mirror of
https://git.yoctoproject.org/poky
synced 2026-05-30 00:20:08 +00:00
libsndfile1: Security fix CVE-2018-19432
(From OE-Core rev: 6f010c9b7777aae5ce2108122d0c6d3b1d630a21) Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Changqing Li
committed by
Richard Purdie
Richard Purdie
parent
1efe414a67
commit
ae9160e099
@@ -0,0 +1,115 @@
|
||||
From 6f3266277bed16525f0ac2f0f03ff4626f1923e5 Mon Sep 17 00:00:00 2001
|
||||
From: Erik de Castro Lopo <erikd@mega-nerd.com>
|
||||
Date: Thu, 8 Mar 2018 18:00:21 +1100
|
||||
Subject: [PATCH] Fix max channel count bug
|
||||
|
||||
The code was allowing files to be written with a channel count of exactly
|
||||
`SF_MAX_CHANNELS` but was failing to read some file formats with the same
|
||||
channel count.
|
||||
|
||||
Upstream-Status: Backport [https://github.com/erikd/libsndfile/
|
||||
commit/6f3266277bed16525f0ac2f0f03ff4626f1923e5]
|
||||
|
||||
CVE: CVE-2018-19432
|
||||
|
||||
Signed-off-by: Changqing Li <changqing.li@windriver.com>
|
||||
|
||||
---
|
||||
src/aiff.c | 6 +++---
|
||||
src/rf64.c | 4 ++--
|
||||
src/w64.c | 4 ++--
|
||||
src/wav.c | 4 ++--
|
||||
4 files changed, 9 insertions(+), 9 deletions(-)
|
||||
|
||||
diff --git a/src/aiff.c b/src/aiff.c
|
||||
index fbd43cb..6386bce 100644
|
||||
--- a/src/aiff.c
|
||||
+++ b/src/aiff.c
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
-** Copyright (C) 1999-2016 Erik de Castro Lopo <erikd@mega-nerd.com>
|
||||
+** Copyright (C) 1999-2018 Erik de Castro Lopo <erikd@mega-nerd.com>
|
||||
** Copyright (C) 2005 David Viens <davidv@plogue.com>
|
||||
**
|
||||
** This program is free software; you can redistribute it and/or modify
|
||||
@@ -950,7 +950,7 @@ aiff_read_header (SF_PRIVATE *psf, COMM_
|
||||
if (psf->sf.channels < 1)
|
||||
return SFE_CHANNEL_COUNT_ZERO ;
|
||||
|
||||
- if (psf->sf.channels >= SF_MAX_CHANNELS)
|
||||
+ if (psf->sf.channels > SF_MAX_CHANNELS)
|
||||
return SFE_CHANNEL_COUNT ;
|
||||
|
||||
if (! (found_chunk & HAVE_FORM))
|
||||
@@ -1030,7 +1030,7 @@ aiff_read_comm_chunk (SF_PRIVATE *psf, C
|
||||
psf_log_printf (psf, " Sample Rate : %d\n", samplerate) ;
|
||||
psf_log_printf (psf, " Frames : %u%s\n", comm_fmt->numSampleFrames, (comm_fmt->numSampleFrames == 0 && psf->filelength > 104) ? " (Should not be 0)" : "") ;
|
||||
|
||||
- if (comm_fmt->numChannels < 1 || comm_fmt->numChannels >= SF_MAX_CHANNELS)
|
||||
+ if (comm_fmt->numChannels < 1 || comm_fmt->numChannels > SF_MAX_CHANNELS)
|
||||
{ psf_log_printf (psf, " Channels : %d (should be >= 1 and < %d)\n", comm_fmt->numChannels, SF_MAX_CHANNELS) ;
|
||||
return SFE_CHANNEL_COUNT_BAD ;
|
||||
} ;
|
||||
diff --git a/src/rf64.c b/src/rf64.c
|
||||
index d57f0f3..876cd45 100644
|
||||
--- a/src/rf64.c
|
||||
+++ b/src/rf64.c
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
