From dc7d16500f88dbf876335f2f0cc19176b035e84f Mon Sep 17 00:00:00 2001 From: Erik de Castro Lopo Date: Tue, 23 May 2017 20:15:24 +1000 Subject: [PATCH] src/aiff.c: Fix a buffer read overflow Secunia Advisory SA76717. Found by: Laurent Delosieres, Secunia Research at Flexera Software https://github.com/erikd/libsndfile/commit/f833c53cb596e9e1792949f762e0b33661822748 Change-Id: I3faddf7f078acf539f58b65ba593e4f8ecfdb13d --- packaging/libsndfile.spec | 2 +- src/aiff.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/packaging/libsndfile.spec b/packaging/libsndfile.spec index 82d5cba..780a17c 100644 --- a/packaging/libsndfile.spec +++ b/packaging/libsndfile.spec @@ -1,6 +1,6 @@ Name: libsndfile Version: 1.0.28 -Release: 0 +Release: 1 License: LGPL-2.1+ Summary: C library for reading and writing sound files Group: Multimedia/Audio diff --git a/src/aiff.c b/src/aiff.c index 6352247..d0911a0 100644 --- a/src/aiff.c +++ b/src/aiff.c @@ -1905,7 +1905,7 @@ aiff_read_chanmap (SF_PRIVATE * psf, unsigned dword) psf_binheader_readf (psf, "j", dword - bytesread) ; if (map_info->channel_map != NULL) - { size_t chanmap_size = psf->sf.channels * sizeof (psf->channel_map [0]) ; + { size_t chanmap_size = SF_MIN (psf->sf.channels, layout_tag & 0xffff) * sizeof (psf->channel_map [0]) ; free (psf->channel_map) ; -- 2.7.4