libsndfile1: CVE-2017-14634

double64_init: Check psf->sf.channels against upper bound This prevents division by zero later in the code. While the trivial case to catch this (i.e. sf.channels < 1) has already been covered, a crafted file may report a number of channels that is so high (i.e. > INT_MAX/sizeof(double)) that it "somehow" gets miscalculated to zero (if this makes sense) in the determination of the blockwidth. Since we only support a limited number of channels anyway, make sure to check here as well. CVE-2017-14634 Closes: #318 Affects libsndfile1 = 1.0.28 (From OE-Core rev: eee93149a49274dc3deed7d89754ee4bda240575) Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com> 2018-08-22 17:30:30 +0530
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2018-08-23 07:50:01 +0100
commit: 2128c21a0cffea13c36f0c4453213e005cfb0a60 (patch)
tree: f2afd71d522387eadfccdfdcb016814b232ba18c /meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb
parent: ae3da5fa84b4779b4596eb1f53d6eb64780d4e38 (diff)
download: poky-2128c21a0cffea13c36f0c4453213e005cfb0a60.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb b/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb
index c6f2a460b2..ed43b7494e 100644
--- a/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb
+++ b/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb
@@ -11,6 +11,7 @@ SRC_URI = "http://www.mega-nerd.com/libsndfile/files/libsndfile-${PV}.tar.gz \
           file://CVE-2017-8362.patch \
           file://CVE-2017-8363.patch \
           file://CVE-2017-14245-14246.patch \
+           file://CVE-2017-14634.patch \
          "
 SRC_URI[md5sum] = "646b5f98ce89ac60cdb060fcd398247c"
author	Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com>	2018-08-22 17:30:30 +0530
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2018-08-23 07:50:01 +0100
commit	2128c21a0cffea13c36f0c4453213e005cfb0a60 (patch)
tree	f2afd71d522387eadfccdfdcb016814b232ba18c /meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb
parent	ae3da5fa84b4779b4596eb1f53d6eb64780d4e38 (diff)
download	poky-2128c21a0cffea13c36f0c4453213e005cfb0a60.tar.gz

diff --git a/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb b/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb index c6f2a460b2..ed43b7494e 100644 --- a/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb +++ b/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb
@@ -11,6 +11,7 @@ SRC_URI = "http://www.mega-nerd.com/libsndfile/files/libsndfile-${PV}.tar.gz \
11	file://CVE-2017-8362.patch \	11	file://CVE-2017-8362.patch \
12	file://CVE-2017-8363.patch \	12	file://CVE-2017-8363.patch \
13	file://CVE-2017-14245-14246.patch \	13	file://CVE-2017-14245-14246.patch \
		14	file://CVE-2017-14634.patch \
14	"	15	"
15		16
16	SRC_URI[md5sum] = "646b5f98ce89ac60cdb060fcd398247c"	17	SRC_URI[md5sum] = "646b5f98ce89ac60cdb060fcd398247c"