mirror of
https://github.com/openembedded/meta-openembedded.git
synced 2026-06-05 02:50:46 +00:00
sox: patch CVE-2022-31650
Use patch from Debian: https://salsa.debian.org/lts-team/packages/sox/-/blob/debian/14.4.2+git20190427-1+deb10u3/debian/patches/CVE-2022-31650.patch Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
This commit is contained in:
Peter Marko
Khem Raj
@@ -0,0 +1,60 @@
|
||||
From 3a8e783c58499bb52052c671b9161c43e011a508 Mon Sep 17 00:00:00 2001
|
||||
From: Helmut Grohne <helmut@subdivi.de>
|
||||
Date: Sun, 16 Mar 2025 20:08:04 +0100
|
||||
Subject: [PATCH] formats+aiff: reject implausibly large number of channels
|
||||
|
||||
Source: https://salsa.debian.org/lts-team/packages/sox/-/blob/debian/14.4.2+git20190427-1+deb10u3/debian/patches/CVE-2022-31650.patch
|
||||
|
||||
CVE: CVE-2022-31650
|
||||
Upstream-Status: Inactive-Upstream [lastrelease: 2015]
|
||||
Signed-off-by: Peter Marko <peter.marko@siemens.com>
|
||||
---
|
||||
src/aiff.c | 5 +++++
|
||||
src/formats_i.c | 10 ++++++++--
|
||||
2 files changed, 13 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/src/aiff.c b/src/aiff.c
|
||||
index 3a152c58..6de94f32 100644
|
||||
--- a/src/aiff.c
|
||||
+++ b/src/aiff.c
|
||||
@@ -619,6 +619,11 @@ int lsx_aiffstartwrite(sox_format_t * ft)
|
||||
At 48 kHz, 16 bits stereo, this gives ~3 hours of audio.
|
||||
Sorry, the AIFF format does not provide for an indefinite
|
||||
number of samples. */
|
||||
+ if (ft->signal.channels >= (0x7f000000 / (ft->encoding.bits_per_sample >> 3)))
|
||||
+ {
|
||||
+ lsx_fail_errno(ft, SOX_EOF, "too many channels for AIFF header");
|
||||
+ return SOX_EOF;
|
||||
+ }
|
||||
return(aiffwriteheader(ft, (uint64_t) 0x7f000000 / ((ft->encoding.bits_per_sample>>3)*ft->signal.channels)));
|
||||
}
|
||||
|
||||
diff --git a/src/formats_i.c b/src/formats_i.c
|
||||
index 7048040d..6a7c27e3 100644
|
||||
--- a/src/formats_i.c
|
||||
+++ b/src/formats_i.c
|
||||
@@ -19,6 +19,7 @@
|
||||
*/
|
||||
|
||||
#include "sox_i.h"
|
||||
+#include <limits.h>
|
||||
#include <string.h>
|
||||
#include <sys/stat.h>
|
||||
#include <stdarg.h>
|
||||
@@ -60,9 +61,14 @@ int lsx_check_read_params(sox_format_t * ft, unsigned channels,
|
||||
if (ft->seekable)
|
||||
ft->data_start = lsx_tell(ft);
|
||||
|
||||
- if (channels && ft->signal.channels && ft->signal.channels != channels)
|
||||
+ if (channels && ft->signal.channels && ft->signal.channels != channels) {
|
||||
lsx_warn("`%s': overriding number of channels", ft->filename);
|
||||
- else ft->signal.channels = channels;
|
||||
+ } else if (channels > SHRT_MAX) {
|
||||
+ lsx_fail_errno(ft, EINVAL, "implausibly large number of channels");
|
||||
+ return SOX_EOF;
|
||||
+ } else {
|
||||
+ ft->signal.channels = channels;
|
||||
+ }
|
||||
|
||||
if (rate && ft->signal.rate && ft->signal.rate != rate)
|
||||
lsx_warn("`%s': overriding sample rate", ft->filename);
|
||||
@@ -33,6 +33,7 @@ SRC_URI = "git://git.code.sf.net/p/sox/code;protocol=https;branch=master \
|
||||
file://CVE-2021-23159_CVE-2021-2317.patch \
|
||||
file://CVE-2021-33844.patch \
|
||||
file://CVE-2021-40426.patch \
|
||||
file://CVE-2022-31650.patch \
|
||||
"
|
||||
|
||||
# last release was in 2015, use latest hash from 2024-05-30
|
||||
|
||||
Reference in New Issue
Block a user