New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
audioop.adpcm2lin Buffer Over-read #68644
Comments
The audioop.adpcm2lin function suffers from a buffer over-read caused by unchecked access to stepsizeTable at line 1545 of Modules\audioop.c:
step = stepsizeTable[index];
Because the index variable can be controlled via the third parameter of audioop.adpcm2lin, this behavior could potentially be exploited to disclose arbitrary memory, should an application expose the parameter to the attack surface. 0:000> r To fix this issue, it is recommended that bounds checking be performed prior to accessing stepsizeTable. |
Here is a patch that checks the state and raises ValueError if integer values out of range. |
New changeset 1f6c096ee772 by Serhiy Storchaka in branch '2.7': New changeset fd17e168b59f by Serhiy Storchaka in branch '3.4': New changeset 3039cb5b673c by Serhiy Storchaka in branch '3.5': New changeset 0e1d9018e74b by Serhiy Storchaka in branch 'default': |
The patch for 2.7 also fixed SystemError and possible memory leak. |
Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.
Show more details
GitHub fields:
bugs.python.org fields:
The text was updated successfully, but these errors were encountered: