ms_adpcm: Fix and extend size checks

'blockalign' is the size of a block, and each block contains 7 samples per channel as part of the preamble, so check against 'samplesperblock' rather than 'blockalign'. Also add an additional check that the block is big enough to hold the samples it claims to hold. https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26803
2024-12-03 16:21:48 +00:00 · 2021-02-18 21:52:09 +00:00 · 2021-02-18 21:52:09 +00:00 · deb669ee8b
commit deb669ee8b
parent a9815b3f22
1 changed files with 8 additions and 2 deletions
--- a/src/ms_adpcm.c
+++ b/src/ms_adpcm.c
@ -128,8 +128,14 @@ wavlike_msadpcm_init	(SF_PRIVATE *psf, int blockalign, int samplesperblock)
 	if (psf->file.mode == SFM_WRITE)
 		samplesperblock = 2 + 2 * (blockalign - 7 * psf->sf.channels) / psf->sf.channels ;

-	if (blockalign < 7 * psf->sf.channels)
-	{	psf_log_printf (psf, "*** Error blockalign (%d) should be > %d.\n", blockalign, 7 * psf->sf.channels) ;
+	/* There's 7 samples per channel in the preamble of each block */
+	if (samplesperblock < 7 * psf->sf.channels)
+	{	psf_log_printf (psf, "*** Error samplesperblock (%d) should be >= %d.\n", samplesperblock, 7 * psf->sf.channels) ;
+		return SFE_INTERNAL ;
+		} ;
+
+	if (2 * blockalign < samplesperblock * psf->sf.channels)
+	{	psf_log_printf (psf, "*** Error blockalign (%d) should be >= %d.\n", blockalign, samplesperblock * psf->sf.channels / 2) ;
 		return SFE_INTERNAL ;
 		} ;