diff options
author | CyberLeo <cyberleo@cyberleo.net> | 2020-03-28 05:45:52 -0500 |
---|---|---|
committer | CyberLeo <cyberleo@cyberleo.net> | 2020-03-28 05:45:52 -0500 |
commit | 9297468fa579836e3a6a381b798feb6b78217c2d (patch) | |
tree | 53168212f427afbcf0693b534530a4af803152e9 /user/sox/CVE-2017-15370.patch | |
parent | a63cc05c53a6f4c22422dc8c69808b14d87a6f6e (diff) | |
parent | da5a69b65a8791fffa6e93366ee585f87eff136d (diff) | |
download | packages-9297468fa579836e3a6a381b798feb6b78217c2d.tar.gz packages-9297468fa579836e3a6a381b798feb6b78217c2d.tar.bz2 packages-9297468fa579836e3a6a381b798feb6b78217c2d.tar.xz packages-9297468fa579836e3a6a381b798feb6b78217c2d.zip |
Merge branch 'master' into zfs
Diffstat (limited to 'user/sox/CVE-2017-15370.patch')
-rw-r--r-- | user/sox/CVE-2017-15370.patch | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/user/sox/CVE-2017-15370.patch b/user/sox/CVE-2017-15370.patch new file mode 100644 index 000000000..9e6a7f7ee --- /dev/null +++ b/user/sox/CVE-2017-15370.patch @@ -0,0 +1,28 @@ +From e076a7ad504add6e8c3b8699e8587eef0e0d9bc3 Mon Sep 17 00:00:00 2001 +From: Mans Rullgard <mans@mansr.com> +Date: Sun, 5 Nov 2017 16:21:23 +0000 +Subject: [PATCH] wav: ima_adpcm: fix buffer overflow on corrupt input + (CVE-2017-15370) + +Add the same check bad block size as was done for MS adpcm in commit +f39c574b ("More checks for invalid MS ADPCM blocks"). +--- + src/wav.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/wav.c b/src/wav.c +index eca1cde5..fad334cf 100644 +--- a/src/wav.c ++++ b/src/wav.c +@@ -127,7 +127,7 @@ static unsigned short ImaAdpcmReadBlock(sox_format_t * ft) + /* work with partial blocks. Specs say it should be null */ + /* padded but I guess this is better than trailing quiet. */ + samplesThisBlock = lsx_ima_samples_in((size_t)0, (size_t)ft->signal.channels, bytesRead, (size_t) 0); +- if (samplesThisBlock == 0) ++ if (samplesThisBlock == 0 || samplesThisBlock > wav->samplesPerBlock) + { + lsx_warn("Premature EOF on .wav input file"); + return 0; +-- +2.25.0 + |