$OpenBSD: patch-src_sds_c,v 1.1 2009/05/31 17:31:13 jasper Exp $

Security fix for SA35266.

--- src/sds.c.orig	Sun Mar 22 13:17:14 2009
+++ src/sds.c	Sun May 31 10:21:16 2009
@@ -219,21 +219,40 @@ sds_read_header (SF_PRIVATE *psf, SDS_PRIVATE *psds)
 	if (marker != 0xF07E || byte != 0x01)
 		return SFE_SDS_NOT_SDS ;
 
-	psf_log_printf (psf, "Midi Sample Dump Standard (.sds)\nF07E\n Midi Channel  : %d\n", channel) ;
+	bytesread += psf_binheader_readf (psf, "e2", &sample_no) ;
+	sample_no = SDS_3BYTE_TO_INT_DECODE (sample_no) ;
 
-	bytesread += psf_binheader_readf (psf, "e213", &sample_no, &bitwidth, &samp_period) ;
+	psf_log_printf (psf, "Midi Sample Dump Standard (.sds)\nF07E\n"
+						" Midi Channel  : %d\n Sample Number : %d\n",
+						channel, sample_no) ;
 
-	sample_no = SDS_3BYTE_TO_INT_DECODE (sample_no) ;
+	bytesread += psf_binheader_readf (psf, "e13", &bitwidth, &samp_period) ;
+
 	samp_period = SDS_3BYTE_TO_INT_DECODE (samp_period) ;
 
 	psds->bitwidth = bitwidth ;
 
-	psf->sf.samplerate = 1000000000 / samp_period ;
+	if (psds->bitwidth > 1)
+		psf_log_printf (psf, " Bit Width     : %d\n", psds->bitwidth) ;
+	else
+	{	psf_log_printf (psf, " Bit Width     : %d (should be > 1)\n", psds->bitwidth) ;
+		return SFE_SDS_BAD_BIT_WIDTH ;
+		} ;
 
-	psf_log_printf (psf, 	" Sample Number : %d\n"
-							" Bit Width     : %d\n"
+	if (samp_period > 0)
+	{	psf->sf.samplerate = 1000000000 / samp_period ;
+
+		psf_log_printf (psf, " Sample Period : %d\n"
 							" Sample Rate   : %d\n",
-			sample_no, psds->bitwidth, psf->sf.samplerate) ;
+							samp_period, psf->sf.samplerate) ;
+		}
+	else
+	{	psf->sf.samplerate = 16000 ;
+
+		psf_log_printf (psf, " Sample Period : %d (should be > 0)\n"
+							" Sample Rate   : %d (guessed)\n",
+							samp_period, psf->sf.samplerate) ;
+		} ;
 
 	bytesread += psf_binheader_readf (psf, "e3331", &data_length, &sustain_loop_start, &sustain_loop_end, &loop_type) ;
 
