Csound Csound-dev Csound-tekno Search About

[Cs-dev] [ csound-Bugs-2055893 ] Potential integer overflow in pvlook() function

Date2010-02-28 17:27
From"SourceForge.net"
Subject[Cs-dev] [ csound-Bugs-2055893 ] Potential integer overflow in pvlook() function
Bugs item #2055893, was opened at 2008-08-17 14:21
Message generated for change (Settings changed) made by jpff
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=564599&aid=2055893&group_id=81968

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: None
Group: None
Status: Open
>Resolution: Fixed
Priority: 5
Private: No
Submitted By: telly (wtl-icst)
Assigned to: John ffitch (jpff)
Summary: Potential integer overflow in pvlook() function

Initial Comment:
Pvlook doesn't check input file rightly. A crafted input file could cause integer overflow.
    
    PVOCDATA data;
......
    if ((fp = csound->PVOC_OpenFile(csound, argv[argc - 1], &data, &fmt)) < 0)
......

      framesize = data.nAnalysisBins * 2 * sizeof(float);
      frames = (float*) csound->Malloc(csound, framesize * numframes);

PVOC_Openfile() fills PVOCDATA "data" with data from input file by invoking pvoc_readheader() function. data.nAnalysisBins is a tainted value, however,PVlook trusts the value. 
data.nAnalysisBins * 2 * sizeof(float)* numframes is easily overflowed by a huge data.nAnalysisBins.

Right? Waiting for your reply, thanks.

Tielei Wang.

----------------------------------------------------------------------

Comment By: John ffitch (jpff)
Date: 2010-02-24 06:28

Message:
Believed fixed

----------------------------------------------------------------------

Comment By: John ffitch (jpff)
Date: 2009-07-05 14:08

Message:
Probably true; will look into a fix at some time

----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=564599&aid=2055893&group_id=81968

------------------------------------------------------------------------------
Download Intel® Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
_______________________________________________
Csound-devel mailing list
Csound-devel@lists.sourceforge.net