Skip to content

Commit

Permalink
mat4/mat5: fix int overflow when calculating blockwidth
Browse files Browse the repository at this point in the history 
Pre-cast the components of the blockwidth calculation to sf_count_t to
avoid overflowing integers during calculation.

CVE: CVE-2022-33065
Fixes: libsndfile#833

Signed-off-by: Alex Stewart <alex.stewart@ni.com>
  • Loading branch information
@amstewart @evpobr
amstewart authored and evpobr committed Oct 20, 2023
1 parent 5d53193 commit 39f2a4f
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 2 deletions.
2 changes: 1 addition & 1 deletion src/mat4.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -104,7 +104,7 @@ mat4_open (SF_PRIVATE *psf)

psf->container_close = mat4_close ;

psf->blockwidth = psf->bytewidth * psf->sf.channels ;
psf->blockwidth = (sf_count_t) psf->bytewidth * psf->sf.channels ;

switch (subformat)
{ case SF_FORMAT_PCM_16 :
Expand Down
2 changes: 1 addition & 1 deletion src/mat5.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -114,7 +114,7 @@ mat5_open (SF_PRIVATE *psf)

psf->container_close = mat5_close ;

psf->blockwidth = psf->bytewidth * psf->sf.channels ;
psf->blockwidth = (sf_count_t) psf->bytewidth * psf->sf.channels ;

switch (subformat)
{ case SF_FORMAT_PCM_U8 :
Expand Down

0 comments on commit 39f2a4f

Please sign in to comment.