Sophie

Sophie

distrib > Mandriva > 2010.1 > i586 > media > contrib-updates-src > by-pkgid > f722e3fddb6bcd9335a8848a4b05a73c > files > 25

xbmc-10.1-1.pvr.2mdv2010.2.src.rpm

From 153f0982934b758f1fa94c20dca8886e1c939064 Mon Sep 17 00:00:00 2001
From: Anssi Hannula <anssi.hannula@iki.fi>
Date: Sat, 13 Nov 2010 18:29:37 +0200
Subject: [PATCH 12/15] fixed: CVE-2010-2089 in internal python (Mandriva)

---
 xbmc/lib/libPython/Python/Modules/audioop.c |  136 +++++++++++++--------------
 1 files changed, 67 insertions(+), 69 deletions(-)

diff --git a/xbmc/lib/libPython/Python/Modules/audioop.c b/xbmc/lib/libPython/Python/Modules/audioop.c
index 598e365..31c89b2 100644
--- a/xbmc/lib/libPython/Python/Modules/audioop.c
+++ b/xbmc/lib/libPython/Python/Modules/audioop.c
@@ -148,6 +148,29 @@ static int stepsizeTable[89] = {
 
 static PyObject *AudioopError;
 
+static int
+audioop_check_size(int size)
+{
+	if ( size != 1 && size != 2 && size != 4 ) {
+		PyErr_SetString(AudioopError, "Size should be 1, 2 or 4");
+		return 0;
+	} else {
+		return 1;
+	}
+}
+
+static int
+audioop_check_parameters(int len, int size)
+{
+	if (!audioop_check_size(size))
+		return 0;
+	if ( len % size != 0 ) {
+		PyErr_SetString(AudioopError, "not a whole number of frames");
+		return 0;
+	}
+	return 1;
+}
+
 static PyObject *
 audioop_getsample(PyObject *self, PyObject *args)
 {
@@ -157,10 +180,8 @@ audioop_getsample(PyObject *self, PyObject *args)
 
 	if ( !PyArg_Parse(args, "(s#ii)", &cp, &len, &size, &i) )
 		return 0;
-	if ( size != 1 && size != 2 && size != 4 ) {
-		PyErr_SetString(AudioopError, "Size should be 1, 2 or 4");
-		return 0;
-	}
+	if (!audioop_check_parameters(len, size))
+		return NULL;
 	if ( i < 0 || i >= len/size ) {
 		PyErr_SetString(AudioopError, "Index out of range");
 		return 0;
@@ -181,10 +202,8 @@ audioop_max(PyObject *self, PyObject *args)
 
 	if ( !PyArg_Parse(args, "(s#i)", &cp, &len, &size) )
 		return 0;
-	if ( size != 1 && size != 2 && size != 4 ) {
-		PyErr_SetString(AudioopError, "Size should be 1, 2 or 4");
-		return 0;
-	}
+	if (!audioop_check_parameters(len, size))
+		return NULL;
 	for ( i=0; i<len; i+= size) {
 		if ( size == 1 )      val = (int)*CHARP(cp, i);
 		else if ( size == 2 ) val = (int)*SHORTP(cp, i);
@@ -205,10 +224,8 @@ audioop_minmax(PyObject *self, PyObject *args)
 
 	if (!PyArg_Parse(args, "(s#i)", &cp, &len, &size))
 		return NULL;
-	if (size != 1 && size != 2 && size != 4) {
-		PyErr_SetString(AudioopError, "Size should be 1, 2 or 4");
+	if (!audioop_check_parameters(len, size))
 		return NULL;
-	}
 	for (i = 0; i < len; i += size) {
 		if (size == 1) val = (int) *CHARP(cp, i);
 		else if (size == 2) val = (int) *SHORTP(cp, i);
@@ -229,10 +246,8 @@ audioop_avg(PyObject *self, PyObject *args)
 
 	if ( !PyArg_Parse(args, "(s#i)", &cp, &len, &size) )
 		return 0;
-	if ( size != 1 && size != 2 && size != 4 ) {
-		PyErr_SetString(AudioopError, "Size should be 1, 2 or 4");
-		return 0;
-	}
+	if (!audioop_check_parameters(len, size))
+		return NULL;
 	for ( i=0; i<len; i+= size) {
 		if ( size == 1 )      val = (int)*CHARP(cp, i);
 		else if ( size == 2 ) val = (int)*SHORTP(cp, i);
@@ -256,10 +271,8 @@ audioop_rms(PyObject *self, PyObject *args)
 
