Files
Gyorgy Sarvari ab86e1f967 audiofile: patch CVE-2018-13440 and CVE-2018-17059
Details:
https://nvd.nist.gov/vuln/detail/CVE-2018-13440
https://nvd.nist.gov/vuln/detail/CVE-2018-17059

The patches have been backported from Debian - upstream
has been inactive for almost a decade by now.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit e16a7d11d1)
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2025-11-17 10:16:55 +05:30

37 lines
1.3 KiB
Diff

From fde6d79fb8363c4a329a184ef0b107156602b225 Mon Sep 17 00:00:00 2001
From: Wim Taymans <wtaymans@redhat.com>
Date: Thu, 27 Sep 2018 10:48:45 +0200
Subject: [PATCH] ModuleState: handle compress/decompress init failure
When the unit initcompress or initdecompress function fails,
m_fileModule is NULL. Return AF_FAIL in that case instead of
causing NULL pointer dereferences later.
Fixes #49
This patch has been backported from Debian:
https://sources.debian.org/src/audiofile/0.3.6-7/debian/patches/11_CVE-2018-13440.patch
CVE: CVE-2018-13440
Upstream-Status: Inactive-Upstream [lastcommit: 2016-Aug-30]
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
libaudiofile/modules/ModuleState.cpp | 3 +++
1 file changed, 3 insertions(+)
diff --git a/libaudiofile/modules/ModuleState.cpp b/libaudiofile/modules/ModuleState.cpp
index 0c29d7a..070fd9b 100644
--- a/libaudiofile/modules/ModuleState.cpp
+++ b/libaudiofile/modules/ModuleState.cpp
@@ -75,6 +75,9 @@ status ModuleState::initFileModule(AFfilehandle file, Track *track)
m_fileModule = unit->initcompress(track, file->m_fh, file->m_seekok,
file->m_fileFormat == AF_FILE_RAWDATA, &chunkFrames);
+ if (!m_fileModule)
+ return AF_FAIL;
+
if (unit->needsRebuffer)
{
assert(unit->nativeSampleFormat == AF_SAMPFMT_TWOSCOMP);