Upstream fix for CVE-2015-6749.
https://trac.xiph.org/ticket/2212

From 04815d3e1bfae3a6cdfb2c25358a5a72b61299f7 Mon Sep 17 00:00:00 2001
From: Mark Harris <mark.hsj@gmail.com>
Date: Sun, 30 Aug 2015 05:54:46 -0700
Subject: [PATCH] oggenc: Fix large alloca on bad AIFF input

Fixes #2212
---
 oggenc/audio.c | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/oggenc/audio.c b/oggenc/audio.c
index 477da8c..4921fb9 100644
--- a/oggenc/audio.c
+++ b/oggenc/audio.c
@@ -245,8 +245,8 @@ static int aiff_permute_matrix[6][6] =
 int aiff_open(FILE *in, oe_enc_opt *opt, unsigned char *buf, int buflen)
 {
     int aifc; /* AIFC or AIFF? */
-    unsigned int len;
-    unsigned char *buffer;
+    unsigned int len, readlen;
+    unsigned char buffer[22];
     unsigned char buf2[8];
     aiff_fmt format;
     aifffile *aiff = malloc(sizeof(aifffile));
@@ -269,9 +269,9 @@ int aiff_open(FILE *in, oe_enc_opt *opt, unsigned char *buf, int buflen)
         return 0; /* Weird common chunk */
     }
 
-    buffer = alloca(len);
-
-    if(fread(buffer,1,len,in) < len)
+    readlen = len < sizeof(buffer) ? len : sizeof(buffer);
+    if(fread(buffer,1,readlen,in) < readlen ||
+       (len > readlen && !seek_forward(in, len-readlen)))
     {
         fprintf(stderr, _("Warning: Unexpected EOF in reading AIFF header\n"));
         return 0;
-- 
2.5.0