 	if ( !PyArg_Parse(args, "(s#i)", &cp, &len, &size) )
 		return 0;
-	if ( size != 1 && size != 2 && size != 4 ) {
-		PyErr_SetString(AudioopError, "Size should be 1, 2 or 4");
-		return 0;
-	}
+	if (!audioop_check_parameters(len, size))
+		return NULL;
 	for ( i=0; i<len; i+= size) {
 		if ( size == 1 )      val = (int)*CHARP(cp, i);
 		else if ( size == 2 ) val = (int)*SHORTP(cp, i);
@@ -460,10 +473,8 @@ audioop_avgpp(PyObject *self, PyObject *args)
 
 	if ( !PyArg_Parse(args, "(s#i)", &cp, &len, &size) )
 		return 0;
-	if ( size != 1 && size != 2 && size != 4 ) {
-		PyErr_SetString(AudioopError, "Size should be 1, 2 or 4");
-		return 0;
-	}
+	if (!audioop_check_parameters(len, size))
+		return NULL;
 	/* Compute first delta value ahead. Also automatically makes us
 	** skip the first extreme value
 	*/
@@ -517,10 +528,8 @@ audioop_maxpp(PyObject *self, PyObject *args)
 
 	if ( !PyArg_Parse(args, "(s#i)", &cp, &len, &size) )
 		return 0;
-	if ( size != 1 && size != 2 && size != 4 ) {
-		PyErr_SetString(AudioopError, "Size should be 1, 2 or 4");
-		return 0;
-	}
+	if (!audioop_check_parameters(len, size))
+		return NULL;
 	/* Compute first delta value ahead. Also automatically makes us
 	** skip the first extreme value
 	*/
@@ -568,10 +577,8 @@ audioop_cross(PyObject *self, PyObject *args)
 
 	if ( !PyArg_Parse(args, "(s#i)", &cp, &len, &size) )
 		return 0;
-	if ( size != 1 && size != 2 && size != 4 ) {
-		PyErr_SetString(AudioopError, "Size should be 1, 2 or 4");
-		return 0;
-	}
+	if (!audioop_check_parameters(len, size))
+		return NULL;
 	ncross = -1;
 	prevval = 17; /* Anything <> 0,1 */
 	for ( i=0; i<len; i+= size) {
@@ -596,6 +603,8 @@ audioop_mul(PyObject *self, PyObject *args)
 
 	if ( !PyArg_Parse(args, "(s#id)", &cp, &len, &size, &factor ) )
 		return 0;
+	if (!audioop_check_parameters(len, size))
+		return NULL;
     
 	if ( size == 1 ) maxval = (double) 0x7f;
 	else if ( size == 2 ) maxval = (double) 0x7fff;
@@ -637,6 +646,12 @@ audioop_tomono(PyObject *self, PyObject *args)
 
 	if ( !PyArg_Parse(args, "(s#idd)", &cp, &len, &size, &fac1, &fac2 ) )
 		return 0;
+	if (!audioop_check_parameters(len, size))
+		return NULL;
+	if ( ((len / size) & 1) != 0 ) {
+		PyErr_SetString(AudioopError, "not a whole number of frames");
+		return NULL;
+	}
     
 	if ( size == 1 ) maxval = (double) 0x7f;
 	else if ( size == 2 ) maxval = (double) 0x7fff;
@@ -681,6 +696,8 @@ audioop_tostereo(PyObject *self, PyObject *args)
 
 	if ( !PyArg_Parse(args, "(s#idd)", &cp, &len, &size, &fac1, &fac2 ) )
 		return 0;
+	if (!audioop_check_parameters(len, size))
+		return NULL;
     
 	if ( size == 1 ) maxval = (double) 0x7f;
 	else if ( size == 2 ) maxval = (double) 0x7fff;
@@ -739,7 +756,8 @@ audioop_add(PyObject *self, PyObject *args)
 	if ( !PyArg_Parse(args, "(s#s#i)",
 			  &cp1, &len1, &cp2, &len2, &size ) )
 		return 0;
-
+	if (!audioop_check_parameters(len1, size))
+		return NULL;
 	if ( len1 != len2 ) {
 		PyErr_SetString(AudioopError, "Lengths should be the same");
 		return 0;
@@ -793,11 +811,8 @@ audioop_bias(PyObject *self, PyObject *args)
 	if ( !PyArg_Parse(args, "(s#ii)",
 			  &cp, &len, &size , &bias) )
 		return 0;
-
-	if ( size != 1 && size != 2 && size != 4) {
-		PyErr_SetString(AudioopError, "Size should be 1, 2 or 4");
-		return 0;
-	}
+	if (!audioop_check_parameters(len, size))
+		return NULL;
     
 	rv = PyString_FromStringAndSize(NULL, len);
 	if ( rv == 0 )
@@ -829,12 +844,9 @@ audioop_reverse(PyObject *self, PyObject *args)
 	if ( !PyArg_Parse(args, "(s#i)",
 			  &cp, &len, &size) )
 		return 0;
+	if (!audioop_check_parameters(len, size))
+		return NULL;
 
