From a3d9d7b58b80fa8de7d197067675786e051114d3 Mon Sep 17 00:00:00 2001
From: Mark Spencer <markster@digium.com>
Date: Thu, 15 Apr 2004 16:02:42 +0000
Subject: [PATCH] Do proper bounds checking in formats (bug #1356)

git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@2694 65c4cc65-6c06-0410-ace0-fbb531ad65f3
---
 formats/format_g729.c     | 3 ++-
 formats/format_gsm.c      | 3 ++-
 formats/format_pcm.c      | 3 ++-
 formats/format_pcm_alaw.c | 3 ++-
 formats/format_wav.c      | 3 ++-
 formats/format_wav_gsm.c  | 3 ++-
 6 files changed, 12 insertions(+), 6 deletions(-)

diff --git a/formats/format_g729.c b/formats/format_g729.c
index 746c40b8a4..68dde216fd 100755
--- a/formats/format_g729.c
+++ b/formats/format_g729.c
@@ -183,8 +183,9 @@ static int g729_seek(struct ast_filestream *fs, long sample_offset, int whence)
 		offset = max - bytes;
 	if (whence != SEEK_FORCECUR) {
 		offset = (offset > max)?max:offset;
-		offset = (offset < min)?min:offset;
 	}
+	// protect against seeking beyond begining.
+	offset = (offset < min)?min:offset;
 	if (lseek(fs->fd, offset, SEEK_SET) < 0)
 		return -1;
 	return 0;
diff --git a/formats/format_gsm.c b/formats/format_gsm.c
index 4ac2b5a5dd..d58039e6d2 100755
--- a/formats/format_gsm.c
+++ b/formats/format_gsm.c
@@ -197,9 +197,10 @@ static int gsm_seek(struct ast_filestream *fs, long sample_offset, int whence)
 		offset = distance + cur;
 	else if(whence == SEEK_END)
 		offset = max - distance;
+	// Always protect against seeking past the begining.
+	offset = (offset < min)?min:offset;
 	if (whence != SEEK_FORCECUR) {
 		offset = (offset > max)?max:offset;
-		offset = (offset < min)?min:offset;
 	} else if (offset > max) {
 		int i;
 		lseek(fs->fd, 0, SEEK_END);
diff --git a/formats/format_pcm.c b/formats/format_pcm.c
index a175f40aeb..bc548992ba 100755
--- a/formats/format_pcm.c
+++ b/formats/format_pcm.c
@@ -172,8 +172,9 @@ static int pcm_seek(struct ast_filestream *fs, long sample_offset, int whence)
 		offset = max - sample_offset;
 	if (whence != SEEK_FORCECUR) {
 		offset = (offset > max)?max:offset;
-		offset = (offset < min)?min:offset;
 	}
+	// always protect against seeking past begining.
+	offset = (offset < min)?min:offset;
 	return lseek(fs->fd, offset, SEEK_SET);
 }
 
diff --git a/formats/format_pcm_alaw.c b/formats/format_pcm_alaw.c
index 62103068d5..db6b0c3d03 100755
--- a/formats/format_pcm_alaw.c
+++ b/formats/format_pcm_alaw.c
@@ -253,8 +253,9 @@ static int pcm_seek(struct ast_filestream *fs, long sample_offset, int whence)
 		offset = max - sample_offset;
 	if (whence != SEEK_FORCECUR) {
 		offset = (offset > max)?max:offset;
-		offset = (offset < min)?min:offset;
 	}
+	// Always protect against seeking past begining
+	offset = (offset < min)?min:offset;
 	return lseek(fs->fd, offset, SEEK_SET);
 }
 
diff --git a/formats/format_wav.c b/formats/format_wav.c
index dbca8ed50b..52f1508abd 100755
--- a/formats/format_wav.c
+++ b/formats/format_wav.c
@@ -525,8 +525,9 @@ static int wav_seek(struct ast_filestream *fs, long sample_offset, int whence)
 		offset = max - samples;
         if (whence != SEEK_FORCECUR) {
 		offset = (offset > max)?max:offset;
-		offset = (offset < min)?min:offset;
 	}
+	// always protect the header space.
+	offset = (offset < min)?min:offset;
 	return lseek(fs->fd,offset,SEEK_SET);
 }
 
diff --git a/formats/format_wav_gsm.c b/formats/format_wav_gsm.c
index 1d33caffb9..6c988bdb8e 100755
--- a/formats/format_wav_gsm.c
+++ b/formats/format_wav_gsm.c
@@ -493,8 +493,9 @@ static int wav_seek(struct ast_filestream *fs, long sample_offset, int whence)
 		offset = distance + cur;
 	else if(whence == SEEK_END)
 		offset = max - distance;
+	// always protect against seeking past end of header
+	offset = (offset < min)?min:offset;
 	if (whence != SEEK_FORCECUR) {
-		offset = (offset < min)?min:offset;
 		offset = (offset > max)?max:offset;
 	} else if (offset > max) {
 		int i;
-- 
GitLab