diff options
| author | Gyorgy Sarvari <skandigraun@gmail.com> | 2025-10-16 11:32:39 +0200 |
|---|---|---|
| committer | Gyorgy Sarvari <skandigraun@gmail.com> | 2025-10-17 10:51:27 +0200 |
| commit | a84d3730851c391aa7fdb02eadd129395ca54060 (patch) | |
| tree | 2d308a88d34aa63cbb34a369a88fc2153c87a320 | |
| parent | 3396d38876d0d344a190bc057995b91868077444 (diff) | |
| download | meta-openembedded-a84d3730851c391aa7fdb02eadd129395ca54060.tar.gz | |
faad2: patch CVE-2021-32272
Details: https://nvd.nist.gov/vuln/detail/CVE-2021-32272
Pick the patch that is mentioned in the ncv report.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
| -rw-r--r-- | meta-oe/recipes-multimedia/faad2/faad2/0001-fix-heap-buffer-overflow-in-mp4read.c.patch | 37 | ||||
| -rw-r--r-- | meta-oe/recipes-multimedia/faad2/faad2_2.8.8.bb | 4 |
2 files changed, 40 insertions, 1 deletions
diff --git a/meta-oe/recipes-multimedia/faad2/faad2/0001-fix-heap-buffer-overflow-in-mp4read.c.patch b/meta-oe/recipes-multimedia/faad2/faad2/0001-fix-heap-buffer-overflow-in-mp4read.c.patch new file mode 100644 index 0000000000..c739e82fb0 --- /dev/null +++ b/meta-oe/recipes-multimedia/faad2/faad2/0001-fix-heap-buffer-overflow-in-mp4read.c.patch | |||
| @@ -0,0 +1,37 @@ | |||
| 1 | From 57850acf9d40fc2898ded492b9ce942110d0c426 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Fabian Greffrath <fabian@greffrath.com> | ||
| 3 | Date: Mon, 31 Aug 2020 10:00:37 +0200 | ||
| 4 | Subject: [PATCH] fix heap-buffer-overflow in mp4read.c | ||
| 5 | |||
| 6 | This originated from an integer overflow: If mp4config.frame.ents | ||
| 7 | would be read-in with a value of (uint32t)(-1), it would overflow to 0 | ||
| 8 | in the size calculation for the allocation in the next line. The | ||
| 9 | malloc() function would then successfully return a pointer to a memory | ||
| 10 | region of size 0, which will cause a segfault when written to. | ||
| 11 | |||
| 12 | Fixes #57. | ||
| 13 | |||
| 14 | CVE: CVE-2021-32272 | ||
| 15 | Upstream-Status: Backport [https://github.com/knik0/faad2/commit/1b71a6ba963d131375f5e489b3b25e36f19f3f24] | ||
| 16 | |||
| 17 | Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> | ||
| 18 | --- | ||
| 19 | frontend/mp4read.c | 5 ++++- | ||
| 20 | 1 file changed, 4 insertions(+), 1 deletion(-) | ||
| 21 | |||
| 22 | diff --git a/frontend/mp4read.c b/frontend/mp4read.c | ||
| 23 | index 9767383..5dc36b7 100644 | ||
| 24 | --- a/frontend/mp4read.c | ||
| 25 | +++ b/frontend/mp4read.c | ||
| 26 | @@ -340,7 +340,10 @@ static int stszin(int size) | ||
| 27 | // Number of entries | ||
| 28 | mp4config.frame.ents = u32in(); | ||
| 29 | // fixme error checking | ||
| 30 | - // fixme: check atom size | ||
| 31 | + | ||
| 32 | + if (!(mp4config.frame.ents + 1)) | ||
| 33 | + return ERR_FAIL; | ||
| 34 | + | ||
| 35 | mp4config.frame.data = malloc(sizeof(*mp4config.frame.data) | ||
| 36 | * (mp4config.frame.ents + 1)); | ||
| 37 | ofs = 0; | ||
diff --git a/meta-oe/recipes-multimedia/faad2/faad2_2.8.8.bb b/meta-oe/recipes-multimedia/faad2/faad2_2.8.8.bb index 56d5e1201e..d70c18f43d 100644 --- a/meta-oe/recipes-multimedia/faad2/faad2_2.8.8.bb +++ b/meta-oe/recipes-multimedia/faad2/faad2_2.8.8.bb | |||
| @@ -7,7 +7,9 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=381c8cbe277a7bc1ee2ae6083a04c958" | |||
| 7 | 7 | ||
| 8 | LICENSE_FLAGS = "commercial" | 8 | LICENSE_FLAGS = "commercial" |
| 9 | 9 | ||
| 10 | SRC_URI = "${SOURCEFORGE_MIRROR}/faac/faad2-src/faad2-2.8.0/${BP}.tar.gz" | 10 | SRC_URI = "${SOURCEFORGE_MIRROR}/faac/faad2-src/faad2-2.8.0/${BP}.tar.gz \ |
| 11 | file://0001-fix-heap-buffer-overflow-in-mp4read.c.patch \ | ||
| 12 | " | ||
| 11 | SRC_URI[md5sum] = "28f6116efdbe9378269f8a6221767d1f" | 13 | SRC_URI[md5sum] = "28f6116efdbe9378269f8a6221767d1f" |
| 12 | SRC_URI[sha256sum] = "985c3fadb9789d2815e50f4ff714511c79c2710ac27a4aaaf5c0c2662141426d" | 14 | SRC_URI[sha256sum] = "985c3fadb9789d2815e50f4ff714511c79c2710ac27a4aaaf5c0c2662141426d" |
| 13 | 15 | ||