mirrors/meta-openembedded
1
0
Fork 0
mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-06-13 17:39:57 +00:00
Code Issues Projects Releases Wiki Activity

sox: patch CVE-2017-11358

Browse Source 
Details: https://nvd.nist.gov/vuln/detail/CVE-2017-11358

Pick the patch that was identified by Debian[1] as the solution.

[1]: https://security-tracker.debian.org/tracker/CVE-2017-11358

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
This commit is contained in:
Gyorgy Sarvari
2026-02-09 12:38:49 +01:00
parent 83498ed818
commit e672fee7eb
2 changed files with 30 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta-multimedia/recipes-multimedia/sox/sox/CVE-2017-11358.patch
+29
View File
@@ -0,0 +1,29 @@
From 0e3909288d38487d7c86b11c7509cca01296fdc8 Mon Sep 17 00:00:00 2001
From: Mans Rullgard <mans@mansr.com>
Date: Sun, 5 Nov 2017 16:43:35 +0000
Subject: [PATCH] hcom: fix crash on input with corrupt dictionary
(CVE-2017-11358)
CVE: CVE-2017-11358
Upstream-Status: Backport [https://github.com/mansr/sox/commit/6cb44a44b9eda6b321ccdbf6483348d4a9798b00]
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
src/hcom.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/src/hcom.c b/src/hcom.c
index e76820e..ee28cba 100644
--- a/src/hcom.c
+++ b/src/hcom.c
@@ -150,6 +150,11 @@ static int startread(sox_format_t * ft)
lsx_debug("%d %d",
p->dictionary[i].dict_leftson,
p->dictionary[i].dict_rightson);
+ if ((unsigned) p->dictionary[i].dict_leftson >= dictsize ||
+ (unsigned) p->dictionary[i].dict_rightson >= dictsize) {
+ lsx_fail_errno(ft, SOX_EHDR, "Invalid dictionary");
+ return SOX_EOF;
+ }
}
rc = lsx_skipbytes(ft, (size_t) 1); /* skip pad byte */
if (rc)
meta-multimedia/recipes-multimedia/sox/sox_14.4.2.bb
+1
View File
@@ -31,6 +31,7 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/sox/sox-${PV}.tar.gz \
file://0001-remove-the-error-line-and-live-without-file-type-det.patch \
file://0001-Update-exported-symbol-list.patch \
file://CVE-2017-11332.patch \
file://CVE-2017-11358.patch \
"
SRC_URI[md5sum] = "d04fba2d9245e661f245de0577f48a33"
SRC_URI[sha256sum] = "b45f598643ffbd8e363ff24d61166ccec4836fea6d3888881b8df53e3bb55f6c"