mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-05-31 12:49:46 +00:00
Code Issues Projects Releases Wiki Activity

libsndfile1: CVE-2018-13139

Browse Source 
A stack-based buffer overflow in psf_memset in common.c in libsndfile 1.0.28.

Fixed in https://github.com/erikd/libsndfile/issues/397

(From OE-Core rev: 6b5a9078a7c5035590ee4dc2e23582da94d4a104)

(From OE-Core rev: da7342a774ae9bcd876ceb7c260dfb49791949d5)

Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Changqing Li
2018-10-10 09:15:53 +08:00
committed by Richard Purdie
parent 255160b689
commit cbdc5ca4f8
2 changed files with 36 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2018-13139.patch
+35
View File
@@ -0,0 +1,35 @@
From 5473aeef7875e54bd0f786fbdd259a35aaee875c Mon Sep 17 00:00:00 2001
From: Changqing Li <changqing.li@windriver.com>
Date: Wed, 10 Oct 2018 08:59:30 +0800
Subject: [PATCH] libsndfile1: patch for CVE-2018-13139
Upstream-Status: Backport [https://github.com/bwarden/libsndfile/
commit/df18323c622b54221ee7ace74b177cdcccc152d7]
CVE: CVE-2018-13139
Signed-off-by: Changqing Li <changqing.li@windriver.com>
---
programs/sndfile-deinterleave.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/programs/sndfile-deinterleave.c b/programs/sndfile-deinterleave.c
index e27593e..721bee7 100644
--- a/programs/sndfile-deinterleave.c
+++ b/programs/sndfile-deinterleave.c
@@ -89,6 +89,12 @@ main (int argc, char **argv)
exit (1) ;
} ;
+ if (sfinfo.channels > MAX_CHANNELS)
+ { printf ("\nError : Input file '%s' has too many (%d) channels. Limit is %d.\n",
+ argv [1], sfinfo.channels, MAX_CHANNELS) ;
+ exit (1) ;
+ } ;
+
state.channels = sfinfo.channels ;
sfinfo.channels = 1 ;
--
2.7.4
meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb
+1
View File
@@ -12,6 +12,7 @@ SRC_URI = "http://www.mega-nerd.com/libsndfile/files/libsndfile-${PV}.tar.gz \
file://CVE-2017-8363.patch \
file://CVE-2017-14245-14246.patch \
file://CVE-2017-14634.patch \
file://CVE-2018-13139.patch \
"
SRC_URI[md5sum] = "646b5f98ce89ac60cdb060fcd398247c"