict_rightson)) {`
			`+ free(p->dictionary);`
			`+ p->dictionary = NULL;`
			`lsx_fail_errno(ft, SOX_EHDR, "Invalid dictionary");`
			`return SOX_EOF;`
			`}`
			`}`
			`rc = lsx_skipbytes(ft, (size_t) 1); /* skip pad byte */`
			`- if (rc)`
			`+ if (rc) {`
			`+ free(p->dictionary);`
			`+ p->dictionary = NULL;`
			`return rc;`
			`+ }`

			`/* Initialized the decompression engine */`
			`p->checksum = checksum;`
			`@@ -249,6 +259,9 @@ static int stopread(sox_format_t * ft)`
			`{`
			`register priv_t p = (priv_t ) ft->priv;`

			`+ free(p->dictionary);`
			`+ p->dictionary = NULL;`
			`+`
			`if (p->huffcount != 0)`
			`{`
			`lsx_fail_errno(ft,SOX_EFMT,"not all HCOM data read");`
			`@@ -259,8 +272,7 @@ static int stopread(sox_format_t * ft)`
			`lsx_fail_errno(ft,SOX_EFMT,"checksum error in HCOM data");`
			`return (SOX_EOF);`
			`}`
			`- free(p->dictionary);`
			`- p->dictionary = NULL;`
			`+`
			`return (SOX_SUCCESS);`
			`}`