head	1.3;
access;
symbols
	pkgsrc-2013Q2:1.3.0.8
	pkgsrc-2013Q2-base:1.3
	pkgsrc-2012Q4:1.3.0.6
	pkgsrc-2012Q4-base:1.3
	pkgsrc-2011Q4:1.3.0.4
	pkgsrc-2011Q4-base:1.3
	pkgsrc-2011Q2:1.3.0.2
	pkgsrc-2011Q2-base:1.3
	pkgsrc-2010Q1:1.2.0.4
	pkgsrc-2010Q1-base:1.2
	pkgsrc-2009Q4:1.2.0.2
	pkgsrc-2009Q4-base:1.2
	pkgsrc-2009Q3:1.1.0.8
	pkgsrc-2009Q3-base:1.1
	pkgsrc-2009Q2:1.1.0.6
	pkgsrc-2009Q2-base:1.1
	pkgsrc-2009Q1:1.1.0.4
	pkgsrc-2009Q1-base:1.1
	pkgsrc-2008Q4:1.1.0.2;
locks; strict;
comment	@# @;


1.3
date	2010.04.12.19.04.58;	author drochner;	state dead;
branches;
next	1.2;

1.2
date	2009.12.01.10.44.02;	author drochner;	state Exp;
branches;
next	1.1;

1.1
date	2009.01.21.15.19.27;	author drochner;	state Exp;
branches
	1.1.2.1;
next	;

1.1.2.1
date	2009.01.21.15.19.27;	author tron;	state dead;
branches;
next	1.1.2.2;

1.1.2.2
date	2009.01.22.20.21.28;	author tron;	state Exp;
branches;
next	;


desc
@@


1.3
log
@update to 0.2.7
changes:
-Fix decoding of multi-channel ADPCM WAVE files (was patched in pkgsrc)
-Reduce unshared data in library
-Fix handling of audio files with more than 2^24 frames
-Add support for writing double-precision floating-point WAVE files
-Add support for reading certain uncompressed AIFF-C files created
 by Mac OS X
-Write fact chunk in floating-point WAVE files
@
text
@$NetBSD: patch-ad,v 1.2 2009/12/01 10:44:02 drochner Exp $

--- libaudiofile/wave.c.orig	2004-03-06 07:39:23.000000000 +0100
+++ libaudiofile/wave.c
@@@@ -199,11 +199,13 @@@@ static status ParseFormat (AFfilehandle 
 		case WAVE_FORMAT_ADPCM:
 		{
 			u_int16_t	bitsPerSample, extraByteCount,
-					samplesPerBlock, numCoefficients;
+					samplesPerBlock, numCoefficients,
+					framesPerBlock;
 			int		i;
 			AUpvlist	pv;
 			long		l;
 			void		*v;
+			int		minBlockLength;
 
 			if (track->f.channelCount != 1 &&
 				track->f.channelCount != 2)
@@@@ -216,11 +218,33 @@@@ static status ParseFormat (AFfilehandle 
 			af_fread(&bitsPerSample, 1, 2, fp);
 			bitsPerSample = LENDIAN_TO_HOST_INT16(bitsPerSample);
 
+			if (bitsPerSample != 4)
+			{
+				_af_error(AF_BAD_WIDTH,
+					"bad sample width of %hd bits",
+					bitsPerSample);
+				return AF_FAIL;
+			}
+
 			af_fread(&extraByteCount, 1, 2, fp);
 			extraByteCount = LENDIAN_TO_HOST_INT16(extraByteCount);
 
-			af_fread(&samplesPerBlock, 1, 2, fp);
-			samplesPerBlock = LENDIAN_TO_HOST_INT16(samplesPerBlock);
+			af_fread(&framesPerBlock, 1, 2, fp);
+			framesPerBlock = LENDIAN_TO_HOST_INT16(framesPerBlock);
+
+			minBlockLength = 7 * channelCount; /* header */
+			if (framesPerBlock > 2)
+				minBlockLength += ( ( framesPerBlock - 2 ) * channelCount + 1) / 2;
+
+			if (blockAlign < minBlockLength)
+			{
+				_af_error(AF_BAD_FRAMECNT,
+					"blockAlign %hd too small for %hd samplesPerBlock",
+					blockAlign, samplesPerBlock);
+				return AF_FAIL;
+			}
+
+			samplesPerBlock = framesPerBlock *channelCount;
 
 			af_fread(&numCoefficients, 1, 2, fp);
 			numCoefficients = LENDIAN_TO_HOST_INT16(numCoefficients);
@@@@ -242,6 +266,7 @@@@ static status ParseFormat (AFfilehandle 
 				wave->msadpcmCoefficients[i][1] = a1;
 			}
 
+
 			track->f.sampleWidth = 16;
 			track->f.sampleFormat = AF_SAMPFMT_TWOSCOMP;
 			track->f.compressionType = AF_COMPRESSION_MS_ADPCM;
@@@@ -277,18 +302,44 @@@@ static status ParseFormat (AFfilehandle 
 		{
 			AUpvlist	pv;
 			long		l;
+			int		minBlockLength;
 
 			u_int16_t	bitsPerSample, extraByteCount,
-					samplesPerBlock;
+					samplesPerBlock, framesPerBlock;
 
 			af_fread(&bitsPerSample, 1, 2, fp);
 			bitsPerSample = LENDIAN_TO_HOST_INT16(bitsPerSample);
 