-** Copyright (C) 2008-2017 Erik de Castro Lopo <erikd@mega-nerd.com>
|
||||
+** Copyright (C) 2008-2018 Erik de Castro Lopo <erikd@mega-nerd.com>
|
||||
** Copyright (C) 2009 Uli Franke <cls@nebadje.org>
|
||||
**
|
||||
** This program is free software; you can redistribute it and/or modify
|
||||
@@ -382,7 +382,7 @@ rf64_read_header (SF_PRIVATE *psf, int *
|
||||
if (psf->sf.channels < 1)
|
||||
return SFE_CHANNEL_COUNT_ZERO ;
|
||||
|
||||
- if (psf->sf.channels >= SF_MAX_CHANNELS)
|
||||
+ if (psf->sf.channels > SF_MAX_CHANNELS)
|
||||
return SFE_CHANNEL_COUNT ;
|
||||
|
||||
/* WAVs can be little or big endian */
|
||||
diff --git a/src/w64.c b/src/w64.c
|
||||
index 939b716..a37d2c5 100644
|
||||
--- a/src/w64.c
|
||||
+++ b/src/w64.c
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
-** Copyright (C) 1999-2016 Erik de Castro Lopo <erikd@mega-nerd.com>
|
||||
+** Copyright (C) 1999-2018 Erik de Castro Lopo <erikd@mega-nerd.com>
|
||||
**
|
||||
** This program is free software; you can redistribute it and/or modify
|
||||
** it under the terms of the GNU Lesser General Public License as published by
|
||||
@@ -383,7 +383,7 @@ w64_read_header (SF_PRIVATE *psf, int *b
|
||||
if (psf->sf.channels < 1)
|
||||
return SFE_CHANNEL_COUNT_ZERO ;
|
||||
|
||||
- if (psf->sf.channels >= SF_MAX_CHANNELS)
|
||||
+ if (psf->sf.channels > SF_MAX_CHANNELS)
|
||||
return SFE_CHANNEL_COUNT ;
|
||||
|
||||
psf->endian = SF_ENDIAN_LITTLE ; /* All W64 files are little endian. */
|
||||
diff --git a/src/wav.c b/src/wav.c
|
||||
index 7bd97bc..dc97545 100644
|
||||
--- a/src/wav.c
|
||||
+++ b/src/wav.c
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
-** Copyright (C) 1999-2016 Erik de Castro Lopo <erikd@mega-nerd.com>
|
||||
+** Copyright (C) 1999-2018 Erik de Castro Lopo <erikd@mega-nerd.com>
|
||||
** Copyright (C) 2004-2005 David Viens <davidv@plogue.com>
|
||||
**
|
||||
** This program is free software; you can redistribute it and/or modify
|
||||
@@ -627,7 +627,7 @@ wav_read_header (SF_PRIVATE *psf, int *b
|
||||
if (psf->sf.channels < 1)
|
||||
return SFE_CHANNEL_COUNT_ZERO ;
|
||||
|
||||
- if (psf->sf.channels >= SF_MAX_CHANNELS)
|
||||
+ if (psf->sf.channels > SF_MAX_CHANNELS)
|
||||
return SFE_CHANNEL_COUNT ;
|
||||
|
||||
if (format != WAVE_FORMAT_PCM && (parsestage & HAVE_fact) == 0)
|
||||
--
|
||||
1.7.9.5
|
||||
|
||||
@@ -14,6 +14,7 @@ SRC_URI = "http://www.mega-nerd.com/libsndfile/files/libsndfile-${PV}.tar.gz \
|
||||
file://CVE-2017-14634.patch \
|
||||
file://CVE-2018-13139.patch \
|
||||
file://0001-a-ulaw-fix-multiple-buffer-overflows-432.patch \
|
||||
file://CVE-2018-19432.patch \
|
||||
"
|
||||
|
||||
SRC_URI[md5sum] = "646b5f98ce89ac60cdb060fcd398247c"
|
||||
|
||||
Reference in New Issue
Block a user