diff options
author | Zach van Rijn <me@zv.io> | 2023-02-06 03:51:29 +0000 |
---|---|---|
committer | Zach van Rijn <me@zv.io> | 2023-02-06 03:53:58 +0000 |
commit | 491802e5efd6fa2d5543de51e93ffc2ae0a6f1b1 (patch) | |
tree | 1b72677c935f5c82312062ad291474fba200c2be /user/sox/CVE-2017-15370.patch | |
parent | 130b4b415b5591a7320ea3cfdf87c43987916655 (diff) | |
download | packages-491802e5efd6fa2d5543de51e93ffc2ae0a6f1b1.tar.gz packages-491802e5efd6fa2d5543de51e93ffc2ae0a6f1b1.tar.bz2 packages-491802e5efd6fa2d5543de51e93ffc2ae0a6f1b1.tar.xz packages-491802e5efd6fa2d5543de51e93ffc2ae0a6f1b1.zip |
user/sox: move to legacy/
This package has numerous CVEs and does not currently
build on our pmmx target. It is not required by any
other packages at the moment.
See also: #961.
Diffstat (limited to 'user/sox/CVE-2017-15370.patch')
-rw-r--r-- | user/sox/CVE-2017-15370.patch | 28 |
1 files changed, 0 insertions, 28 deletions
diff --git a/user/sox/CVE-2017-15370.patch b/user/sox/CVE-2017-15370.patch deleted file mode 100644 index 9e6a7f7ee..000000000 --- a/user/sox/CVE-2017-15370.patch +++ /dev/null @@ -1,28 +0,0 @@ -From e076a7ad504add6e8c3b8699e8587eef0e0d9bc3 Mon Sep 17 00:00:00 2001 -From: Mans Rullgard <mans@mansr.com> -Date: Sun, 5 Nov 2017 16:21:23 +0000 -Subject: [PATCH] wav: ima_adpcm: fix buffer overflow on corrupt input - (CVE-2017-15370) - -Add the same check bad block size as was done for MS adpcm in commit -f39c574b ("More checks for invalid MS ADPCM blocks"). ---- - src/wav.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/wav.c b/src/wav.c -index eca1cde5..fad334cf 100644 ---- a/src/wav.c -+++ b/src/wav.c -@@ -127,7 +127,7 @@ static unsigned short ImaAdpcmReadBlock(sox_format_t * ft) - /* work with partial blocks. Specs say it should be null */ - /* padded but I guess this is better than trailing quiet. */ - samplesThisBlock = lsx_ima_samples_in((size_t)0, (size_t)ft->signal.channels, bytesRead, (size_t) 0); -- if (samplesThisBlock == 0) -+ if (samplesThisBlock == 0 || samplesThisBlock > wav->samplesPerBlock) - { - lsx_warn("Premature EOF on .wav input file"); - return 0; --- -2.25.0 - |