mirrors/meta-openembedded
1
0
Fork 0
mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-06-13 17:39:57 +00:00
Code Issues Projects Releases Wiki Activity

faad2: patch CVE-2021-32272

Browse Source 
Details: https://nvd.nist.gov/vuln/detail/CVE-2021-32272

Pick the patch that is mentioned in the ncv report.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
This commit is contained in:
Gyorgy Sarvari
2025-10-16 11:32:39 +02:00
parent 3396d38876
commit a84d373085
2 changed files with 40 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta-oe/recipes-multimedia/faad2/faad2/0001-fix-heap-buffer-overflow-in-mp4read.c.patch
+37
View File
@@ -0,0 +1,37 @@
From 57850acf9d40fc2898ded492b9ce942110d0c426 Mon Sep 17 00:00:00 2001
From: Fabian Greffrath <fabian@greffrath.com>
Date: Mon, 31 Aug 2020 10:00:37 +0200
Subject: [PATCH] fix heap-buffer-overflow in mp4read.c
This originated from an integer overflow: If mp4config.frame.ents
would be read-in with a value of (uint32t)(-1), it would overflow to 0
in the size calculation for the allocation in the next line. The
malloc() function would then successfully return a pointer to a memory
region of size 0, which will cause a segfault when written to.
Fixes #57.
CVE: CVE-2021-32272
Upstream-Status: Backport [https://github.com/knik0/faad2/commit/1b71a6ba963d131375f5e489b3b25e36f19f3f24]
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
frontend/mp4read.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/frontend/mp4read.c b/frontend/mp4read.c
index 9767383..5dc36b7 100644
--- a/frontend/mp4read.c
+++ b/frontend/mp4read.c
@@ -340,7 +340,10 @@ static int stszin(int size)
// Number of entries
mp4config.frame.ents = u32in();
// fixme error checking
- // fixme: check atom size
+
+ if (!(mp4config.frame.ents + 1))
+ return ERR_FAIL;
+
mp4config.frame.data = malloc(sizeof(*mp4config.frame.data)
* (mp4config.frame.ents + 1));
ofs = 0;
meta-oe/recipes-multimedia/faad2/faad2_2.8.8.bb
+3 -1
View File
@@ -7,7 +7,9 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=381c8cbe277a7bc1ee2ae6083a04c958"
LICENSE_FLAGS = "commercial"
SRC_URI = "${SOURCEFORGE_MIRROR}/faac/faad2-src/faad2-2.8.0/${BP}.tar.gz"
SRC_URI = "${SOURCEFORGE_MIRROR}/faac/faad2-src/faad2-2.8.0/${BP}.tar.gz \
file://0001-fix-heap-buffer-overflow-in-mp4read.c.patch \
"
SRC_URI[md5sum] = "28f6116efdbe9378269f8a6221767d1f"
SRC_URI[sha256sum] = "985c3fadb9789d2815e50f4ff714511c79c2710ac27a4aaaf5c0c2662141426d"