$NetBSD: patch-ae,v 1.7.2.2 2009/06/08 21:05:22 spz Exp $

Upstream fix for DoS vulnerability taken from here:

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=530831

--- src/sds.c.orig	2009-03-22 19:17:14.000000000 +0000
+++ src/sds.c	2009-06-08 10:03:02.000000000 +0100
@@ -219,21 +219,40 @@
 	if (marker != 0xF07E || byte != 0x01)
 		return SFE_SDS_NOT_SDS ;
 
-	psf_log_printf (psf, "Midi Sample Dump Standard (.sds)\nF07E\n Midi Channel  : %d\n", channel) ;
+	bytesread += psf_binheader_readf (psf, "e2", &sample_no) ;
+	sample_no = SDS_3BYTE_TO_INT_DECODE (sample_no) ;
 
-	bytesread += psf_binheader_readf (psf, "e213", &sample_no, &bitwidth, &samp_period) ;
+	psf_log_printf (psf, "Midi Sample Dump Standard (.sds)\nF07E\n"
+						" Midi Channel  : %d\n Sample Number : %d\n",
+						channel, sample_no) ;
+
+	bytesread += psf_binheader_readf (psf, "e13", &bitwidth, &samp_period) ;
 
-	sample_no = SDS_3BYTE_TO_INT_DECODE (sample_no) ;
 	samp_period = SDS_3BYTE_TO_INT_DECODE (samp_period) ;
 
 	psds->bitwidth = bitwidth ;
 
-	psf->sf.samplerate = 1000000000 / samp_period ;
+	if (psds->bitwidth > 1)
+		psf_log_printf (psf, " Bit Width     : %d\n", psds->bitwidth) ;
+	else
+	{	psf_log_printf (psf, " Bit Width     : %d (should be > 1)\n", psds->bitwidth) ;
+		return SFE_SDS_BAD_BIT_WIDTH ;
+		} ;
+
+	if (samp_period > 0)
+	{	psf->sf.samplerate = 1000000000 / samp_period ;
 
-	psf_log_printf (psf, 	" Sample Number : %d\n"
-							" Bit Width     : %d\n"
+		psf_log_printf (psf, " Sample Period : %d\n"
 							" Sample Rate   : %d\n",
-			sample_no, psds->bitwidth, psf->sf.samplerate) ;
+							samp_period, psf->sf.samplerate) ;
+		}
+	else
+	{	psf->sf.samplerate = 16000 ;
+
+		psf_log_printf (psf, " Sample Period : %d (should be > 0)\n"
+							" Sample Rate   : %d (guessed)\n",
+							samp_period, psf->sf.samplerate) ;
+		} ;
 
 	bytesread += psf_binheader_readf (psf, "e3331", &data_length, &sustain_loop_start, &sustain_loop_end, &loop_type) ;
 
