From 25b4a2725d8568212e7cf89ca05ca29d128af7ac Mon Sep 17 00:00:00 2001 From: David Bryant Date: Tue, 5 Jul 2022 18:58:19 -0700 Subject: [PATCH] issue #121: NULL pointer dereference in wvunpack.c * check for NULL pointer before dereferencing in wvunpack.c * sanitize custom extensions to be alphanumeric only --- cli/wvunpack.c | 6 ++++-- src/open_utils.c | 10 ++++++++-- 2 files changed, 12 insertions(+), 4 deletions(-) diff --git a/cli/wvunpack.c b/cli/wvunpack.c index c8dea624..9a5a49aa 100644 --- a/cli/wvunpack.c +++ b/cli/wvunpack.c @@ -907,8 +907,10 @@ int main(int argc, char **argv) // clean up in preparation for potentially another file - if (outpath) - *filespec_name (outfilename) = '\0'; + if (outpath) { + if (filespec_name (outfilename)) + *filespec_name (outfilename) = '\0'; + } else if (*outfilename != '-') { free (outfilename); outfilename = NULL; diff --git a/src/open_utils.c b/src/open_utils.c index 3e14de50..795471eb 100644 --- a/src/open_utils.c +++ b/src/open_utils.c @@ -18,6 +18,7 @@ #include #include +#include #include "wavpack_local.h" @@ -796,8 +797,13 @@ static int process_metadata (WavpackContext *wpc, WavpackMetadata *wpmd) case ID_ALT_EXTENSION: if (wpmd->byte_length && wpmd->byte_length < sizeof (wpc->file_extension)) { - memcpy (wpc->file_extension, wpmd->data, wpmd->byte_length); - wpc->file_extension [wpmd->byte_length] = 0; + int i, j; + + for (i = j = 0; i < wpmd->byte_length; ++i) + if (isalnum (((char *) wpmd->data) [i])) + wpc->file_extension [j++] = ((char *) wpmd->data) [i]; + + wpc->file_extension [j] = 0; } return TRUE;