mirror of
https://github.com/openembedded/meta-openembedded.git
synced 2026-07-17 04:37:19 +00:00
faad2: patch CVE-2021-32272
Details: https://nvd.nist.gov/vuln/detail/CVE-2021-32272 Pick the patch that is mentioned in the ncv report. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
This commit is contained in:
+37
@@ -0,0 +1,37 @@
|
|||||||
|
From 57850acf9d40fc2898ded492b9ce942110d0c426 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Fabian Greffrath <fabian@greffrath.com>
|
||||||
|
Date: Mon, 31 Aug 2020 10:00:37 +0200
|
||||||
|
Subject: [PATCH] fix heap-buffer-overflow in mp4read.c
|
||||||
|
|
||||||
|
This originated from an integer overflow: If mp4config.frame.ents
|
||||||
|
would be read-in with a value of (uint32t)(-1), it would overflow to 0
|
||||||
|
in the size calculation for the allocation in the next line. The
|
||||||
|
malloc() function would then successfully return a pointer to a memory
|
||||||
|
region of size 0, which will cause a segfault when written to.
|
||||||
|
|
||||||
|
Fixes #57.
|
||||||
|
|
||||||
|
CVE: CVE-2021-32272
|
||||||
|
Upstream-Status: Backport [https://github.com/knik0/faad2/commit/1b71a6ba963d131375f5e489b3b25e36f19f3f24]
|
||||||
|
|
||||||
|
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
|
||||||
|
---
|
||||||
|
frontend/mp4read.c | 5 ++++-
|
||||||
|
1 file changed, 4 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/frontend/mp4read.c b/frontend/mp4read.c
|
||||||
|
index 9767383..5dc36b7 100644
|
||||||
|
--- a/frontend/mp4read.c
|
||||||
|
+++ b/frontend/mp4read.c
|
||||||
|
@@ -340,7 +340,10 @@ static int stszin(int size)
|
||||||
|
// Number of entries
|
||||||
|
mp4config.frame.ents = u32in();
|
||||||
|
// fixme error checking
|
||||||
|
- // fixme: check atom size
|
||||||
|
+
|
||||||
|
+ if (!(mp4config.frame.ents + 1))
|
||||||
|
+ return ERR_FAIL;
|
||||||
|
+
|
||||||
|
mp4config.frame.data = malloc(sizeof(*mp4config.frame.data)
|
||||||
|
* (mp4config.frame.ents + 1));
|
||||||
|
ofs = 0;
|
||||||
@@ -7,7 +7,9 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=381c8cbe277a7bc1ee2ae6083a04c958"
|
|||||||
|
|
||||||
LICENSE_FLAGS = "commercial"
|
LICENSE_FLAGS = "commercial"
|
||||||
|
|
||||||
SRC_URI = "${SOURCEFORGE_MIRROR}/faac/faad2-src/faad2-2.8.0/${BP}.tar.gz"
|
SRC_URI = "${SOURCEFORGE_MIRROR}/faac/faad2-src/faad2-2.8.0/${BP}.tar.gz \
|
||||||
|
file://0001-fix-heap-buffer-overflow-in-mp4read.c.patch \
|
||||||
|
"
|
||||||
SRC_URI[md5sum] = "28f6116efdbe9378269f8a6221767d1f"
|
SRC_URI[md5sum] = "28f6116efdbe9378269f8a6221767d1f"
|
||||||
SRC_URI[sha256sum] = "985c3fadb9789d2815e50f4ff714511c79c2710ac27a4aaaf5c0c2662141426d"
|
SRC_URI[sha256sum] = "985c3fadb9789d2815e50f4ff714511c79c2710ac27a4aaaf5c0c2662141426d"
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user