| Andrew Geissler | 595f630 | 2022-01-24 19:11:47 +0000 | [diff] [blame] | 1 | Backport patch to fix CVE-2020-23903. |
| 2 | |
| 3 | CVE: CVE-2020-23903 |
| 4 | Upstream-Status: Backport [https://github.com/xiph/speex/commit/870ff84] |
| 5 | |
| 6 | Signed-off-by: Kai Kang <kai.kang@windriver.com> |
| 7 | |
| 8 | From 870ff845b32f314aec0036641ffe18aba4916887 Mon Sep 17 00:00:00 2001 |
| 9 | From: Tristan Matthews <tmatth@videolan.org> |
| 10 | Date: Mon, 13 Jul 2020 23:25:03 -0400 |
| 11 | Subject: [PATCH] wav_io: guard against invalid channel numbers |
| 12 | |
| 13 | Fixes #13 |
| 14 | --- |
| 15 | src/wav_io.c | 2 +- |
| 16 | 1 file changed, 1 insertion(+), 1 deletion(-) |
| 17 | |
| 18 | diff --git a/src/wav_io.c b/src/wav_io.c |
| 19 | index b5183015..09d62eb0 100644 |
| 20 | --- a/src/wav_io.c |
| 21 | +++ b/src/wav_io.c |
| 22 | @@ -111,7 +111,7 @@ int read_wav_header(FILE *file, int *rate, int *channels, int *format, spx_int32 |
| 23 | stmp = le_short(stmp); |
| 24 | *channels = stmp; |
| 25 | |
| 26 | - if (stmp>2) |
| 27 | + if (stmp>2 || stmp<1) |
| 28 | { |
| 29 | fprintf (stderr, "Only mono and (intensity) stereo supported\n"); |
| 30 | return -1; |