Fix CVE-2018-7253:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7253

Copied from upstream:
https://github.com/dbry/WavPack/commit/36a24c7881427d2e1e4dc1cef58f19eee0d13aec

diff --git a/cli/dsdiff.c b/cli/dsdiff.c
index 410dc1c..c016df9 100644
--- a/cli/dsdiff.c
+++ b/cli/dsdiff.c
@@ -153,7 +153,17 @@ int ParseDsdiffHeaderConfig (FILE *infile, char *infilename, char *fourcc, Wavpa
                 error_line ("dsdiff file version = 0x%08x", version);
         }
         else if (!strncmp (dff_chunk_header.ckID, "PROP", 4)) {
-            char *prop_chunk = malloc ((size_t) dff_chunk_header.ckDataSize);
+            char *prop_chunk;
+
+            if (dff_chunk_header.ckDataSize < 4 || dff_chunk_header.ckDataSize > 1024) {
+                error_line ("%s is not a valid .DFF file!", infilename);
+                return WAVPACK_SOFT_ERROR;
+            }
+
+            if (debug_logging_mode)
+                error_line ("got PROP chunk of %d bytes total", (int) dff_chunk_header.ckDataSize);
+
+            prop_chunk = malloc ((size_t) dff_chunk_header.ckDataSize);
 
             if (!DoReadFile (infile, prop_chunk, (uint32_t) dff_chunk_header.ckDataSize, &bcount) ||
                 bcount != dff_chunk_header.ckDataSize) {
/packages/patches/python-sip-include-dirs.patch'>log</a><a href='/guix/tree/gnu/packages/patches/python-sip-include-dirs.patch?id=f59c31deaf44cf487878ae6e6b61026630b616ff'>tree</a><a href='/guix/commit/gnu/packages/patches/python-sip-include-dirs.patch?id=f59c31deaf44cf487878ae6e6b61026630b616ff'>commit</a><a href='/guix/diff/gnu/packages/patches/python-sip-include-dirs.patch?id=f59c31deaf44cf487878ae6e6b61026630b616ff'>diff</a></td><td class='form'><form class='right' method='get' action='/guix/log/gnu/packages/patches/python-sip-include-dirs.patch'>
<input type='hidden' name='id' value='f59c31deaf44cf487878ae6e6b61026630b616ff'/><select name='qt'>
<option value='grep'>log msg</option>
<option value='author'>author</option>
<option value='committer'>committer</option>
<option value='range'>range</option>
</select>
<input class='txt' type='search' size='10' name='q' value=''/>
<input type='submit' value='search'/>
</form>
</td></tr></table>
<div class='path'>path: <a href='/guix/log/?id=f59c31deaf44cf487878ae6e6b61026630b616ff'>root</a>/<a href='/guix/log/gnu?id=f59c31deaf44cf487878ae6e6b61026630b616ff'>gnu</a>/<a href='/guix/log/gnu/packages?id=f59c31deaf44cf487878ae6e6b61026630b616ff'>packages</a>/<a href='/guix/log/gnu/packages/patches?id=f59c31deaf44cf487878ae6e6b61026630b616ff'>patches</a>/<a href='/guix/log/gnu/packages/patches/python-sip-include-dirs.patch?id=f59c31deaf44cf487878ae6e6b61026630b616ff'>python-sip-include-dirs.patch</a></div><div class='content'><table class='list nowrap'><tr class='nohover'><th class='left'>Age</th><th class='left'>Commit message (<a href='/guix/log/gnu/packages/patches/python-sip-include-dirs.patch?id=f59c31deaf44cf487878ae6e6b61026630b616ff&amp;showmsg=1'>Expand</a>)</th><th class='left'>Author</th></tr>
list.
* Makefile.am (assert-no-store-file-names): Exclude the cookbook.
* bootstrap: Generate po files for cookbook translations.
* doc/guix-cookbook.texi: New file.
* doc/local.mk (info_TEXINFOS): Add it; add a rule to build cookbook
translations.
* po/doc/local.mk (DOC_COOKBOOK_PO_FILES): New variable.
(EXTRA_DIST): Add cookbook pot file and po files.
(doc-po-update-cookbook-%): New target.
(doc-pot-update): Also update cookbook pot file.
(doc-po-update): Also update cookbook po files.
</span></span></td><td>Ricardo Wurmus</td></tr>
<tr><td><span title='2019-04-26 11:21:32 +0200'>2019-04-26</span></td><td><a href='/guix/commit/bootstrap?id=9ca5ff882e2ac4eaab02eb0fde545bd784af478b'>bootstrap: Break automake dependency on generated files.</a><span class='msg-avail'>...<span class='msg-tooltip'>* bootstrap: Generate stub files for the manual translations whose
generated files are not included in the VCS.
* doc/contributing.de.texi: Remove file.
* doc/contributing.es.texi: Remove file.
* doc/contributing.fr.texi: Remove file.
* doc/contributing.zh_CN.texi: Remove file.
* doc/guix.de.texi: Remove file.
* doc/guix.es.texi: Remove file.
* doc/guix.fr.texi: Remove file.
* doc/guix.zh_CN.texi: Remove file.
* .gitignore: Add them.

Signed-off-by: Julien Lepiller &lt;julien@lepiller.eu&gt;
</span></span></td><td>Miguel Ángel Arruga Vivas</td></tr>

Age	Commit message (Expand)	Author
Ricardo Wurmus
2019-04-26	bootstrap: Break automake dependency on generated files....* bootstrap: Generate stub files for the manual translations whose generated files are not included in the VCS. * doc/contributing.de.texi: Remove file. * doc/contributing.es.texi: Remove file. * doc/contributing.fr.texi: Remove file. * doc/contributing.zh_CN.texi: Remove file. * doc/guix.de.texi: Remove file. * doc/guix.es.texi: Remove file. * doc/guix.fr.texi: Remove file. * doc/guix.zh_CN.texi: Remove file. * .gitignore: Add them. Signed-off-by: Julien Lepiller <julien@lepiller.eu>	Miguel Ángel Arruga Vivas