Control: tags 1131147 + patch Control: tags 1131147 + pending Control: tags 1134493 + patch Control: tags 1134493 + pending
Dear maintainer, I've prepared an NMU for kissfft (versioned as 131.1.0-4.1) and uploaded it to DELAYED/1. Please feel free to tell me if I should cancel it. cu Adrian
diffstat for kissfft-131.1.0 kissfft-131.1.0 changelog | 10 + patches/0001-check-for-overflow-on-32-bit-platform-closes-120.patch | 36 ++++ patches/0002-kiss_fftndr_alloc-check-for-overflow-and-_perhaps_-l.patch | 82 ++++++++++ patches/series | 2 4 files changed, 130 insertions(+) diff -Nru kissfft-131.1.0/debian/changelog kissfft-131.1.0/debian/changelog --- kissfft-131.1.0/debian/changelog 2025-09-26 00:32:11.000000000 +0300 +++ kissfft-131.1.0/debian/changelog 2026-05-07 14:02:10.000000000 +0300 @@ -1,3 +1,13 @@ +kissfft (131.1.0-4.1) unstable; urgency=medium + + * Non-maintainer upload. + * CVE-2025-34297: Integer Overflow on 32-bit Systems + (Closes: #1131147) + * CVE-2026-41445: Integer Overflow in kiss_fftndr_alloc() + (Closes: #1134493) + + -- Adrian Bunk <[email protected]> Thu, 07 May 2026 14:02:10 +0300 + kissfft (131.1.0-4) unstable; urgency=medium * Team upload. diff -Nru kissfft-131.1.0/debian/patches/0001-check-for-overflow-on-32-bit-platform-closes-120.patch kissfft-131.1.0/debian/patches/0001-check-for-overflow-on-32-bit-platform-closes-120.patch --- kissfft-131.1.0/debian/patches/0001-check-for-overflow-on-32-bit-platform-closes-120.patch 1970-01-01 02:00:00.000000000 +0200 +++ kissfft-131.1.0/debian/patches/0001-check-for-overflow-on-32-bit-platform-closes-120.patch 2026-05-07 14:01:40.000000000 +0300 @@ -0,0 +1,36 @@ +From 9a13b3b7f8568ebdad4508447708ce6f509667ee Mon Sep 17 00:00:00 2001 +From: Mark Borgerding <[email protected]> +Date: Wed, 26 Nov 2025 10:39:17 -0500 +Subject: check for overflow on 32 bit platform (closes #120) + +--- + kiss_fft.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/kiss_fft.c b/kiss_fft.c +index 58c24a0..aba63e0 100644 +--- a/kiss_fft.c ++++ b/kiss_fft.c +@@ -6,7 +6,7 @@ + * See COPYING file for more information. + */ + +- ++#include <stdint.h> + #include "_kiss_fft_guts.h" + /* The guts header contains all the multiplication and addition macros that are defined for + fixed or floating point complex numbers. It also delares the kf_ internal functions. +@@ -339,6 +339,10 @@ kiss_fft_cfg kiss_fft_alloc(int nfft,int inverse_fft,void * mem,size_t * lenmem + KISS_FFT_ALIGN_CHECK(mem) + + kiss_fft_cfg st=NULL; ++ // check for overflow condition {memneeded > SIZE_MAX}. ++ if (nfft >= (SIZE_MAX - 2*sizeof(struct kiss_fft_state))/sizeof(kiss_fft_cpx)) ++ return NULL; ++ + size_t memneeded = KISS_FFT_ALIGN_SIZE_UP(sizeof(struct kiss_fft_state) + + sizeof(kiss_fft_cpx)*(nfft-1)); /* twiddle factors*/ + +-- +2.47.3 + diff -Nru kissfft-131.1.0/debian/patches/0002-kiss_fftndr_alloc-check-for-overflow-and-_perhaps_-l.patch kissfft-131.1.0/debian/patches/0002-kiss_fftndr_alloc-check-for-overflow-and-_perhaps_-l.patch --- kissfft-131.1.0/debian/patches/0002-kiss_fftndr_alloc-check-for-overflow-and-_perhaps_-l.patch 1970-01-01 