issue #110: sanitize DSD file types for invalid lengths

dbry · Nov 23, 2021 · 773f9d0 · 773f9d0 · kloczek · Apr 7, 2022
1 parent a0ba858
commit 773f9d0
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 0 deletions.
diff --git a/cli/dsdiff.c b/cli/dsdiff.c
@@ -278,6 +278,12 @@ int ParseDsdiffHeaderConfig (FILE *infile, char *infilename, char *fourcc, Wavpa
             }
 
             total_samples = dff_chunk_header.ckDataSize / config->num_channels;
+
+            if (total_samples <= 0 || total_samples > MAX_WAVPACK_SAMPLES) {
+                error_line ("%s is not a valid .DFF file!", infilename);
+                return WAVPACK_SOFT_ERROR;
+            }
+
             break;
         }
         else {          // just copy unknown chunks to output file

diff --git a/cli/dsf.c b/cli/dsf.c
@@ -113,6 +113,7 @@ int ParseDsfHeaderConfig (FILE *infile, char *infilename, char *fourcc, WavpackC
 
     if (format_chunk.ckSize != sizeof (DSFFormatChunk) || format_chunk.formatVersion != 1 ||
         format_chunk.formatID != 0 || format_chunk.blockSize != DSF_BLOCKSIZE || format_chunk.reserved ||
+        format_chunk.sampleCount <= 0 || format_chunk.sampleCount > MAX_WAVPACK_SAMPLES * 8 ||
         (format_chunk.bitsPerSample != 1 && format_chunk.bitsPerSample != 8) ||
         format_chunk.numChannels < 1 || format_chunk.numChannels > 6 ||
         format_chunk.chanType < 1 || format_chunk.chanType > NUM_CHAN_TYPES) {