ckages/enlightenment.scm?id=d2e0a4c54a3fadaa45b0558c3e2fdf9a26c63bf9'>commit</a><a href='/guix/diff/gnu/packages/enlightenment.scm?id=d2e0a4c54a3fadaa45b0558c3e2fdf9a26c63bf9'>diff</a></td><td class='form'><form class='right' method='get' action='/guix/log/gnu/packages/enlightenment.scm'>
<input type='hidden' name='id' value='d2e0a4c54a3fadaa45b0558c3e2fdf9a26c63bf9'/><select name='qt'>
<option value='grep'>log msg</option>
<option value='author'>author</option>
<option value='committer'>committer</option>
<option value='range'>range</option>
</select>
<input class='txt' type='search' size='10' name='q' value=''/>
<input type='submit' value='search'/>
</form>
</td></tr></table>
<div class='path'>path: <a href='/guix/log/?id=d2e0a4c54a3fadaa45b0558c3e2fdf9a26c63bf9'>root</a>/<a href='/guix/log/gnu?id=d2e0a4c54a3fadaa45b0558c3e2fdf9a26c63bf9'>gnu</a>/<a href='/guix/log/gnu/packages?id=d2e0a4c54a3fadaa45b0558c3e2fdf9a26c63bf9'>packages</a>/<a href='/guix/log/gnu/packages/enlightenment.scm?id=d2e0a4c54a3fadaa45b0558c3e2fdf9a26c63bf9'>enlightenment.scm</a></div><div class='content'><table class='list nowrap'><tr class='nohover'><th class='left'>Age</th><th class='left'>Commit message (<a href='/guix/log/gnu/packages/enlightenment.scm?id=d2e0a4c54a3fadaa45b0558c3e2fdf9a26c63bf9&amp;showmsg=1'>Expand</a>)</th><th class='left'>Author</th></tr>
<tr><td><span title='2023-02-16 22:41:03 +0200'>2023-02-16</span></td><td><a href='/guix/commit/gnu/packages/enlightenment.scm?id=672036c6dfe508810b565f4cf38e4f2aad2f7151'>gnu: Remove unneeded module imports.</a><span class='msg-avail'>...<span class='msg-tooltip'>* gnu/packages/abiword.scm,
* gnu/packages/ada.scm,
* gnu/packages/agda.scm,
* gnu/packages/backup.scm,
* gnu/packages/barrier.scm,
* gnu/packages/bioinformatics.scm,
* gnu/packages/bootstrap.scm,
* gnu/packages/bqn.scm,
* gnu/packages/c.scm,
* gnu/packages/chemistry.scm,
* gnu/packages/coq.scm,
* gnu/packages/cross-base.scm,
* gnu/packages/databases.scm,
* gnu/packages/emacs-xyz.scm,
* gnu/packages/enlightenment.scm,
* gnu/packages/games.scm,
* gnu/packages/geo.scm,
* gnu/packages/ghostscript.scm,
* gnu/packages/gl.scm,
* gnu/packages/golang.scm,
* gnu/packages/jami.scm,
* gnu/packages/java-maths.scm,
* gnu/packages/kde-frameworks.scm,
* gnu/packages/kde-plasma.scm,
* gnu/packages/language.scm,
* gnu/packages/libreoffice.scm,
* gnu/packages/linphone.scm,
* gnu/packages/lisp.scm,
* gnu/packages/llvm.scm,
* gnu/packages/machine-learning.scm,
* gnu/packages/minetest.scm,
* gnu/packages/monitoring.scm,
* gnu/packages/nfs.scm,
* gnu/packages/ocr.scm,
* gnu/packages/opencl.scm,
* gnu/packages/pdf.scm,
* gnu/packages/python-xyz.scm,
* gnu/packages/racket.scm,
* gnu/packages/rust.scm,
* gnu/packages/syncthing.scm,
* gnu/packages/syndication.scm,
* gnu/packages/telegram.scm,
* gnu/packages/vulkan.scm,
* gnu/packages/web-browsers.scm,
* gnu/packages/web.scm,
* gnu/packages/webkit.scm: Remove some unecessary module imports.
</span></span></td><td>Efraim Flashner</td></tr>
<tr><td><span title='2023-02-09 11:03:31 +0200'>2023-02-09</span></td><td><a href='/guix/commit/gnu/packages/enlightenment.scm?id=43ee3e1da226ff23849cc33f9d0903c593897c9a'>gnu: efl: Choose lua implementation based on system architecture.</a><span class='msg-avail'>...<span class='msg-tooltip'>* gnu/packages/enlightenment.scm (efl)[propagated-inputs]: Use luajit or
lua based on the system's luajit support.
[arguments]: Adjust configure-flags to use the correct lua.
</span></span></td><td>Efraim Flashner</td></tr>
<tr><td><span title='2023-02-07 11:17:02 -0500'>2023-02-07</span></td><td><a href='/guix/commit/gnu/packages/enlightenment.scm?id=31b707cf5d179eb664df26b72f0f2976ef28f41d'>gnu: efl: Remove input labels.</a><span class='msg-avail'>...<span class='msg-tooltip'>* gnu/packages/enlightenment.scm (efl) [native-inputs]: Remove labels.
[inputs]: Likewise.
[propagated-inputs]: Likewise.
[arguments]: Use search-input-file.  Only substitute libcurl.so.4, as
libcurl.so.5 does not exist in our curl package.
</span></span></td><td>Maxim Cournoyer</td></tr>
<tr><td><span title='2023-02-07 11:02:40 -0500'>2023-02-07</span></td><td><a href='/guix/commit/gnu/packages/enlightenment.scm?id=0eed4a9793cef534a69fdca5ddefa5a277312955'>gnu: efl: Replace ibus with ibus-minimal.</a><span class='msg-avail'>...<span class='msg-tooltip'>This is to avoid having EFL depend on GTK 4, reducing its closure size from
2134.8 MiB to 1446.7 MiB.

* gnu/packages/enlightenment.scm (efl) [inputs]: Replace ibus with
ibus-minimal.
</span></span></td><td>Maxim Cournoyer</td></tr>
<tr><td><span title='2022-12-06 10:49:31 +0200'>2022-12-06</span></td><td><a href='/guix/commit/gnu/packages/enlightenment.scm?id=e085a53a2ed8e37eb89c7ff86b0393039a5a8896'>gnu: terminology: Update to 1.13.0.</a><span class='msg-avail'>...<span class='msg-tooltip'>* gnu/packages/enlightenment.scm (terminology): Update to 1.13.0.
</span></span></td><td>Efraim Flashner</td></tr>
<tr><td><span title='2022-09-19 11:12:44 +0300'>2022-09-19</span></td><td><a href='/guix/commit/gnu/packages/enlightenment.scm?id=90e316535a117fd37e7848adb2cf78036e5d65de'>gnu: enlightenment: Update to 0.25.4.</a><span class='msg-avail'>...<span class='msg-tooltip'>* gnu/packages/enlightenment.scm (enlightenment): Update to 0.25.4.
</span></span></td><td>Efraim Flashner</td></tr>
<tr><td><span title='2022-09-19 11:12:41 +0300'>2022-09-19</span></td><td><a href='/guix/commit/gnu/packages/enlightenment.scm?id=7416ad2cda64fab0d137874425c0fe1812948616'>gnu: efl: Update to 1.26.3.</a><span class='msg-avail'>...<span class='msg-tooltip'>* gnu/packages/enlightenment.scm (efl): Update to 1.26.3.
</span></span></td><td>Efraim Flashner</td></tr>
<tr><td><span title='2022-09-13 12:05:39 +0300'>2022-09-13</span></td><td><a href='/guix/commit/gnu/packages/enlightenment.scm?id=c2f9064f9b65ff71a6c0f19579501ddde03aa902'>gnu: python-efl: Update to 1.26.0.</a><span class='msg-avail'>...<span class='msg-tooltip'>* gnu/packages/enlightenment.scm (python-efl): Update to 1.26.0.
[inputs]: Add python-packaging.
[arguments]: Remove trailing #t from phases.
</span></span></td><td>Efraim Flashner</td></tr>

