-
Notifications
You must be signed in to change notification settings - Fork 378
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
a div zero vul in function double64_init() in libsndfile-1.0.28 #318
Comments
fabiangreffrath
added a commit
to fabiangreffrath/libsndfile
that referenced
this issue
Sep 28, 2017
This prevents division by zero later in the code. While the trivial case to catch this (i.e. sf.channels < 1) has already been covered, a crafted file may report a number of channels that is so high (i.e. > INT_MAX/sizeof(double)) that it "somehow" gets miscalculated to zero (if this makes sense) in the determination of the blockwidth. Since we only support a limited number of channels anyway, make sure to check here as well. Fixes libsndfile#318 CVE-2017-14634
erikd
pushed a commit
that referenced
this issue
Sep 30, 2017
This prevents division by zero later in the code. While the trivial case to catch this (i.e. sf.channels < 1) has already been covered, a crafted file may report a number of channels that is so high (i.e. > INT_MAX/sizeof(double)) that it "somehow" gets miscalculated to zero (if this makes sense) in the determination of the blockwidth. Since we only support a limited number of channels anyway, make sure to check here as well. CVE-2017-14634 Closes: #318 Signed-off-by: Erik de Castro Lopo <erikd@mega-nerd.com>
Actually, commit cb3c87a can handle this issue.
I am not sure. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The text was updated successfully, but these errors were encountered: