mirror of
https://github.com/openembedded/meta-openembedded.git
synced 2026-07-17 04:37:19 +00:00
sox: patch CVE-2019-8354
Details: https://nvd.nist.gov/vuln/detail/CVE-2019-8354 Pick the patch that was identified by Debian[1] as the solution. [1]: https://security-tracker.debian.org/tracker/CVE-2019-8354 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
This commit is contained in:
@@ -0,0 +1,29 @@
|
|||||||
|
From 5066f093b08b4033f59ea6d99001f059e919239b Mon Sep 17 00:00:00 2001
|
||||||
|
From: Mans Rullgard <mans@mansr.com>
|
||||||
|
Date: Wed, 24 Apr 2019 14:57:34 +0100
|
||||||
|
Subject: [PATCH] fix possible buffer size overflow in lsx_make_lpf()
|
||||||
|
(CVE-2019-8354)
|
||||||
|
|
||||||
|
The multiplication in the size argument malloc() might overflow,
|
||||||
|
resulting in a small buffer being allocated. Use calloc() instead.
|
||||||
|
|
||||||
|
CVE: CVE-2019-8354
|
||||||
|
Upstream-Status: Backport [https://github.com/mansr/sox/commit/f70911261a84333b077c29908e1242f69d7439eb]
|
||||||
|
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
|
||||||
|
---
|
||||||
|
src/effects_i_dsp.c | 2 +-
|
||||||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/src/effects_i_dsp.c b/src/effects_i_dsp.c
|
||||||
|
index a979b50..e32dfa0 100644
|
||||||
|
--- a/src/effects_i_dsp.c
|
||||||
|
+++ b/src/effects_i_dsp.c
|
||||||
|
@@ -357,7 +357,7 @@ double * lsx_make_lpf(int num_taps, double Fc, double beta, double rho,
|
||||||
|
double scale, sox_bool dc_norm)
|
||||||
|
{
|
||||||
|
int i, m = num_taps - 1;
|
||||||
|
- double * h = malloc(num_taps * sizeof(*h)), sum = 0;
|
||||||
|
+ double * h = calloc(num_taps, sizeof(*h)), sum = 0;
|
||||||
|
double mult = scale / lsx_bessel_I_0(beta), mult1 = 1 / (.5 * m + rho);
|
||||||
|
assert(Fc >= 0 && Fc <= 1);
|
||||||
|
lsx_debug("make_lpf(n=%i Fc=%.7g β=%g ρ=%g dc-norm=%i scale=%g)", num_taps, Fc, beta, rho, dc_norm, scale);
|
||||||
@@ -39,6 +39,7 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/sox/sox-${PV}.tar.gz \
|
|||||||
file://CVE-2017-15642.patch \
|
file://CVE-2017-15642.patch \
|
||||||
file://CVE-2017-18189.patch \
|
file://CVE-2017-18189.patch \
|
||||||
file://CVE-2019-13590.patch \
|
file://CVE-2019-13590.patch \
|
||||||
|
file://CVE-2019-8354.patch \
|
||||||
"
|
"
|
||||||
SRC_URI[md5sum] = "d04fba2d9245e661f245de0577f48a33"
|
SRC_URI[md5sum] = "d04fba2d9245e661f245de0577f48a33"
|
||||||
SRC_URI[sha256sum] = "b45f598643ffbd8e363ff24d61166ccec4836fea6d3888881b8df53e3bb55f6c"
|
SRC_URI[sha256sum] = "b45f598643ffbd8e363ff24d61166ccec4836fea6d3888881b8df53e3bb55f6c"
|
||||||
|
|||||||
Reference in New Issue
Block a user