cheng/wxWidgets
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add format sub-chunk size check to WAV parsing

Browse Source 
This fixes a crash due to reading beyond the buffer bounds when checking
for "data" if WAVEFORMAT::uiSize was too big.
This commit is contained in:
Vadim Zeitlin 2017-12-30 17:28:27 +01:00
parent 69cd6039eb
commit 45e8d13e13
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/unix/sound.cpp
View File

@ -657,6 +657,12 @@ bool wxSound::LoadWAV(const void* data_, size_t length, bool copyData)
return false; return false;
if (memcmp(&data[FMT_INDEX], "fmt ", 4) != 0) if (memcmp(&data[FMT_INDEX], "fmt ", 4) != 0)
return false; return false;
// Check that the format chunk size is correct: it must be 16 for PCM,
// which is the only format we handle.
if (waveformat.uiSize != 16)
return false;
if (memcmp(&data[FMT_INDEX + waveformat.uiSize + 8], "data", 4) != 0) if (memcmp(&data[FMT_INDEX + waveformat.uiSize + 8], "data", 4) != 0)
return false; return false;