diff options
author | Armin Kuster <akuster@mvista.com> | 2021-09-14 17:04:57 -0700 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2021-09-30 00:02:22 +0100 |
commit | 874fe76b00f7a8b31477417611df9929c21c1eaf (patch) | |
tree | 382f9504c7e8247b4f3455720e038db0f85fe454 /meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2021-3246_1.patch | |
parent | eb3e28fa18a882982c6aaee9ac7a0090e746735d (diff) | |
download | poky-874fe76b00f7a8b31477417611df9929c21c1eaf.tar.gz |
libsndfile: Security fix for CVE-2021-3246
Source: https://github.com/libsndfile/libsndfile
MR: 112098
Type: Security Fix
Disposition: Backport from https://github.com/libsndfile/libsndfile/pull/713
ChangeID: 10d137de063b7a1e543ee96fbcf948945a452869
Description:
(From OE-Core rev: f999bac187a935821f8580f3c5b1d08107ba9851)
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2021-3246_1.patch')
-rw-r--r-- | meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2021-3246_1.patch | 36 |
1 files changed, 36 insertions, 0 deletions
diff --git a/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2021-3246_1.patch b/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2021-3246_1.patch new file mode 100644 index 0000000000..6354f856cb --- /dev/null +++ b/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2021-3246_1.patch | |||
@@ -0,0 +1,36 @@ | |||
1 | From a9815b3f228df00086e0a40bcc43162fc19896a1 Mon Sep 17 00:00:00 2001 | ||
2 | From: bobsayshilol <bobsayshilol@live.co.uk> | ||
3 | Date: Wed, 17 Feb 2021 23:21:48 +0000 | ||
4 | Subject: [PATCH 1/2] wavlike: Fix incorrect size check | ||
5 | |||
6 | The SF_CART_INFO_16K struct has an additional 4 byte field to hold | ||
7 | the size of 'tag_text' which the file header doesn't, so don't | ||
8 | include it as part of the check when looking for the max length. | ||
9 | |||
10 | https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26026 | ||
11 | |||
12 | Upstream-Status: Backport | ||
13 | CVE: CVE-2021-3246 patch 1 | ||
14 | Signed-off-by: Armin Kuster <akuster@mvista.com> | ||
15 | |||
16 | --- | ||
17 | src/wavlike.c | 6 +++++- | ||
18 | 1 file changed, 5 insertions(+), 1 deletion(-) | ||
19 | |||
20 | Index: libsndfile-1.0.28/src/wavlike.c | ||
21 | =================================================================== | ||
22 | --- libsndfile-1.0.28.orig/src/wavlike.c | ||
23 | +++ libsndfile-1.0.28/src/wavlike.c | ||
24 | @@ -803,7 +803,11 @@ wavlike_read_cart_chunk (SF_PRIVATE *psf | ||
25 | return 0 ; | ||
26 | } ; | ||
27 | |||
28 | - if (chunksize >= sizeof (SF_CART_INFO_16K)) | ||
29 | + /* | ||
30 | + ** SF_CART_INFO_16K has an extra field 'tag_text_size' that isn't part | ||
31 | + ** of the chunk, so don't include it in the size check. | ||
32 | + */ | ||
33 | + if (chunksize >= sizeof (SF_CART_INFO_16K) - 4) | ||
34 | { psf_log_printf (psf, "cart : %u too big to be handled\n", chunksize) ; | ||
35 | psf_binheader_readf (psf, "j", chunksize) ; | ||
36 | return 0 ; | ||