summaryrefslogtreecommitdiffstats
path: root/meta/recipes-multimedia/libsndfile
diff options
context:
space:
mode:
authorMaxin B. John <maxin.john@intel.com>2015-11-05 17:56:09 +0200
committerRichard Purdie <richard.purdie@linuxfoundation.org>2015-11-25 07:50:33 +0000
commit6c3f68039d104e23f1267dedfec4aad3fb9fb3ae (patch)
tree2379de6728a43a53e8b8ddb0ab2d3672cd991304 /meta/recipes-multimedia/libsndfile
parentaa07eb161c229eef6b8852203103c18766e2e369 (diff)
downloadpoky-6c3f68039d104e23f1267dedfec4aad3fb9fb3ae.tar.gz
libsndfile: fix CVE-2014-9756
Fix divide by zero bug (CVE-2014-9756) (From OE-Core rev: f47cf07ab9d00ed7eddc8e867138481f7bd2bb7d) Signed-off-by: Maxin B. John <maxin.john@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-multimedia/libsndfile')
-rw-r--r--meta/recipes-multimedia/libsndfile/files/libsndfile-fix-CVE-2014-9756.patch24
-rw-r--r--meta/recipes-multimedia/libsndfile/libsndfile1_1.0.25.bb1
2 files changed, 25 insertions, 0 deletions
diff --git a/meta/recipes-multimedia/libsndfile/files/libsndfile-fix-CVE-2014-9756.patch b/meta/recipes-multimedia/libsndfile/files/libsndfile-fix-CVE-2014-9756.patch
new file mode 100644
index 0000000000..b54b3ba669
--- /dev/null
+++ b/meta/recipes-multimedia/libsndfile/files/libsndfile-fix-CVE-2014-9756.patch
@@ -0,0 +1,24 @@
1src/file_io.c : Prevent potential divide-by-zero.
2
3Closes: https://github.com/erikd/libsndfile/issues/92
4
5Upstream-Status: Backport
6
7Fixes CVE-2014-9756
8
9Signed-off-by: Erik de Castro Lopo <erikd@mega-nerd.com>
10Signed-off-by: Maxin B. John <maxin.john@intel.com>
11---
12diff -Naur libsndfile-1.0.25-orig/src/file_io.c libsndfile-1.0.25/src/file_io.c
13--- libsndfile-1.0.25-orig/src/file_io.c 2011-01-19 12:12:28.000000000 +0200
14+++ libsndfile-1.0.25/src/file_io.c 2015-11-04 15:02:04.337395618 +0200
15@@ -358,6 +358,9 @@
16 { sf_count_t total = 0 ;
17 ssize_t count ;
18
19+ if (bytes == 0 || items == 0)
20+ return 0 ;
21+
22 if (psf->virtual_io)
23 return psf->vio.write (ptr, bytes*items, psf->vio_user_data) / bytes ;
24
diff --git a/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.25.bb b/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.25.bb
index 3e02f4ea78..be875c227b 100644
--- a/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.25.bb
+++ b/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.25.bb
@@ -9,6 +9,7 @@ PR = "r2"
9SRC_URI = "http://www.mega-nerd.com/libsndfile/files/libsndfile-${PV}.tar.gz \ 9SRC_URI = "http://www.mega-nerd.com/libsndfile/files/libsndfile-${PV}.tar.gz \
10 file://0001-src-sd2.c-Fix-segfault-in-SD2-RSRC-parser.patch \ 10 file://0001-src-sd2.c-Fix-segfault-in-SD2-RSRC-parser.patch \
11 file://0001-src-sd2.c-Fix-two-potential-buffer-read-overflows.patch \ 11 file://0001-src-sd2.c-Fix-two-potential-buffer-read-overflows.patch \
12 file://libsndfile-fix-CVE-2014-9756.patch \
12" 13"
13 14
14SRC_URI[md5sum] = "e2b7bb637e01022c7d20f95f9c3990a2" 15SRC_URI[md5sum] = "e2b7bb637e01022c7d20f95f9c3990a2"