mirror of
https://github.com/openembedded/meta-openembedded.git
synced 2026-07-17 04:37:19 +00:00
8ef997336a
Details: https://nvd.nist.gov/vuln/detail/CVE-2019-13147 https://nvd.nist.gov/vuln/detail/CVE-2022-24599 These patches are used by opensuse to mitigate the corresponding vulnerabulities. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
32 lines
1.0 KiB
Diff
32 lines
1.0 KiB
Diff
This patch is taken from opensuse:
|
|
https://build.opensuse.org/package/show/multimedia:libs/audiofile
|
|
|
|
CVE: CVE-2019-13147
|
|
Upstream-Status: Inactive-Upstream [lastcommit: 2016-Aug-30]
|
|
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
|
|
|
|
diff --unified --recursive --text --new-file --color audiofile-0.3.6/libaudiofile/NeXT.cpp audiofile-0.3.6.new/libaudiofile/NeXT.cpp
|
|
--- audiofile-0.3.6/libaudiofile/NeXT.cpp 2013-03-06 13:30:03.000000000 +0800
|
|
+++ audiofile-0.3.6.new/libaudiofile/NeXT.cpp 2025-05-14 10:45:11.685700984 +0800
|
|
@@ -32,6 +32,7 @@
|
|
#include <stdint.h>
|
|
#include <stdlib.h>
|
|
#include <string.h>
|
|
+#include <limits.h>
|
|
|
|
#include "File.h"
|
|
#include "Setup.h"
|
|
@@ -122,6 +123,12 @@
|
|
_af_error(AF_BAD_CHANNELS, "invalid file with 0 channels");
|
|
return AF_FAIL;
|
|
}
|
|
+ /* avoid overflow of INT for double size rate */
|
|
+ if (channelCount > (INT32_MAX / (sizeof(double))))
|
|
+ {
|
|
+ _af_error(AF_BAD_CHANNELS, "invalid file with %i channels", channelCount);
|
|
+ return AF_FAIL;
|
|
+ }
|
|
|
|
Track *track = allocateTrack();
|
|
if (!track)
|