diff options
author | Changqing Li <changqing.li@windriver.com> | 2019-02-20 16:54:20 +0800 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2019-02-25 16:35:33 +0000 |
commit | ae9160e099e9b23f1b756020d78db46052a1dca6 (patch) | |
tree | 34e3b1b764d28e423447fda832557db5b7bad26e | |
parent | 1efe414a67de27ac2e045e0ed6209e33cdeb7ec0 (diff) | |
download | poky-ae9160e099e9b23f1b756020d78db46052a1dca6.tar.gz |
libsndfile1: Security fix CVE-2018-19432
(From OE-Core rev: 6f010c9b7777aae5ce2108122d0c6d3b1d630a21)
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r-- | meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2018-19432.patch | 115 | ||||
-rw-r--r-- | meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb | 1 |
2 files changed, 116 insertions, 0 deletions
diff --git a/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2018-19432.patch b/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2018-19432.patch new file mode 100644 index 0000000000..8ded2c0f85 --- /dev/null +++ b/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2018-19432.patch | |||
@@ -0,0 +1,115 @@ | |||
1 | From 6f3266277bed16525f0ac2f0f03ff4626f1923e5 Mon Sep 17 00:00:00 2001 | ||
2 | From: Erik de Castro Lopo <erikd@mega-nerd.com> | ||
3 | Date: Thu, 8 Mar 2018 18:00:21 +1100 | ||
4 | Subject: [PATCH] Fix max channel count bug | ||
5 | |||
6 | The code was allowing files to be written with a channel count of exactly | ||
7 | `SF_MAX_CHANNELS` but was failing to read some file formats with the same | ||
8 | channel count. | ||
9 | |||
10 | Upstream-Status: Backport [https://github.com/erikd/libsndfile/ | ||
11 | commit/6f3266277bed16525f0ac2f0f03ff4626f1923e5] | ||
12 | |||
13 | CVE: CVE-2018-19432 | ||
14 | |||
15 | Signed-off-by: Changqing Li <changqing.li@windriver.com> | ||
16 | |||
17 | --- | ||
18 | src/aiff.c | 6 +++--- | ||
19 | src/rf64.c | 4 ++-- | ||
20 | src/w64.c | 4 ++-- | ||
21 | src/wav.c | 4 ++-- | ||
22 | 4 files changed, 9 insertions(+), 9 deletions(-) | ||
23 | |||
24 | diff --git a/src/aiff.c b/src/aiff.c | ||
25 | index fbd43cb..6386bce 100644 | ||
26 | --- a/src/aiff.c | ||
27 | +++ b/src/aiff.c | ||
28 | @@ -1,5 +1,5 @@ | ||
29 | /* | ||
30 | -** Copyright (C) 1999-2016 Erik de Castro Lopo <erikd@mega-nerd.com> | ||
31 | +** Copyright (C) 1999-2018 Erik de Castro Lopo <erikd@mega-nerd.com> | ||
32 | ** Copyright (C) 2005 David Viens <davidv@plogue.com> | ||
33 | ** | ||
34 | ** This program is free software; you can redistribute it and/or modify | ||
35 | @@ -950,7 +950,7 @@ aiff_read_header (SF_PRIVATE *psf, COMM_ | ||
36 | if (psf->sf.channels < 1) | ||
37 | return SFE_CHANNEL_COUNT_ZERO ; | ||
38 | |||
39 | - if (psf->sf.channels >= SF_MAX_CHANNELS) | ||
40 | + if (psf->sf.channels > SF_MAX_CHANNELS) | ||
41 | return SFE_CHANNEL_COUNT ; | ||
42 | |||
43 | if (! (found_chunk & HAVE_FORM)) | ||
44 | @@ -1030,7 +1030,7 @@ aiff_read_comm_chunk (SF_PRIVATE *psf, C | ||
45 | psf_log_printf (psf, " Sample Rate : %d\n", samplerate) ; | ||
46 | psf_log_printf (psf, " Frames : %u%s\n", comm_fmt->numSampleFrames, (comm_fmt->numSampleFrames == 0 && psf->filelength > 104) ? " (Should not be 0)" : "") ; | ||
47 | |||
48 | - if (comm_fmt->numChannels < 1 || comm_fmt->numChannels >= SF_MAX_CHANNELS) | ||
49 | + if (comm_fmt->numChannels < 1 || comm_fmt->numChannels > SF_MAX_CHANNELS) | ||
50 | { psf_log_printf (psf, " Channels : %d (should be >= 1 and < %d)\n", comm_fmt->numChannels, SF_MAX_CHANNELS) ; | ||
51 | return SFE_CHANNEL_COUNT_BAD ; | ||
52 | } ; | ||