+			if (bitsPerSample != 4)
+			{
+				_af_error(AF_BAD_WIDTH,
+					"bad sample width of %hd bits",
+					bitsPerSample);
+				return AF_FAIL;
+			}
+
 			af_fread(&extraByteCount, 1, 2, fp);
 			extraByteCount = LENDIAN_TO_HOST_INT16(extraByteCount);
 
-			af_fread(&samplesPerBlock, 1, 2, fp);
-			samplesPerBlock = LENDIAN_TO_HOST_INT16(samplesPerBlock);
+			af_fread(&framesPerBlock, 1, 2, fp);
+			framesPerBlock = LENDIAN_TO_HOST_INT16(framesPerBlock);
+			samplesPerBlock = framesPerBlock * channelCount;
+
+			/* per channel, ima has blocks of len 4, the 1st has 1st sample, the others
+			 * up to 8 samples per block,
+			 * so number of later blocks is (nsamp-1 + 7)/8, total blocks/chan is
+			 * (nsamp-1+7)/8 + 1 = (nsamp+14)/8
+			 */
+
+			minBlockLength = ( framesPerBlock + 14 )/8 * 4 * channelCount;
+
+			if (blockAlign < minBlockLength)
+			{
+				_af_error(AF_BAD_FRAMECNT,
+					"blockAlign %hd too small for %hd samplesPerBlock",
+					blockAlign, samplesPerBlock);
+				return AF_FAIL;
+			}
 
 			track->f.sampleWidth = 16;
 			track->f.sampleFormat = AF_SAMPFMT_TWOSCOMP;
@


1.2
log
@Debian has integrated a fix for ADPCM decoding problems which is
similar to our one, and added additional sanity checks
(see http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510205#59)
use their version to ease further maintainance, bump PKGREVISION
@
text
@d1 1
a1 1
$NetBSD$
@


1.1
log
@(attempt to) fix CVE-2008-5824 (buffer overflow in msadpcm.c),
see Debian bug #510205, just done correctly.
The IMA code might have similar problems. The code appearently can't
handle stereo files correctly anyway, so bail out if >1 channel
which should avoid the problem.
bump PKGREVISION
@
text
@d5 28
a32 1
@@@@ -220,7 +220,8 @@@@ static status ParseFormat (AFfilehandle 
d35 1
a35 1
 			af_fread(&samplesPerBlock, 1, 2, fp);
d37 16
a52 2
+			samplesPerBlock = LENDIAN_TO_HOST_INT16(samplesPerBlock)
+				* track->f.channelCount;
d56 14
a69 1
@@@@ -281,6 +282,12 @@@@ static status ParseFormat (AFfilehandle 
d71 2
a72 1
 					samplesPerBlock;
a73 6
+			if (track->f.channelCount != 1) {
+				_af_error(AF_BAD_CHANNELS,
+					"WAVE file with IMA compression: "
+					"can only handle 1 channel");
+			}
+
d77 35
@


1.1.2.1
log
@file patch-ad was added on branch pkgsrc-2008Q4 on 2009-01-22 20:21:28 +0000
@
text
@d1 27
@


1.1.2.2
log
@Pullup ticket #2652 - requested by drochner
libaudiofile: security patch

Revisions pulled up:
audio/libaudiofile/Makefile			1.43
audio/libaudiofile/distinfo			1.12
audio/libaudiofile/patches/patch-ac		1.1
audio/libaudiofile/patches/patch-ad		1.1
---
Module Name:	pkgsrc
Committed By:	drochner
Date:		Wed Jan 21 15:19:27 UTC 2009

Modified Files:
	pkgsrc/audio/libaudiofile: Makefile distinfo
Added Files:
	pkgsrc/audio/libaudiofile/patches: patch-ac patch-ad

Log Message:
(attempt to) fix CVE-2008-5824 (buffer overflow in msadpcm.c),
see Debian bug #510205, just done correctly.
The IMA code might have similar problems. The code appearently can't
handle stereo files correctly anyway, so bail out if >1 channel
which should avoid the problem.
bump PKGREVISION
@
text
@a0 27
$NetBSD: patch-ad,v 1.1 2009/01/21 15:19:27 drochner Exp $

--- libaudiofile/wave.c.orig	2004-03-06 07:39:23.000000000 +0100
+++ libaudiofile/wave.c
@@@@ -220,7 +220,8 @@@@ static status ParseFormat (AFfilehandle 
 			extraByteCount = LENDIAN_TO_HOST_INT16(extraByteCount);
 
 			af_fread(&samplesPerBlock, 1, 2, fp);
-			samplesPerBlock = LENDIAN_TO_HOST_INT16(samplesPerBlock);
+			samplesPerBlock = LENDIAN_TO_HOST_INT16(samplesPerBlock)
+				* track->f.channelCount;
 
 			af_fread(&numCoefficients, 1, 2, fp);
 			numCoefficients = LENDIAN_TO_HOST_INT16(numCoefficients);
@@@@ -281,6 +282,12 @@@@ static status ParseFormat (AFfilehandle 
 			u_int16_t	bitsPerSample, extraByteCount,
 					samplesPerBlock;
 
+			if (track->f.channelCount != 1) {
+				_af_error(AF_BAD_CHANNELS,
+					"WAVE file with IMA compression: "
+					"can only handle 1 channel");
+			}
+
 			af_fread(&bitsPerSample, 1, 2, fp);
 			bitsPerSample = LENDIAN_TO_HOST_INT16(bitsPerSample);
 
@