diff options
Diffstat (limited to 'meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2018-19758.patch')
-rw-r--r-- | meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2018-19758.patch | 34 |
1 files changed, 0 insertions, 34 deletions
diff --git a/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2018-19758.patch b/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2018-19758.patch deleted file mode 100644 index c3586f9dfc..0000000000 --- a/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2018-19758.patch +++ /dev/null | |||
@@ -1,34 +0,0 @@ | |||
1 | There is a heap-based buffer over-read at wav.c in wav_write_header in | ||
2 | libsndfile 1.0.28 that will cause a denial of service. | ||
3 | |||
4 | CVE: CVE-2018-19758 | ||
5 | Upstream-Status: Backport [42132c543358cee9f7c3e9e9b15bb6c1063a608e] | ||
6 | Signed-off-by: Ross Burton <ross.burton@intel.com> | ||
7 | |||
8 | From c12173b0197dd0c5cfa2cd27977e982d2ae59486 Mon Sep 17 00:00:00 2001 | ||
9 | From: Erik de Castro Lopo <erikd@mega-nerd.com> | ||
10 | Date: Tue, 1 Jan 2019 20:11:46 +1100 | ||
11 | Subject: [PATCH] src/wav.c: Fix heap read overflow | ||
12 | |||
13 | This is CVE-2018-19758. | ||
14 | |||
15 | Closes: https://github.com/erikd/libsndfile/issues/435 | ||
16 | --- | ||
17 | src/wav.c | 2 ++ | ||
18 | 1 file changed, 2 insertions(+) | ||
19 | |||
20 | diff --git a/src/wav.c b/src/wav.c | ||
21 | index e8405b55..6fb94ae8 100644 | ||
22 | --- a/src/wav.c | ||
23 | +++ b/src/wav.c | ||
24 | @@ -1094,6 +1094,8 @@ wav_write_header (SF_PRIVATE *psf, int calc_length) | ||
25 | psf_binheader_writef (psf, "44", 0, 0) ; /* SMTPE format */ | ||
26 | psf_binheader_writef (psf, "44", psf->instrument->loop_count, 0) ; | ||
27 | |||
28 | + /* Loop count is signed 16 bit number so we limit it range to something sensible. */ | ||
29 | + psf->instrument->loop_count &= 0x7fff ; | ||
30 | for (tmp = 0 ; tmp < psf->instrument->loop_count ; tmp++) | ||
31 | { int type ; | ||
32 | |||
33 | -- | ||
34 | 2.11.0 | ||