[oe] [PATCH] libsndfile1: patch for CVE-2017-14634
akuster808
akuster808 at gmail.com
Mon Aug 27 03:17:42 UTC 2018
On 08/26/2018 08:14 PM, changqing.li at windriver.com wrote:
> From: Changqing Li <changqing.li at windriver.com>
>
> Signed-off-by: Changqing Li <changqing.li at windriver.com>
> ---
> .../libsndfile/libsndfile1/CVE-2017-14634.patch | 40 ++++++++++++++++++++++
> .../libsndfile/libsndfile1_1.0.28.bb | 1 +
> 2 files changed, 41 insertions(+)
> create mode 100644 meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2017-14634.patch
>
> diff --git a/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2017-14634.patch b/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2017-14634.patch
> new file mode 100644
> index 0000000..12dce56
> --- /dev/null
> +++ b/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2017-14634.patch
> @@ -0,0 +1,40 @@
> +From 85c877d5072866aadbe8ed0c3e0590fbb5e16788 Mon Sep 17 00:00:00 2001
> +From: Fabian Greffrath <fabian at greffrath.com>
> +Date: Thu, 28 Sep 2017 12:15:04 +0200
> +Subject: [PATCH] double64_init: Check psf->sf.channels against upper bound
> +
> +This prevents division by zero later in the code.
> +
> +While the trivial case to catch this (i.e. sf.channels < 1) has already
> +been covered, a crafted file may report a number of channels that is
> +so high (i.e. > INT_MAX/sizeof(double)) that it "somehow" gets
> +miscalculated to zero (if this makes sense) in the determination of the
> +blockwidth. Since we only support a limited number of channels anyway,
> +make sure to check here as well.
> +
> +Closes: https://github.com/erikd/libsndfile/issues/318
> +Signed-off-by: Erik de Castro Lopo <erikd at mega-nerd.com>
> +
> +Upstream-Status: Backport[https://github.com/erikd/libsndfile/commit/
> +85c877d5072866aadbe8ed0c3e0590fbb5e16788#diff-61db6a4422d4ff5453548f73548f4ca1]
> +
> +CVE: CVE-2017-14634
Missing signed-off-by
> +---
> + src/double64.c | 2 +-
> + 1 file changed, 1 insertion(+), 1 deletion(-)
> +
> +diff --git a/src/double64.c b/src/double64.c
> +index b318ea8..78dfef7 100644
> +--- a/src/double64.c
> ++++ b/src/double64.c
> +@@ -91,7 +91,7 @@ int
> + double64_init (SF_PRIVATE *psf)
> + { static int double64_caps ;
> +
> +- if (psf->sf.channels < 1)
> ++ if (psf->sf.channels < 1 || psf->sf.channels > SF_MAX_CHANNELS)
> + { psf_log_printf (psf, "double64_init : internal error : channels = %d\n", psf->sf.channels) ;
> + return SFE_INTERNAL ;
> + } ;
> +--
> +1.7.9.5
> diff --git a/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb b/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb
> index 281ac82..9416e52 100644
> --- a/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb
> +++ b/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb
> @@ -10,6 +10,7 @@ SRC_URI = "http://www.mega-nerd.com/libsndfile/files/libsndfile-${PV}.tar.gz \
> file://CVE-2017-8361-8365.patch \
> file://CVE-2017-8362.patch \
> file://CVE-2017-8363.patch \
> + file://CVE-2017-14634.patch \
> "
>
> SRC_URI[md5sum] = "646b5f98ce89ac60cdb060fcd398247c"
More information about the Openembedded-devel
mailing list