1Backport patch to fix CVE-2020-23903. 2 3CVE: CVE-2020-23903 4Upstream-Status: Backport [https://github.com/xiph/speex/commit/870ff84] 5 6Signed-off-by: Kai Kang <kai.kang@windriver.com> 7 8From 870ff845b32f314aec0036641ffe18aba4916887 Mon Sep 17 00:00:00 2001 9From: Tristan Matthews <tmatth@videolan.org> 10Date: Mon, 13 Jul 2020 23:25:03 -0400 11Subject: [PATCH] wav_io: guard against invalid channel numbers 12 13Fixes #13 14--- 15 src/wav_io.c | 2 +- 16 1 file changed, 1 insertion(+), 1 deletion(-) 17 18diff --git a/src/wav_io.c b/src/wav_io.c 19index b5183015..09d62eb0 100644 20--- a/src/wav_io.c 21+++ b/src/wav_io.c 22@@ -111,7 +111,7 @@ int read_wav_header(FILE *file, int *rate, int *channels, int *format, spx_int32 23 stmp = le_short(stmp); 24 *channels = stmp; 25 26- if (stmp>2) 27+ if (stmp>2 || stmp<1) 28 { 29 fprintf (stderr, "Only mono and (intensity) stereo supported\n"); 30 return -1; 31