-	if ( size != 1 && size != 2 && size != 4 ) {
-		PyErr_SetString(AudioopError, "Size should be 1, 2 or 4");
-		return 0;
-	}
-    
 	rv = PyString_FromStringAndSize(NULL, len);
 	if ( rv == 0 )
 		return 0;
@@ -866,12 +878,10 @@ audioop_lin2lin(PyObject *self, PyObject *args)
 	if ( !PyArg_Parse(args, "(s#ii)",
 			  &cp, &len, &size, &size2) )
 		return 0;
-
-	if ( (size != 1 && size != 2 && size != 4) ||
-	     (size2 != 1 && size2 != 2 && size2 != 4)) {
-		PyErr_SetString(AudioopError, "Size should be 1, 2 or 4");
-		return 0;
-	}
+	if (!audioop_check_parameters(len, size))
+		return NULL;
+	if (!audioop_check_size(size2))
+		return NULL;
     
 	if (len/size > INT_MAX/size2) {
 		PyErr_SetString(PyExc_MemoryError,
@@ -920,10 +930,8 @@ audioop_ratecv(PyObject *self, PyObject *args)
 	if (!PyArg_ParseTuple(args, "s#iiiiO|ii:ratecv", &cp, &len, &size, &nchannels,
 			      &inrate, &outrate, &state, &weightA, &weightB))
 		return NULL;
-	if (size != 1 && size != 2 && size != 4) {
-		PyErr_SetString(AudioopError, "Size should be 1, 2 or 4");
+	if (!audioop_check_size(size))
 		return NULL;
-	}
 	if (nchannels < 1) {
 		PyErr_SetString(AudioopError, "# of channels should be >= 1");
 		return NULL;
@@ -1097,10 +1105,8 @@ audioop_lin2ulaw(PyObject *self, PyObject *args)
 			  &cp, &len, &size) )
 		return 0;
 
-	if ( size != 1 && size != 2 && size != 4) {
-		PyErr_SetString(AudioopError, "Size should be 1, 2 or 4");
-		return 0;
-	}
+	if (!audioop_check_parameters(len, size))
+		return NULL;
     
 	rv = PyString_FromStringAndSize(NULL, len/size);
 	if ( rv == 0 )
@@ -1130,11 +1136,8 @@ audioop_ulaw2lin(PyObject *self, PyObject *args)
 	if ( !PyArg_Parse(args, "(s#i)",
 			  &cp, &len, &size) )
 		return 0;
-
-	if ( size != 1 && size != 2 && size != 4) {
-		PyErr_SetString(AudioopError, "Size should be 1, 2 or 4");
-		return 0;
-	}
+	if (!audioop_check_size(size))
+		return NULL;
     
 	if (len > INT_MAX/size) {
 		PyErr_SetString(PyExc_MemoryError,
@@ -1172,10 +1175,8 @@ audioop_lin2adpcm(PyObject *self, PyObject *args)
 		return 0;
     
 
-	if ( size != 1 && size != 2 && size != 4) {
-		PyErr_SetString(AudioopError, "Size should be 1, 2 or 4");
-		return 0;
-	}
+	if (!audioop_check_parameters(len, size))
+		return NULL;
     
 	str = PyString_FromStringAndSize(NULL, len/(size*2));
 	if ( str == 0 )
@@ -1278,11 +1279,8 @@ audioop_adpcm2lin(PyObject *self, PyObject *args)
 	if ( !PyArg_Parse(args, "(s#iO)",
 			  &cp, &len, &size, &state) )
 		return 0;
-
-	if ( size != 1 && size != 2 && size != 4) {
-		PyErr_SetString(AudioopError, "Size should be 1, 2 or 4");
-		return 0;
-	}
+	if (!audioop_check_parameters(len, size))
+		return NULL;
     
 	/* Decode state, should have (value, step) */
 	if ( state == Py_None ) {
-- 
1.7.3

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional