main/lame/CVE-2015-9099.patch


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31

From 1ea4eac3e7d57dbad42fb067a32ac1600a0397a0 Mon Sep 17 00:00:00 2001
From: Maks Naumov <maksqwe1@ukr.net>
Date: Thu, 22 Jan 2015 16:20:40 +0200
Subject: [PATCH] Add check for invalid input sample rate

Signed-off-by: Maks Naumov <maksqwe1@ukr.net>
---
 libmp3lame/lame.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/libmp3lame/lame.c b/libmp3lame/lame.c
index 5989160..51d689c 100644
--- a/libmp3lame/lame.c
+++ b/libmp3lame/lame.c
@@ -822,6 +822,12 @@ lame_init_params(lame_global_flags * gfp)
     }
 #endif
 
+    if (gfp->samplerate_in < 0) {
+        freegfc(gfc);
+        gfp->internal_flags = NULL;
+        return -1;
+    }
+
     cfg->disable_reservoir = gfp->disable_reservoir;
     cfg->lowpassfreq = gfp->lowpassfreq;
     cfg->highpassfreq = gfp->highpassfreq;
-- 
1.9.4.msysgit.1