Description: Fix CVE-2017-9258, CVE-2017-9259, CVE-2017-9260 Based on an upstream commit, original commit message was: "Added sanity checks against illegal input audio stream parameters e.g. wildly excessive samplerate". . There is no reference to CVEs or bugs, the commit was made after disclosure of the CVEs and all three proofs of concept (crafted wav files) fail after this commit. . The commit was made after version 2.0.0, so that version is also vulnerable. . Unrelated changes were stripped away by patch author, upstream commit author is Olli Parviainen . Author: Gabor Karsay Origin: upstream, https://sourceforge.net/p/soundtouch/code/256/ Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870854 Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870856 Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870857 --- This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ --- a/source/SoundTouch/TDStretch.cpp +++ b/source/SoundTouch/TDStretch.cpp @@ -128,7 +128,12 @@ int aSeekWindowMS, int aOverlapMS) { // accept only positive parameter values - if zero or negative, use old values instead - if (aSampleRate > 0) this->sampleRate = aSampleRate; + if (aSampleRate > 0) + { + if (aSampleRate > 192000) ST_THROW_RT_ERROR("Error: Excessive samplerate"); + this->sampleRate = aSampleRate; + } + if (aOverlapMS > 0) this->overlapMs = aOverlapMS; if (aSequenceMS > 0)