Skip to content

C
cpython
Commit 15e5b1bf authored by Victor Stinner's avatar Victor Stinner
Browse files
Options

Issue #7673: Fix security vulnerability (CVE-2010-2089) in the audioop module, 

ensure that the input string length is a multiple of the frame size
parent 7b18c93d
Expand all Hide whitespace changes
Inline Side-by-side
Showing with 108 additions and 74 deletions
Lib/test/test_audioop.py
View file @ 15e5b1bf
......@@ -20,6 +20,12 @@ def gendata4():
data = [gendata1(), gendata2(), gendata4()]
INVALID_DATA = [
('abc', 0),
('abc', 2),
('abc', 4),
]
class TestAudioop(unittest.TestCase):
......@@ -166,6 +172,33 @@ class TestAudioop(unittest.TestCase):
self.assertRaises(audioop.error,
audioop.findmax, ''.join( chr(x) for x in xrange(256)), -2392392)
def test_issue7673(self):
state = None
for data, size in INVALID_DATA:
size2 = size
self.assertRaises(audioop.error, audioop.getsample, data, size, 0)
self.assertRaises(audioop.error, audioop.max, data, size)
self.assertRaises(audioop.error, audioop.minmax, data, size)
self.assertRaises(audioop.error, audioop.avg, data, size)
self.assertRaises(audioop.error, audioop.rms, data, size)
self.assertRaises(audioop.error, audioop.avgpp, data, size)
self.assertRaises(audioop.error, audioop.maxpp, data, size)
self.assertRaises(audioop.error, audioop.cross, data, size)
self.assertRaises(audioop.error, audioop.mul, data, size, 1.0)
self.assertRaises(audioop.error, audioop.tomono, data, size, 0.5, 0.5)
self.assertRaises(audioop.error, audioop.tostereo, data, size, 0.5, 0.5)
self.assertRaises(audioop.error, audioop.add, data, data, size)
self.assertRaises(audioop.error, audioop.bias, data, size, 0)
self.assertRaises(audioop.error, audioop.reverse, data, size)
self.assertRaises(audioop.error, audioop.lin2lin, data, size, size2)
self.assertRaises(audioop.error, audioop.ratecv, data, size, 1, 1, 1, state)
self.assertRaises(audioop.error, audioop.lin2ulaw, data, size)
self.assertRaises(audioop.error, audioop.ulaw2lin, data, size)
self.assertRaises(audioop.error, audioop.lin2alaw, data, size)
self.assertRaises(audioop.error, audioop.alaw2lin, data, size)
self.assertRaises(audioop.error, audioop.lin2adpcm, data, size, state)
self.assertRaises(audioop.error, audioop.adpcm2lin, data, size, state)
def test_main():
run_unittest(TestAudioop)
......
Misc/NEWS
View file @ 15e5b1bf
......@@ -17,6 +17,9 @@ Core and Builtins
Library
-------
- Issue #7673: Fix security vulnerability (CVE-2010-2089) in the audioop
module, ensure that the input string length is a multiple of the frame size
- Issue #9075: In the ssl module, remove the setting of a ``debug`` flag
on an OpenSSL structure.
......@@ -51,7 +54,7 @@ Build
Library
-------
- Issue #6589: cleanup asyncore.socket_map in case smtpd.SMTPServer constructor
- Issue #6589: cleanup asyncore.socket_map in case smtpd.SMTPServer constructor
raises an exception.
- Issue #8959: fix regression caused by using unmodified libffi
......
Modules/audioop.c
View file @ 15e5b1bf
This diff is collapsed.
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7