current/SOURCES/deb669ee8be55a94565f6f8a6b60890c2e7c6f32.patch

From deb669ee8be55a94565f6f8a6b60890c2e7c6f32 Mon Sep 17 00:00:00 2001
From: bobsayshilol <bobsayshilol@live.co.uk>
Date: Thu, 18 Feb 2021 21:52:09 +0000
Subject: [PATCH] ms_adpcm: Fix and extend size checks

'blockalign' is the size of a block, and each block contains 7 samples
per channel as part of the preamble, so check against 'samplesperblock'
rather than 'blockalign'. Also add an additional check that the block
is big enough to hold the samples it claims to hold.

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26803
---
 src/ms_adpcm.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/src/ms_adpcm.c b/src/ms_adpcm.c
index 5e8f1a316..a21cb9941 100644
--- a/src/ms_adpcm.c
+++ b/src/ms_adpcm.c
@@ -128,8 +128,14 @@ wavlike_msadpcm_init       (SF_PRIVATE *psf, int blockalign, int samplesperblock)
        if (psf->file.mode == SFM_WRITE)
                samplesperblock = 2 + 2 * (blockalign - 7 * psf->sf.channels) / psf->sf.channels ;
 
-       if (blockalign < 7 * psf->sf.channels)
-       {       psf_log_printf (psf, "*** Error blockalign (%d) should be > %d.\n", blockalign, 7 * psf->sf.channels) ;
+       /* There's 7 samples per channel in the preamble of each block */
+       if (samplesperblock < 7 * psf->sf.channels)
+       {       psf_log_printf (psf, "*** Error samplesperblock (%d) should be >= %d.\n", samplesperblock, 7 * psf->sf.channels) ;
+               return SFE_INTERNAL ;
+               } ;
+
+       if (2 * blockalign < samplesperblock * psf->sf.channels)
+       {       psf_log_printf (psf, "*** Error blockalign (%d) should be >= %d.\n", blockalign, samplesperblock * psf->sf.channels / 2) ;
                return SFE_INTERNAL ;
                } ;
 
1	From deb669ee8be55a94565f6f8a6b60890c2e7c6f32 Mon Sep 17 00:00:00 2001
2	From: bobsayshilol <bobsayshilol@live.co.uk>
3	Date: Thu, 18 Feb 2021 21:52:09 +0000
4	Subject: [PATCH] ms_adpcm: Fix and extend size checks
5
6	'blockalign' is the size of a block, and each block contains 7 samples
7	per channel as part of the preamble, so check against 'samplesperblock'
8	rather than 'blockalign'. Also add an additional check that the block
9	is big enough to hold the samples it claims to hold.
10
11	https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26803
12	---
13	src/ms_adpcm.c \| 10 ++++++++--
14	1 file changed, 8 insertions(+), 2 deletions(-)
15
16	diff --git a/src/ms_adpcm.c b/src/ms_adpcm.c
17	index 5e8f1a316..a21cb9941 100644
18	--- a/src/ms_adpcm.c
19	+++ b/src/ms_adpcm.c
20	@@ -128,8 +128,14 @@ wavlike_msadpcm_init (SF_PRIVATE *psf, int blockalign, int samplesperblock)
21	if (psf->file.mode == SFM_WRITE)
22	samplesperblock = 2 + 2 * (blockalign - 7 * psf->sf.channels) / psf->sf.channels ;
23
24	- if (blockalign < 7 * psf->sf.channels)
25	- { psf_log_printf (psf, "*** Error blockalign (%d) should be > %d.\n", blockalign, 7 * psf->sf.channels) ;
26	+ /* There's 7 samples per channel in the preamble of each block */
27	+ if (samplesperblock < 7 * psf->sf.channels)
28	+ { psf_log_printf (psf, "*** Error samplesperblock (%d) should be >= %d.\n", samplesperblock, 7 * psf->sf.channels) ;
29	+ return SFE_INTERNAL ;
30	+ } ;
31	+
32	+ if (2 * blockalign < samplesperblock * psf->sf.channels)
33	+ { psf_log_printf (psf, "*** Error blockalign (%d) should be >= %d.\n", blockalign, samplesperblock * psf->sf.channels / 2) ;
34	return SFE_INTERNAL ;
35	} ;
36