From 5473aeef7875e54bd0f786fbdd259a35aaee875c Mon Sep 17 00:00:00 2001 From: Changqing Li Date: Wed, 10 Oct 2018 08:59:30 +0800 Subject: [PATCH] libsndfile1: patch for CVE-2018-13139 Upstream-Status: Backport [https://github.com/bwarden/libsndfile/ commit/df18323c622b54221ee7ace74b177cdcccc152d7] CVE: CVE-2018-13139 Signed-off-by: Changqing Li --- programs/sndfile-deinterleave.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/programs/sndfile-deinterleave.c b/programs/sndfile-deinterleave.c index e27593e..721bee7 100644 --- a/programs/sndfile-deinterleave.c +++ b/programs/sndfile-deinterleave.c @@ -89,6 +89,12 @@ main (int argc, char **argv) exit (1) ; } ; + if (sfinfo.channels > MAX_CHANNELS) + { printf ("\nError : Input file '%s' has too many (%d) channels. Limit is %d.\n", + argv [1], sfinfo.channels, MAX_CHANNELS) ; + exit (1) ; + } ; + state.channels = sfinfo.channels ; sfinfo.channels = 1 ; -- 2.7.4