02:00:00.000000000 +0200 +++ kissfft-131.1.0/debian/patches/0002-kiss_fftndr_alloc-check-for-overflow-and-_perhaps_-l.patch 2026-05-07 14:01:40.000000000 +0300 @@ -0,0 +1,82 @@ +From 566bef407b555cc2a6a9b492f01676c8167b317e Mon Sep 17 00:00:00 2001 +From: Mark Borgerding <[email protected]> +Date: Sat, 31 Jan 2026 16:06:10 -0500 +Subject: kiss_fftndr_alloc: check for overflow (and _perhaps_ let combined + dims > INT_MAX) + +--- + kiss_fftndr.c | 28 ++++++++++++++++++++-------- + 1 file changed, 20 insertions(+), 8 deletions(-) + +diff --git a/kiss_fftndr.c b/kiss_fftndr.c +index e979d03..c1cd27b 100644 +--- a/kiss_fftndr.c ++++ b/kiss_fftndr.c +@@ -13,15 +13,15 @@ + struct kiss_fftndr_state + { + int dimReal; +- int dimOther; ++ size_t dimOther; + kiss_fftr_cfg cfg_r; + kiss_fftnd_cfg cfg_nd; + void * tmpbuf; + }; + +-static int prod(const int *dims, int ndims) ++static size_t prod(const int *dims, int ndims) + { +- int x=1; ++ size_t x=1; + while (ndims--) + x *= *dims++; + return x; +@@ -34,18 +34,30 @@ kiss_fftndr_cfg kiss_fftndr_alloc(const int *dims,int ndims,int inverse_fft,void + kiss_fftndr_cfg st = NULL; + size_t nr=0 , nd=0,ntmp=0; + int dimReal = dims[ndims-1]; +- int dimOther = prod(dims,ndims-1); ++ size_t dimOther = prod(dims,ndims-1); + size_t memneeded; + char * ptr = NULL; ++ int k,check; + + (void)kiss_fftr_alloc(dimReal,inverse_fft,NULL,&nr); + (void)kiss_fftnd_alloc(dims,ndims-1,inverse_fft,NULL,&nd); + ntmp = + MAX( 2*dimOther , dimReal+2) * sizeof(kiss_fft_scalar) // freq buffer for one pass +- + dimOther*(dimReal+2) * sizeof(kiss_fft_scalar); // large enough to hold entire input in case of in-place ++ + dimOther*(size_t)(dimReal+2) * sizeof(kiss_fft_scalar); // large enough to hold entire input in case of in-place + + memneeded = KISS_FFT_ALIGN_SIZE_UP(sizeof( struct kiss_fftndr_state )) + KISS_FFT_ALIGN_SIZE_UP(nr) + KISS_FFT_ALIGN_SIZE_UP(nd) + KISS_FFT_ALIGN_SIZE_UP(ntmp); + ++ /* check for overflow */ ++ check = memneeded; ++ for (k=0;k<ndims;++k) { ++ check /= dims[k]; ++ if (check <= sizeof(kiss_fft_scalar)) { ++ if (lenmem!=NULL) ++ *lenmem = (size_t)(-1); ++ return NULL; ++ } ++ } ++ + if (lenmem==NULL) { + ptr = (char*) malloc(memneeded); + }else{ +@@ -73,9 +85,9 @@ kiss_fftndr_cfg kiss_fftndr_alloc(const int *dims,int ndims,int inverse_fft,void + + void kiss_fftndr(kiss_fftndr_cfg st,const kiss_fft_scalar *timedata,kiss_fft_cpx *freqdata) + { +- int k1,k2; +- int dimReal = st->dimReal; +- int dimOther = st->dimOther; ++ size_t k1,k2; ++ size_t dimReal = (size_t)st->dimReal; ++ size_t dimOther = st->dimOther; + int nrbins = dimReal/2+1; + + kiss_fft_cpx * tmp1 = (kiss_fft_cpx*)st->tmpbuf; +-- +2.47.3 + diff -Nru kissfft-131.1.0/debian/patches/series kissfft-131.1.0/debian/patches/series --- kissfft-131.1.0/debian/patches/series 2025-09-26 00:32:11.000000000 +0300 +++ kissfft-131.1.0/debian/patches/series 2026-05-07 14:02:07.000000000 +0300 @@ -3,3 +3,5 @@ 0003-PR70.patch 0004-libm.diff cmake_4.patch +0001-check-for-overflow-on-32-bit-platform-closes-120.patch +0002-kiss_fftndr_alloc-check-for-overflow-and-_perhaps_-l.patch
