Registration is now invite-only. Any user can make an invite, you need to create it here and give resulting link to someone to register.

About project

WavPack is a completely open audio compression format providing
lossless, high-quality lossy, and a unique hybrid compression
mode. Although the technology is loosely based on previous versions of
WavPack, the new version 4 format has been designed from the ground up
to offer unparalleled performance and functionality.

In the default lossless mode WavPack acts just like a WinZip
compressor for audio files. However, unlike MP3 or WMA encoding which
can affect the sound quality, not a single bit of the original
information is lost, so there's no chance of degradation. This makes
lossless mode ideal for archiving audio material or any other
situation where quality is paramount. The compression ratio depends on
the source material, but generally is between 30% and 70%.

The hybrid mode provides all the advantages of lossless compression
with an additional bonus. Instead of creating a single file, this mode
creates both a relatively small, high-quality lossy file that can be
used all by itself, and a "correction" file that (when combined with
the lossy file) provides full lossless restoration. For some users
this means never having to choose between lossless and lossy
compression!

Last commit

avatar
ilfat has added 4921ba3342
Security fixes for CVE-2020-35738

Files in

  1. wavpack
  2. CVE-2020-35738-2.patch
100644 | 52 lines (43 sloc) | 2.05 KB
Raw | Blame | History 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52

From 89df160596132e3bd666322e1c20b2ebd4b92cd0 Mon Sep 17 00:00:00 2001
From: David Bryant <david@wavpack.com>
Date: Tue, 29 Dec 2020 20:47:19 -0800
Subject: [PATCH] issue #91: fix integer overflows resulting in buffer overruns
 and sanitize a few more encoding parameters for clarity

---
 src/pack_utils.c | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/src/pack_utils.c b/src/pack_utils.c
index 17d93816..480ab902 100644
--- a/src/pack_utils.c
+++ b/src/pack_utils.c
@@ -200,8 +200,13 @@ int WavpackSetConfiguration64 (WavpackContext *wpc, WavpackConfig *config, int64
         return FALSE;
     }
 
-    if (!num_chans) {
-        strcpy (wpc->error_message, "channel count cannot be zero!");
+    if (num_chans <= 0 || num_chans > NEW_MAX_STREAMS * 2) {
+        strcpy (wpc->error_message, "invalid channel count!");
+        return FALSE;
+    }
+
+    if (config->block_samples && (config->block_samples < 16 || config->block_samples > 131072)) {
+        strcpy (wpc->error_message, "invalid custom block samples!");
         return FALSE;
     }
 
@@ -523,7 +528,7 @@ int WavpackPackInit (WavpackContext *wpc)
         if (wpc->config.num_channels == 1)
             wpc->block_samples *= 2;
 
-        while (wpc->block_samples > 12000 && wpc->block_samples * wpc->config.num_channels > 300000)
+        while (wpc->block_samples > 12000 && (int64_t) wpc->block_samples * wpc->config.num_channels > 300000)
             wpc->block_samples /= 2;
     }
     else {
@@ -534,10 +539,10 @@ int WavpackPackInit (WavpackContext *wpc)
 
         wpc->block_samples = wpc->config.sample_rate / divisor;
 
-        while (wpc->block_samples > 12000 && wpc->block_samples * wpc->config.num_channels > 75000)
+        while (wpc->block_samples > 12000 && (int64_t) wpc->block_samples * wpc->config.num_channels > 75000)
             wpc->block_samples /= 2;
 
-        while (wpc->block_samples * wpc->config.num_channels < 20000)
+        while ((int64_t) wpc->block_samples * wpc->config.num_channels < 20000)
             wpc->block_samples *= 2;
     }