Age	Commit message (Expand)	Author
2023-02-16	gnu: Remove unneeded module imports....* gnu/packages/abiword.scm, * gnu/packages/ada.scm, * gnu/packages/agda.scm, * gnu/packages/backup.scm, * gnu/packages/barrier.scm, * gnu/packages/bioinformatics.scm, * gnu/packages/bootstrap.scm, * gnu/packages/bqn.scm, * gnu/packages/c.scm, * gnu/packages/chemistry.scm, * gnu/packages/coq.scm, * gnu/packages/cross-base.scm, * gnu/packages/databases.scm, * gnu/packages/emacs-xyz.scm, * gnu/packages/enlightenment.scm, * gnu/packages/games.scm, * gnu/packages/geo.scm, * gnu/packages/ghostscript.scm, * gnu/packages/gl.scm, * gnu/packages/golang.scm, * gnu/packages/jami.scm, * gnu/packages/java-maths.scm, * gnu/packages/kde-frameworks.scm, * gnu/packages/kde-plasma.scm, * gnu/packages/language.scm, * gnu/packages/libreoffice.scm, * gnu/packages/linphone.scm, * gnu/packages/lisp.scm, * gnu/packages/llvm.scm, * gnu/packages/machine-learning.scm, * gnu/packages/minetest.scm, * gnu/packages/monitoring.scm, * gnu/packages/nfs.scm, * gnu/packages/ocr.scm, * gnu/packages/opencl.scm, * gnu/packages/pdf.scm, * gnu/packages/python-xyz.scm, * gnu/packages/racket.scm, * gnu/packages/rust.scm, * gnu/packages/syncthing.scm, * gnu/packages/syndication.scm, * gnu/packages/telegram.scm, * gnu/packages/vulkan.scm, * gnu/packages/web-browsers.scm, * gnu/packages/web.scm, * gnu/packages/webkit.scm: Remove some unecessary module imports.	Efraim Flashner
2023-02-09	gnu: efl: Choose lua implementation based on system architecture....* gnu/packages/enlightenment.scm (efl)[propagated-inputs]: Use luajit or lua based on the system's luajit support. [arguments]: Adjust configure-flags to use the correct lua.	Efraim Flashner
2023-02-07	gnu: efl: Remove input labels....* gnu/packages/enlightenment.scm (efl) [native-inputs]: Remove labels. [inputs]: Likewise. [propagated-inputs]: Likewise. [arguments]: Use search-input-file. Only substitute libcurl.so.4, as libcurl.so.5 does not exist in our curl package.	Maxim Cournoyer
2023-02-07	gnu: efl: Replace ibus with ibus-minimal....This is to avoid having EFL depend on GTK 4, reducing its closure size from 2134.8 MiB to 1446.7 MiB. * gnu/packages/enlightenment.scm (efl) [inputs]: Replace ibus with ibus-minimal.	Maxim Cournoyer
2022-12-06	gnu: terminology: Update to 1.13.0....* gnu/packages/enlightenment.scm (terminology): Update to 1.13.0.	Efraim Flashner
2022-09-19	gnu: enlightenment: Update to 0.25.4....* gnu/packages/enlightenment.scm (enlightenment): Update to 0.25.4.	Efraim Flashner
2022-09-19	gnu: efl: Update to 1.26.3....* gnu/packages/enlightenment.scm (efl): Update to 1.26.3.	Efraim Flashner
2022-09-13	gnu: python-efl: Update to 1.26.0....* gnu/packages/enlightenment.scm (python-efl): Update to 1.26.0. [inputs]: Add python-packaging. [arguments]: Remove trailing #t from phases.	Efraim Flashner