shithub: aacenc

Download patch

ref: a6e2476e4d56cde5249ad0525afdda85f38f27da
parent: 58e9cad93d1226cba748c6dc727b8e534281934c
author: knik <knik>
date: Sat Jul 1 04:52:28 EDT 2017 

fixed CVE-2017-9130 (crash with improper .wav input)


--- a/frontend/main.c
+++ b/frontend/main.c
@@ -18,7 +18,7 @@
  * License along with this library; if not, write to the Free Software
  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  *
- * $Id: main.c,v 1.88 2015/11/26 14:27:05 knik Exp $
+ * $Id: main.c,v 1.89 2017/07/01 08:52:27 knik Exp $
  */
 
 #ifdef _MSC_VER
@@ -806,6 +806,13 @@
     hEncoder = faacEncOpen(infile->samplerate, infile->channels,
         &samplesInput, &maxBytesOutput);
 
+    if (hEncoder == NULL)
+    {
+        fprintf(stderr, "Couldn't open encoder instance for input file %s\n", audioFileName);
+        wav_close(infile);
+        return 1;
+    }
+
 #ifdef HAVE_LIBMP4V2
     if (container != MP4_CONTAINER && (ntracks || trackno || artist ||
                        title ||  album || year || art ||
@@ -1227,6 +1234,9 @@
 
 /*
 $Log: main.c,v $
+Revision 1.89  2017/07/01 08:52:27  knik
+fixed CVE-2017-9130 (crash with improper .wav input)
+
 Revision 1.88  2015/11/26 14:27:05  knik
 bugfix by Sebastian Wilhelmi: faac exits immediately when encoding raw wav file
 
--- a/libfaac/frame.c
+++ b/libfaac/frame.c
@@ -16,7 +16,7 @@
  * License along with this library; if not, write to the Free Software
  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  *
- * $Id: frame.c,v 1.69 2012/03/01 18:34:17 knik Exp $
+ * $Id: frame.c,v 1.70 2017/07/01 08:52:28 knik Exp $
  */
 
 /*
@@ -288,7 +288,7 @@
 			hEncoder->srInfo->num_cb_short);
 	
 	/* load channel_map */
-	for( i = 0; i < 64; i++ )
+	for( i = 0; i < MAX_CHANNELS; i++ )
 		hEncoder->config.channel_map[i] = config->channel_map[i];
 
     /* OK */
@@ -303,6 +303,9 @@
     unsigned int channel;
     faacEncStruct* hEncoder;
 
+    if (numChannels > MAX_CHANNELS)
+	return NULL;
+
     *inputSamples = FRAME_LEN*numChannels;
     *maxOutputBytes = (6144/8)*numChannels;
 
@@ -342,7 +345,7 @@
     hEncoder->config.shortctl = SHORTCTL_NORMAL;
 
 	/* default channel map is straight-through */
-	for( channel = 0; channel < 64; channel++ )
+	for( channel = 0; channel < MAX_CHANNELS; channel++ )
 		hEncoder->config.channel_map[channel] = channel;
 	
     /*
@@ -1122,6 +1125,9 @@
 
 /*
 $Log: frame.c,v $
+Revision 1.70  2017/07/01 08:52:28  knik
+fixed CVE-2017-9130 (crash with improper .wav input)
+
 Revision 1.69  2012/03/01 18:34:17  knik
 Build faac against the public API exposed in <faac.h> instead of the private API defined in "libfaac/frame.h".