mirror of
https://github.com/openembedded/meta-openembedded.git
synced 2026-07-17 04:37:19 +00:00
vlc: patch CVE-2024-46461
Details: https://nvd.nist.gov/vuln/detail/CVE-2024-46461 Backport the patch mentioned in the news[1] that fixes this vulnerabililty. https://code.videolan.org/videolan/vlc/-/blob/3.0.21/NEWS?ref_type=tags#L44 Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
This commit is contained in:
@@ -0,0 +1,44 @@
|
|||||||
|
From aafb226321a525169fd68bf4708e7c6f15e4307a Mon Sep 17 00:00:00 2001
|
||||||
|
From: Thomas Guillem <thomas@gllm.fr>
|
||||||
|
Date: Tue, 9 Jan 2024 06:58:39 +0100
|
||||||
|
Subject: [PATCH] mms: fix potential integer overflow
|
||||||
|
|
||||||
|
That could lead to a heap buffer overflow.
|
||||||
|
|
||||||
|
Thanks Andreas Fobian for the security report.
|
||||||
|
|
||||||
|
(cherry picked from commit 467b24dd0f9b0b3d8ba11dd813b393892f7f1ed2)
|
||||||
|
Signed-off-by: Jean-Baptiste Kempf <jb@videolan.org>
|
||||||
|
|
||||||
|
CVE: CVE-2024-46461
|
||||||
|
Upstream-Status: Backport [https://code.videolan.org/videolan/vlc/-/commit/e7f98f3632d793c3921bfe72595721af191e670e]
|
||||||
|
(cherry picked from commit e7f98f3632d793c3921bfe72595721af191e670e)
|
||||||
|
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
|
||||||
|
---
|
||||||
|
modules/access/mms/mmstu.c | 8 +++++---
|
||||||
|
1 file changed, 5 insertions(+), 3 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/modules/access/mms/mmstu.c b/modules/access/mms/mmstu.c
|
||||||
|
index f795b0bd43..f10e38cd43 100644
|
||||||
|
--- a/modules/access/mms/mmstu.c
|
||||||
|
+++ b/modules/access/mms/mmstu.c
|
||||||
|
@@ -1316,14 +1316,16 @@ static int mms_ParsePacket( stream_t *p_access,
|
||||||
|
|
||||||
|
if( i_packet_id == p_sys->i_header_packet_id_type )
|
||||||
|
{
|
||||||
|
- uint8_t *p_reaced = realloc( p_sys->p_header,
|
||||||
|
- p_sys->i_header + i_packet_length - 8 );
|
||||||
|
+ size_t new_header_size;
|
||||||
|
+ if( add_overflow( p_sys->i_header, i_packet_length, &new_header_size ) )
|
||||||
|
+ return -1;
|
||||||
|
+ uint8_t *p_reaced = realloc( p_sys->p_header, new_header_size );
|
||||||
|
if( !p_reaced )
|
||||||
|
return VLC_ENOMEM;
|
||||||
|
|
||||||
|
memcpy( &p_reaced[p_sys->i_header], p_data + 8, i_packet_length - 8 );
|
||||||
|
p_sys->p_header = p_reaced;
|
||||||
|
- p_sys->i_header += i_packet_length - 8;
|
||||||
|
+ p_sys->i_header = new_header_size;
|
||||||
|
|
||||||
|
/* msg_Dbg( p_access,
|
||||||
|
"receive header packet (%d bytes)",
|
||||||
@@ -25,6 +25,7 @@ SRC_URI = "https://get.videolan.org/${BPN}/${PV}/${BP}.tar.xz \
|
|||||||
file://0006-configure-Disable-incompatible-function-pointer-type.patch \
|
file://0006-configure-Disable-incompatible-function-pointer-type.patch \
|
||||||
file://taglib-2.patch \
|
file://taglib-2.patch \
|
||||||
file://0001-taglib-Fix-build-on-x86-32-bit.patch \
|
file://0001-taglib-Fix-build-on-x86-32-bit.patch \
|
||||||
|
file://CVE-2024-46461.patch \
|
||||||
"
|
"
|
||||||
SRC_URI[sha256sum] = "adc7285b4d2721cddf40eb5270cada2aaa10a334cb546fd55a06353447ba29b5"
|
SRC_URI[sha256sum] = "adc7285b4d2721cddf40eb5270cada2aaa10a334cb546fd55a06353447ba29b5"
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user