diff options
Diffstat (limited to 'meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2021-3246_2.patch')
| -rw-r--r-- | meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2021-3246_2.patch | 44 |
1 files changed, 44 insertions, 0 deletions
diff --git a/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2021-3246_2.patch b/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2021-3246_2.patch new file mode 100644 index 0000000000..d6b03d7d4d --- /dev/null +++ b/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2021-3246_2.patch | |||
| @@ -0,0 +1,44 @@ | |||
| 1 | From deb669ee8be55a94565f6f8a6b60890c2e7c6f32 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: bobsayshilol <bobsayshilol@live.co.uk> | ||
| 3 | Date: Thu, 18 Feb 2021 21:52:09 +0000 | ||
| 4 | Subject: [PATCH 2/2] ms_adpcm: Fix and extend size checks | ||
| 5 | |||
| 6 | 'blockalign' is the size of a block, and each block contains 7 samples | ||
| 7 | per channel as part of the preamble, so check against 'samplesperblock' | ||
| 8 | rather than 'blockalign'. Also add an additional check that the block | ||
| 9 | is big enough to hold the samples it claims to hold. | ||
| 10 | |||
| 11 | https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26803 | ||
| 12 | |||
| 13 | Upstream-Status: Backport | ||
| 14 | CVE: CVE-2021-3246 patch 2 | ||
| 15 | Signed-off-by: Armin Kuster <akuster@mvista.com> | ||
| 16 | |||
| 17 | --- | ||
| 18 | src/ms_adpcm.c | 10 ++++++++-- | ||
| 19 | 1 file changed, 8 insertions(+), 2 deletions(-) | ||
| 20 | |||
| 21 | diff --git a/src/ms_adpcm.c b/src/ms_adpcm.c | ||
| 22 | index 5e8f1a31..a21cb994 100644 | ||
| 23 | --- a/src/ms_adpcm.c | ||
| 24 | +++ b/src/ms_adpcm.c | ||
| 25 | @@ -128,8 +128,14 @@ wavlike_msadpcm_init (SF_PRIVATE *psf, int blockalign, int samplesperblock) | ||
| 26 | if (psf->file.mode == SFM_WRITE) | ||
| 27 | samplesperblock = 2 + 2 * (blockalign - 7 * psf->sf.channels) / psf->sf.channels ; | ||
| 28 | |||
| 29 | - if (blockalign < 7 * psf->sf.channels) | ||
| 30 | - { psf_log_printf (psf, "*** Error blockalign (%d) should be > %d.\n", blockalign, 7 * psf->sf.channels) ; | ||
| 31 | + /* There's 7 samples per channel in the preamble of each block */ | ||
| 32 | + if (samplesperblock < 7 * psf->sf.channels) | ||
| 33 | + { psf_log_printf (psf, "*** Error samplesperblock (%d) should be >= %d.\n", samplesperblock, 7 * psf->sf.channels) ; | ||
| 34 | + return SFE_INTERNAL ; | ||
| 35 | + } ; | ||
| 36 | + | ||
| 37 | + if (2 * blockalign < samplesperblock * psf->sf.channels) | ||
| 38 | + { psf_log_printf (psf, "*** Error blockalign (%d) should be >= %d.\n", blockalign, samplesperblock * psf->sf.channels / 2) ; | ||
| 39 | return SFE_INTERNAL ; | ||
| 40 | } ; | ||
| 41 | |||
| 42 | -- | ||
| 43 | 2.25.1 | ||
| 44 | |||