53 | diff --git a/src/rf64.c b/src/rf64.c | ||
54 | index d57f0f3..876cd45 100644 | ||
55 | --- a/src/rf64.c | ||
56 | +++ b/src/rf64.c | ||
57 | @@ -1,5 +1,5 @@ | ||
58 | /* | ||
59 | -** Copyright (C) 2008-2017 Erik de Castro Lopo <erikd@mega-nerd.com> | ||
60 | +** Copyright (C) 2008-2018 Erik de Castro Lopo <erikd@mega-nerd.com> | ||
61 | ** Copyright (C) 2009 Uli Franke <cls@nebadje.org> | ||
62 | ** | ||
63 | ** This program is free software; you can redistribute it and/or modify | ||
64 | @@ -382,7 +382,7 @@ rf64_read_header (SF_PRIVATE *psf, int * | ||
65 | if (psf->sf.channels < 1) | ||
66 | return SFE_CHANNEL_COUNT_ZERO ; | ||
67 | |||
68 | - if (psf->sf.channels >= SF_MAX_CHANNELS) | ||
69 | + if (psf->sf.channels > SF_MAX_CHANNELS) | ||
70 | return SFE_CHANNEL_COUNT ; | ||
71 | |||
72 | /* WAVs can be little or big endian */ | ||
73 | diff --git a/src/w64.c b/src/w64.c | ||
74 | index 939b716..a37d2c5 100644 | ||
75 | --- a/src/w64.c | ||
76 | +++ b/src/w64.c | ||
77 | @@ -1,5 +1,5 @@ | ||
78 | /* | ||
79 | -** Copyright (C) 1999-2016 Erik de Castro Lopo <erikd@mega-nerd.com> | ||
80 | +** Copyright (C) 1999-2018 Erik de Castro Lopo <erikd@mega-nerd.com> | ||
81 | ** | ||
82 | ** This program is free software; you can redistribute it and/or modify | ||
83 | ** it under the terms of the GNU Lesser General Public License as published by | ||
84 | @@ -383,7 +383,7 @@ w64_read_header (SF_PRIVATE *psf, int *b | ||
85 | if (psf->sf.channels < 1) | ||
86 | return SFE_CHANNEL_COUNT_ZERO ; | ||
87 | |||
88 | - if (psf->sf.channels >= SF_MAX_CHANNELS) | ||
89 | + if (psf->sf.channels > SF_MAX_CHANNELS) | ||
90 | return SFE_CHANNEL_COUNT ; | ||
91 | |||
92 | psf->endian = SF_ENDIAN_LITTLE ; /* All W64 files are little endian. */ | ||
93 | diff --git a/src/wav.c b/src/wav.c | ||
94 | index 7bd97bc..dc97545 100644 | ||
95 | --- a/src/wav.c | ||
96 | +++ b/src/wav.c | ||
97 | @@ -1,5 +1,5 @@ | ||
98 | /* | ||
99 | -** Copyright (C) 1999-2016 Erik de Castro Lopo <erikd@mega-nerd.com> | ||
100 | +** Copyright (C) 1999-2018 Erik de Castro Lopo <erikd@mega-nerd.com> | ||
101 | ** Copyright (C) 2004-2005 David Viens <davidv@plogue.com> | ||
102 | ** | ||
103 | ** This program is free software; you can redistribute it and/or modify | ||
104 | @@ -627,7 +627,7 @@ wav_read_header (SF_PRIVATE *psf, int *b | ||
105 | if (psf->sf.channels < 1) | ||
106 | return SFE_CHANNEL_COUNT_ZERO ; | ||
107 | |||
108 | - if (psf->sf.channels >= SF_MAX_CHANNELS) | ||
109 | + if (psf->sf.channels > SF_MAX_CHANNELS) | ||
110 | return SFE_CHANNEL_COUNT ; | ||
111 | |||
112 | if (format != WAVE_FORMAT_PCM && (parsestage & HAVE_fact) == 0) | ||
113 | -- | ||
114 | 1.7.9.5 | ||
115 | |||
diff --git a/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb b/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb index 13248f5cb7..9700f4a6e7 100644 --- a/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb +++ b/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb | |||
@@ -14,6 +14,7 @@ SRC_URI = "http://www.mega-nerd.com/libsndfile/files/libsndfile-${PV}.tar.gz \ | |||
14 | file://CVE-2017-14634.patch \ | 14 | file://CVE-2017-14634.patch \ |
15 | file://CVE-2018-13139.patch \ | 15 | file://CVE-2018-13139.patch \ |
16 | file://0001-a-ulaw-fix-multiple-buffer-overflows-432.patch \ | 16 | file://0001-a-ulaw-fix-multiple-buffer-overflows-432.patch \ |
17 | file://CVE-2018-19432.patch \ | ||
17 | " | 18 | " |
18 | 19 | ||
19 | SRC_URI[md5sum] = "646b5f98ce89ac60cdb060fcd398247c" | 20 | SRC_URI[md5sum] = "646b5f98ce89ac60cdb060fcd398247c" |