mirrors/meta-openembedded
1
0
Fork 0
mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-06-05 02:50:46 +00:00
Code Issues Projects Releases Wiki Activity

sox: patch CVE-2021-40426

Browse Source 
Use patch from Debian:
https://salsa.debian.org/lts-team/packages/sox/-/blob/debian/14.4.2+git20190427-1+deb10u3/debian/patches/CVE-2021-40426.patch

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This commit is contained in:
Peter Marko
2025-03-16 23:53:54 +01:00
committed by Khem Raj
parent 59085af7b2
commit 69bef92b56
2 changed files with 39 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta-multimedia/recipes-multimedia/sox/sox/CVE-2021-40426.patch
+38
View File
@@ -0,0 +1,38 @@
From 25f686e0da423326a74fe16c603b6b6b75857fa4 Mon Sep 17 00:00:00 2001
From: Helmut Grohne <helmut@subdivi.de>
Date: Sun, 16 Mar 2025 20:07:19 +0100
Subject: [PATCH] sphere: avoid integer underflow
Source: https://salsa.debian.org/lts-team/packages/sox/-/blob/debian/14.4.2+git20190427-1+deb10u3/debian/patches/CVE-2021-40426.patch
CVE: CVE-2021-40426
Upstream-Status: Inactive-Upstream [lastrelease: 2015]
Signed-off-by: Peter Marko <peter.marko@siemens.com>
---
src/sphere.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/src/sphere.c b/src/sphere.c
index a3fd1c64..9544d160 100644
--- a/src/sphere.c
+++ b/src/sphere.c
@@ -63,7 +63,8 @@ static int start_read(sox_format_t * ft)
return (SOX_EOF);
}
- header_size -= (strlen(buf) + 1);
+ bytes_read = strlen(buf);
+ header_size -= bytes_read >= header_size ? header_size : bytes_read + 1;
while (strncmp(buf, "end_head", (size_t)8) != 0) {
if (strncmp(buf, "sample_n_bytes", (size_t)14) == 0)
@@ -105,7 +106,8 @@ static int start_read(sox_format_t * ft)
return (SOX_EOF);
}
- header_size -= (strlen(buf) + 1);
+ bytes_read = strlen(buf);
+ header_size -= bytes_read >= header_size ? header_size : bytes_read + 1;
}
if (!bytes_per_sample)
meta-multimedia/recipes-multimedia/sox/sox_14.4.2.bb
+1
View File
@@ -32,6 +32,7 @@ SRC_URI = "git://git.code.sf.net/p/sox/code;protocol=https;branch=master \
file://CVE-2021-3643_CVE-2021-23210.patch \
file://CVE-2021-23159_CVE-2021-2317.patch \
file://CVE-2021-33844.patch \
file://CVE-2021-40426.patch \
"
# last release was in 2015, use latest hash from 2024-05-30