1 files changed, 42 insertions, 0 deletions
diff --git a/meta/recipes-multimedia/libvorbis/libvorbis/CVE-2017-14633.patch b/meta/recipes-multimedia/libvorbis/libvorbis/CVE-2017-14633.patch
new file mode 100644
index 0000000000..9c9e688d43
--- /dev/null
+++ b/meta/recipes-multimedia/libvorbis/libvorbis/CVE-2017-14633.patch
@@ -0,0 +1,42 @@
+From 07eda55f336e5c44dfc0e4a1e21628faed7255fa Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Guido=20G=C3=BCnther?= <agx@sigxcpu.org>
+Date: Tue, 31 Oct 2017 18:32:46 +0100
+Subject: [PATCH] CVE-2017-14633: Don't allow for more than 256 channels
+Otherwise
+ for(i=0;i<vi->channels;i++){
+      /* the encoder setup assumes that all the modes used by any
+         specific bitrate tweaking use the same floor */
+      int submap=info->chmuxlist[i];
+overreads later in mapping0_forward since chmuxlist is a fixed array of
+256 elements max.
+Upstream-Status: Backport
+CVE: CVE-2017-14633
+Reference to upstream patch:
+https://git.xiph.org/?p=vorbis.git;a=commitdiff;h=667ceb4aab60c1f74060143bb24e5f427b3cce5f
+Signed-off-by: Tanu Kaskinen <tanuk@iki.fi>
+---
+ lib/info.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+diff --git a/lib/info.c b/lib/info.c
+index e447a0c..81b7557 100644
+--- a/lib/info.c
+++ b/lib/info.c
+@@ -583,7 +583,7 @@ int vorbis_analysis_headerout(vorbis_dsp_state *v,
+   oggpack_buffer opb;
+   private_state *b=v->backend_state;
+ 
+-  if(!b||vi->channels<=0){
+  if(!b||vi->channels<=0||vi->channels>256){
+     ret=OV_EFAULT;
+     goto err_out;
+   }
+-- 
+2.16.2

diff --git a/meta/recipes-multimedia/libvorbis/libvorbis/CVE-2017-14633.patch b/meta/recipes-multimedia/libvorbis/libvorbis/CVE-2017-14633.patch new file mode 100644 index 0000000000..9c9e688d43 --- /dev/null +++ b/meta/recipes-multimedia/libvorbis/libvorbis/CVE-2017-14633.patch
@@ -0,0 +1,42 @@
	1	From 07eda55f336e5c44dfc0e4a1e21628faed7255fa Mon Sep 17 00:00:00 2001
	2	From: =?UTF-8?q?Guido=20G=C3=BCnther?= <agx@sigxcpu.org>
	3	Date: Tue, 31 Oct 2017 18:32:46 +0100
	4	Subject: [PATCH] CVE-2017-14633: Don't allow for more than 256 channels
	5
	6	Otherwise
	7
	8	for(i=0;i<vi->channels;i++){
	9	/* the encoder setup assumes that all the modes used by any
	10	specific bitrate tweaking use the same floor */
	11	int submap=info->chmuxlist[i];
	12
	13	overreads later in mapping0_forward since chmuxlist is a fixed array of
	14	256 elements max.
	15
	16	Upstream-Status: Backport
	17	CVE: CVE-2017-14633
	18
	19	Reference to upstream patch:
	20	https://git.xiph.org/?p=vorbis.git;a=commitdiff;h=667ceb4aab60c1f74060143bb24e5f427b3cce5f
	21
	22	Signed-off-by: Tanu Kaskinen <tanuk@iki.fi>
	23	---
	24	lib/info.c \| 2 +-
	25	1 file changed, 1 insertion(+), 1 deletion(-)
	26
	27	diff --git a/lib/info.c b/lib/info.c
	28	index e447a0c..81b7557 100644
	29	--- a/lib/info.c
	30	+++ b/lib/info.c
	31	@@ -583,7 +583,7 @@ int vorbis_analysis_headerout(vorbis_dsp_state *v,
	32	oggpack_buffer opb;
	33	private_state *b=v->backend_state;
	34
	35	- if(!b\|\|vi->channels<=0){
	36	+ if(!b\|\|vi->channels<=0\|\|vi->channels>256){
	37	ret=OV_EFAULT;
	38	goto err_out;
	39	}
	40	--
	41	2.16.2
	42