Fix CVE-2018-7253: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7253 Copied from upstream: https://github.com/dbry/WavPack/commit/36a24c7881427d2e1e4dc1cef58f19eee0d13aec diff --git a/cli/dsdiff.c b/cli/dsdiff.c index 410dc1c..c016df9 100644 --- a/cli/dsdiff.c +++ b/cli/dsdiff.c @@ -153,7 +153,17 @@ int ParseDsdiffHeaderConfig (FILE *infile, char *infilename, char *fourcc, Wavpa error_line ("dsdiff file version = 0x%08x", version); } else if (!strncmp (dff_chunk_header.ckID, "PROP", 4)) { - char *prop_chunk = malloc ((size_t) dff_chunk_header.ckDataSize); + char *prop_chunk; + + if (dff_chunk_header.ckDataSize < 4 || dff_chunk_header.ckDataSize > 1024) { + error_line ("%s is not a valid .DFF file!", infilename); + return WAVPACK_SOFT_ERROR; + } + + if (debug_logging_mode) + error_line ("got PROP chunk of %d bytes total", (int) dff_chunk_header.ckDataSize); + + prop_chunk = malloc ((size_t) dff_chunk_header.ckDataSize); if (!DoReadFile (infile, prop_chunk, (uint32_t) dff_chunk_header.ckDataSize, &bcount) || bcount != dff_chunk_header.ckDataSize) { irass?showmsg=1'>logtreecommitdiff
path: root/build-aux/2015-07-19AUTHORS: Remove the hand-made list of people....* AUTHORS: Remove the list of people, and add a note saying that this f2021-03-10ci: Remove hydra support.Mathieu Othacehe This removes hydra support to use Cuirass as the only continuous integration system. * build-aux/hydra/gnu-system.scm: Remove it. * build-aux/hydra/guix-modular.scm: Ditto. * build-aux/hydra/guix.scm: Ditto. * build-aux/cuirass/hydra-to-cuirass.scm: Ditto. * Makefile.am (EXTRA_DIST): Update it. (hydra-jobs.scm): Remove it. (cuirass-jobs.scm): Update it. * build-aux/hydra/evaluate.scm: Move it to ... * build-aux/cuirass/evaluate.scm: ... here. * build-aux/cuirass/guix-modular.scm: Remove it. * build-aux/cuirass/gnu-system.scm: Ditto. * guix/packages.scm (%hydra-supported-systems): Rename it to ... (%cuirass-supported-systems): ... this variable. * build-aux/check-final-inputs-self-contained: Adapt it. * etc/release-manifest.scm: Ditto. * gnu/ci.scm (package->alist): Remove it. (derivation->job): New procedure. (package-job, package-cross-job, cross-jobs, image-jobs, system-test-jobs, tarball-jobs): Use it. (guix-jobs): New procedure. (hydra-jobs): Rename it to ... (cuirass-jobs): ... this procedure. 2020-10-04cuirass: Add hurd-manifest.Jan (janneke) Nieuwenhuizen * build-aux/cuirass/hurd-manifest.scm: New file. 2018-04-08cuirass: Add job specs for the modular Guix.Ludovic Courtès * build-aux/cuirass/guix-modular.scm: New file. * Makefile.am (EXTRA_DIST): Add it. 2018-04-08cuirass: Factorize hydra-to-cuirass CI job translation.Ludovic Courtès * build-aux/cuirass/gnu-system.scm: Move code to... * build-aux/cuirass/hydra-to-cuirass.scm: ... here, and include it. * Makefile.am (EXTRA_DIST): Add 'build-aux/cuirass/hydra-to-cuirass.scm' and 'build-aux/cuirass/gnu-system.scm'. 2018-01-15cuirass: Properly convert list of <license> objects.Ludovic Courtès Fixes a bug whereby we would 'write' raw <license> objects when they were in a list. * build-aux/cuirass/gnu-system.scm (entry->sexp-entry): Add recursive case when O is a list. 2017-09-27cuirass: Add gnu-system build spec.Jan Nieuwenhuizen * build-aux/hydra/gnu-system.scm (hydra-jobs): Support subset "hello". * build-aux/cuirass/gnu-system.scm: New file. * doc/guix.texi (Continuous Integration): Update example spec.