Takashi Iwai
2015-Feb-04 16:55 UTC
[Vorbis-dev] [PATCH] oggenc: Fix crash by invalid channels in WAV files
Fix the crash of oggenc when parsing a WAV file including zero or a negative number of channels. Fixes for both CVE-2014-9638 and CVE-2014-9639 --- oggenc/audio.c | 6 ++++++ 1 file changed, 6 insertions(+) --- a/oggenc/audio.c +++ b/oggenc/audio.c @@ -455,6 +455,12 @@ int wav_open(FILE *in, oe_enc_opt *opt, format.align = READ_U16_LE(buf+12); format.samplesize = READ_U16_LE(buf+14); + if(format.channels <= 0) + { + fprintf(stderr,"ERROR: Invalid number of channels (%d) found in WAV file\n", format.channels); + return 0; + } + if(format.format == -2) /* WAVE_FORMAT_EXTENSIBLE */ { if(len<40)