Oreon-Lime-R2/audiofile/audiofile-0.3.6-CVE-2022-24599.patch

diff --git a/sfcommands/printinfo.c b/sfcommands/printinfo.c
index 60e6947..f5cf925 100644
--- a/sfcommands/printinfo.c
+++ b/sfcommands/printinfo.c
@@ -37,6 +37,7 @@
 #include <stdint.h>
 #include <stdio.h>
 #include <stdlib.h>
+#include <limits.h>

 static char *copyrightstring (AFfilehandle file);

@@ -147,7 +148,11 @@ static char *copyrightstring (AFfilehandle file)
 	int		i, misccount;

 	misccount = afGetMiscIDs(file, NULL);
-	miscids = (int *) malloc(sizeof (int) * misccount);
+	if(!misccount)
+		return NULL;
+	miscids = (int *) calloc(misccount, sizeof(int));
+	if(!miscids)
+		return NULL;
 	afGetMiscIDs(file, miscids);

 	for (i=0; i<misccount; i++)
@@ -159,13 +164,16 @@ static char *copyrightstring (AFfilehandle file)
 			If this code executes, the miscellaneous chunk is a
 			copyright chunk.
 		*/
-		int datasize = afGetMiscSize(file, miscids[i]);
-		char *data = (char *) malloc(datasize);
+		size_t datasize = afGetMiscSize(file, miscids[i]);
+		if(datasize >= INT_MAX -1 ) {
+			goto error;
+		}
+		char *data = (char *) calloc(datasize + 1, 1);
 		afReadMisc(file, miscids[i], data, datasize);
 		copyright = data;
 		break;
 	}
-
+error:
 	free(miscids);

 	return copyright;
add extracted source code from packages repo 2024-05-31 20:37:45 -07:00			`diff --git a/sfcommands/printinfo.c b/sfcommands/printinfo.c`
			`index 60e6947..f5cf925 100644`
			`--- a/sfcommands/printinfo.c`
			`+++ b/sfcommands/printinfo.c`
			`@@ -37,6 +37,7 @@`
			`#include <stdint.h>`
			`#include <stdio.h>`
			`#include <stdlib.h>`
			`+#include <limits.h>`

			`static char *copyrightstring (AFfilehandle file);`

			`@@ -147,7 +148,11 @@ static char *copyrightstring (AFfilehandle file)`
			`int i, misccount;`

			`misccount = afGetMiscIDs(file, NULL);`
			`- miscids = (int ) malloc(sizeof (int) misccount);`
			`+ if(!misccount)`
			`+ return NULL;`
			`+ miscids = (int *) calloc(misccount, sizeof(int));`
			`+ if(!miscids)`
			`+ return NULL;`
			`afGetMiscIDs(file, miscids);`

			`for (i=0; i<misccount; i++)`
			`@@ -159,13 +164,16 @@ static char *copyrightstring (AFfilehandle file)`
			`If this code executes, the miscellaneous chunk is a`
			`copyright chunk.`
			`*/`
			`- int datasize = afGetMiscSize(file, miscids[i]);`
			`- char data = (char ) malloc(datasize);`
			`+ size_t datasize = afGetMiscSize(file, miscids[i]);`
			`+ if(datasize >= INT_MAX -1 ) {`
			`+ goto error;`
			`+ }`
			`+ char data = (char ) calloc(datasize + 1, 1);`
			`afReadMisc(file, miscids[i], data, datasize);`
			`copyright = data;`
			`break;`
			`}`
			`-`
			`+error:`
			`free(miscids);`

			`return copyright;`