diff options
| author | Tanu Kaskinen <tanuk@iki.fi> | 2015-12-12 04:23:12 +0200 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2015-12-16 12:12:15 +0000 |
| commit | 2e3a17291cad321a24eb2bef1084d4cc3944ccd4 (patch) | |
| tree | ec626dfb7c060cfe3788e6436fe2bc38894fca4b /meta/recipes-multimedia/libsndfile/files/0001-src-sd2.c-Fix-two-potential-buffer-read-overflows.patch | |
| parent | df183525a5f84b8edea9e98df67052339d01040f (diff) | |
| download | poky-2e3a17291cad321a24eb2bef1084d4cc3944ccd4.tar.gz | |
libsndfile1: 1.0.25 -> 1.0.26
Main points from the release announcement:
* Fix for CVE-2014-9496, SD2 buffer read overflow.
* Fix for CVE-2014-9756, file_io.c divide by zero.
* Fix for CVE-2015-7805, AIFF heap write overflow.
* Add support for ALAC encoder in a CAF container.
* Add support for Cart chunks in WAV files.
* Minor bug fixes and improvements.
All patches we had are included in the new release.
Dropped PR from the recipe.
(From OE-Core rev: 5a4b8f7f643a4b95a7036eab02c7f74aa4077982)
Signed-off-by: Tanu Kaskinen <tanuk@iki.fi>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-multimedia/libsndfile/files/0001-src-sd2.c-Fix-two-potential-buffer-read-overflows.patch')
| -rw-r--r-- | meta/recipes-multimedia/libsndfile/files/0001-src-sd2.c-Fix-two-potential-buffer-read-overflows.patch | 49 |
1 files changed, 0 insertions, 49 deletions
diff --git a/meta/recipes-multimedia/libsndfile/files/0001-src-sd2.c-Fix-two-potential-buffer-read-overflows.patch b/meta/recipes-multimedia/libsndfile/files/0001-src-sd2.c-Fix-two-potential-buffer-read-overflows.patch deleted file mode 100644 index fa6473d4f8..0000000000 --- a/meta/recipes-multimedia/libsndfile/files/0001-src-sd2.c-Fix-two-potential-buffer-read-overflows.patch +++ /dev/null | |||
| @@ -1,49 +0,0 @@ | |||
| 1 | From dbe14f00030af5d3577f4cabbf9861db59e9c378 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Erik de Castro Lopo <erikd@mega-nerd.com> | ||
| 3 | Date: Thu, 25 Dec 2014 19:23:12 +1100 | ||
| 4 | Subject: [PATCH] src/sd2.c : Fix two potential buffer read overflows. | ||
| 5 | |||
| 6 | (Upstream commit dbe14f00030af5d3577f4cabbf9861db59e9c378) | ||
| 7 | |||
| 8 | Closes: https://github.com/erikd/libsndfile/issues/93 | ||
| 9 | |||
| 10 | Upstream-Status: Backport | ||
| 11 | |||
| 12 | Signed-off-by: Yue Tao <yue.tao@windriver.com> | ||
| 13 | --- | ||
| 14 | src/sd2.c | 12 +++++++++++- | ||
| 15 | 1 file changed, 11 insertions(+), 1 deletion(-) | ||
| 16 | |||
| 17 | diff --git a/src/sd2.c b/src/sd2.c | ||
| 18 | index 0b4e5af..a70a1f1 100644 | ||
| 19 | --- a/src/sd2.c | ||
| 20 | +++ b/src/sd2.c | ||
| 21 | @@ -517,6 +517,11 @@ sd2_parse_rsrc_fork (SF_PRIVATE *psf) | ||
| 22 | |||
| 23 | rsrc.type_offset = rsrc.map_offset + 30 ; | ||
| 24 | |||
| 25 | + if (rsrc.map_offset + 28 > rsrc.rsrc_len) | ||
| 26 | + { psf_log_printf (psf, "Bad map offset.\n") ; | ||
| 27 | + goto parse_rsrc_fork_cleanup ; | ||
| 28 | + } ; | ||
| 29 | + | ||
| 30 | rsrc.type_count = read_rsrc_short (&rsrc, rsrc.map_offset + 28) + 1 ; | ||
| 31 | if (rsrc.type_count < 1) | ||
| 32 | { psf_log_printf (psf, "Bad type count.\n") ; | ||
| 33 | @@ -533,7 +538,12 @@ sd2_parse_rsrc_fork (SF_PRIVATE *psf) | ||
| 34 | |||
| 35 | rsrc.str_index = -1 ; | ||
| 36 | for (k = 0 ; k < rsrc.type_count ; k ++) | ||
| 37 | - { marker = read_rsrc_marker (&rsrc, rsrc.type_offset + k * 8) ; | ||
| 38 | + { if (rsrc.type_offset + k * 8 > rsrc.rsrc_len) | ||
| 39 | + { psf_log_printf (psf, "Bad rsrc marker.\n") ; | ||
| 40 | + goto parse_rsrc_fork_cleanup ; | ||
| 41 | + } ; | ||
| 42 | + | ||
| 43 | + marker = read_rsrc_marker (&rsrc, rsrc.type_offset + k * 8) ; | ||
| 44 | |||
| 45 | if (marker == STR_MARKER) | ||
| 46 | { rsrc.str_index = k ; | ||
| 47 | -- | ||
| 48 | 1.7.9.5 | ||
| 49 | |||