From 7dd0f121e4162cdcde5eb5846a82bd24f3455555 Mon Sep 17 00:00:00 2001
From: yannaingtun <yannaingtun2007@gmail.com>
Date: Tue, 4 Mar 2025 10:54:12 +0800
Subject: [PATCH] Fix security vulnerability: add bounds check for
 numCoefficients

When building with NDEBUG, asserts are eliminated, which could
lead to buffer overflow via out-of-bounds access to m_msadpcmCoefficients.
This adds explicit bounds checks that remain even when assertions are disabled.

Similar to the fix for CVE-2018-13440 in the original AudioFile library.
---
 tools/audiofile/audiofile.cpp | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/tools/audiofile/audiofile.cpp b/tools/audiofile/audiofile.cpp
index 163237b5..c2ba0f04 100644
--- a/tools/audiofile/audiofile.cpp
+++ b/tools/audiofile/audiofile.cpp
@@ -11183,7 +11183,11 @@ status WAVEFile::parseFormat(const Tag &id, uint32_t size)
 
 			/* numCoefficients should be at least 7. */
 			assert(numCoefficients >= 7 && numCoefficients <= 255);
-
+			if (numCoefficients < 7 || numCoefficients > 255)
+			{
+				_af_error(AF_BAD_HEADER, "Bad number of coefficients");
+				return AF_FAIL;
+			}
 			m_msadpcmNumCoefficients = numCoefficients;
 
 			for (int i=0; i<m_msadpcmNumCoefficients; i++)