Skip to content

Security Fix: Add explicit bounds check for numCoefficients in AudioFile library#98

Open
yannaingtun wants to merge 1 commit inton64decomp:masterfrom
yannaingtun:security-fix-audiofile
Open

Security Fix: Add explicit bounds check for numCoefficients in AudioFile library#98
yannaingtun wants to merge 1 commit inton64decomp:masterfrom
yannaingtun:security-fix-audiofile

Conversation

@yannaingtun
Copy link

@yannaingtun yannaingtun commented Mar 4, 2025

Description
This PR fixes a security vulnerability in the AudioFile library that was cloned from libaudiofile but did not receive the security patch applied in the original repository. The original issue was reported and fixed under antlarr/audiofile@c48e4c6. This PR applies the same patch as the one in the original repository to eliminate the vulnerability.
References
antlarr/audiofile@c48e4c6
Similar to CVE-2018-13440

@yannaingtun
Fix security vulnerability: add bounds check for numCoefficients
7dd0f12 
When building with NDEBUG, asserts are eliminated, which could
lead to buffer overflow via out-of-bounds access to m_msadpcmCoefficients.
This adds explicit bounds checks that remain even when assertions are disabled.

Similar to the fix for CVE-2018-13440 in the original AudioFile library.
@Al-ex-N Al-ex-N mentioned this pull request Mar 27, 2025
Merged
Al-ex-N added a commit to AlexN-SM64/sm64-port that referenced this pull request Mar 27, 2025
@Al-ex-N
Merge pull request #6 from yannaingtun/security-fix-audiofile
38a021a 
Pull request from n64decomp#98
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@yannaingtun