summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPeter Marko <peter.marko@siemens.com>2024-12-27 11:56:11 +0100
committerKhem Raj <raj.khem@gmail.com>2024-12-27 09:21:44 -0800
commit634cbcb91c3ab7154e0cda707663a1e4aa500f4a (patch)
treebbfe255d7768ffbc64125089f0e86aaa86e41b41
parent74cda1df0ead2515e8454f1054708132575ae1e3 (diff)
downloadmeta-openembedded-634cbcb91c3ab7154e0cda707663a1e4aa500f4a.tar.gz
audiofile: fix multiple CVEs
CVE-2017-6827 / CVE-2017-6828 / CVE-2017-6832 / CVE-2017-6833 / CVE-2017-6835 / CVE-2017-6837 Use patch from buildroot: https://github.com/buildroot/buildroot/commit/cc00bde57fc20d11f8fa4e8ec5f193c091714c55 Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
-rw-r--r--meta-oe/recipes-multimedia/audiofile/audiofile_0.3.6.bb1
-rw-r--r--meta-oe/recipes-multimedia/audiofile/files/0004-Always-check-the-number-of-coefficients.patch45
2 files changed, 46 insertions, 0 deletions
diff --git a/meta-oe/recipes-multimedia/audiofile/audiofile_0.3.6.bb b/meta-oe/recipes-multimedia/audiofile/audiofile_0.3.6.bb
index d7181e7b5..2c690437c 100644
--- a/meta-oe/recipes-multimedia/audiofile/audiofile_0.3.6.bb
+++ b/meta-oe/recipes-multimedia/audiofile/audiofile_0.3.6.bb
@@ -13,6 +13,7 @@ SRC_URI = " \
13 file://0001-fix-negative-shift-constants.patch \ 13 file://0001-fix-negative-shift-constants.patch \
14 file://0002-fix-build-on-gcc6.patch \ 14 file://0002-fix-build-on-gcc6.patch \
15 file://0003-fix-CVE-2015-7747.patch \ 15 file://0003-fix-CVE-2015-7747.patch \
16 file://0004-Always-check-the-number-of-coefficients.patch \
16" 17"
17SRC_URI[sha256sum] = "ea2449ad3f201ec590d811db9da6d02ffc5e87a677d06b92ab15363d8cb59782" 18SRC_URI[sha256sum] = "ea2449ad3f201ec590d811db9da6d02ffc5e87a677d06b92ab15363d8cb59782"
18 19
diff --git a/meta-oe/recipes-multimedia/audiofile/files/0004-Always-check-the-number-of-coefficients.patch b/meta-oe/recipes-multimedia/audiofile/files/0004-Always-check-the-number-of-coefficients.patch
new file mode 100644
index 000000000..282f4c01b
--- /dev/null
+++ b/meta-oe/recipes-multimedia/audiofile/files/0004-Always-check-the-number-of-coefficients.patch
@@ -0,0 +1,45 @@
1From c48e4c6503f7dabd41f11d4c9c7b7f8960e7f2c0 Mon Sep 17 00:00:00 2001
2From: Antonio Larrosa <larrosa@kde.org>
3Date: Mon, 6 Mar 2017 12:51:22 +0100
4Subject: [PATCH] Always check the number of coefficients
5
6When building the library with NDEBUG, asserts are eliminated
7so it's better to always check that the number of coefficients
8is inside the array range.
9
10This fixes the 00191-audiofile-indexoob issue in #41
11
12Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
13
14CVE: CVE-2017-6827
15CVE: CVE-2017-6828
16CVE: CVE-2017-6832
17CVE: CVE-2017-6833
18CVE: CVE-2017-6835
19CVE: CVE-2017-6837
20Upstream-Status: Inactive-Upstream [lastrelease: 2013]
21Signed-off-by: Peter Marko <peter.marko@siemens.com>
22---
23 libaudiofile/WAVE.cpp | 6 ++++++
24 1 file changed, 6 insertions(+)
25
26diff --git a/libaudiofile/WAVE.cpp b/libaudiofile/WAVE.cpp
27index 0e81cf7..61f9541 100644
28--- a/libaudiofile/WAVE.cpp
29+++ b/libaudiofile/WAVE.cpp
30@@ -281,6 +281,12 @@ status WAVEFile::parseFormat(const Tag &id, uint32_t size)
31
32 /* numCoefficients should be at least 7. */
33 assert(numCoefficients >= 7 && numCoefficients <= 255);
34+ if (numCoefficients < 7 || numCoefficients > 255)
35+ {
36+ _af_error(AF_BAD_HEADER,
37+ "Bad number of coefficients");
38+ return AF_FAIL;
39+ }
40
41 m_msadpcmNumCoefficients = numCoefficients;
42
43--
442.11.0
45