diff options
| author | Max Rees <maxcrees@me.com> | 2020-03-21 13:46:20 -0500 |
|---|---|---|
| committer | Max Rees <maxcrees@me.com> | 2020-03-21 13:46:20 -0500 |
| commit | 9f0f9cf4b52840ea0d566572659a2bd8226b147f (patch) | |
| tree | 3c0bae253d7bb851a6f3d05513075323615d9bf0 /user/sox/CVE-2017-15370.patch | |
| parent | d17942503235bc65e4152f1400579e9d7bc70831 (diff) | |
| download | packages-9f0f9cf4b52840ea0d566572659a2bd8226b147f.tar.gz packages-9f0f9cf4b52840ea0d566572659a2bd8226b147f.tar.bz2 packages-9f0f9cf4b52840ea0d566572659a2bd8226b147f.tar.xz packages-9f0f9cf4b52840ea0d566572659a2bd8226b147f.zip | |
user/sox: patch multiple CVEs (#166)
Diffstat (limited to 'user/sox/CVE-2017-15370.patch')
| -rw-r--r-- | user/sox/CVE-2017-15370.patch | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/user/sox/CVE-2017-15370.patch b/user/sox/CVE-2017-15370.patch new file mode 100644 index 000000000..9e6a7f7ee --- /dev/null +++ b/user/sox/CVE-2017-15370.patch @@ -0,0 +1,28 @@ +From e076a7ad504add6e8c3b8699e8587eef0e0d9bc3 Mon Sep 17 00:00:00 2001 +From: Mans Rullgard <mans@mansr.com> +Date: Sun, 5 Nov 2017 16:21:23 +0000 +Subject: [PATCH] wav: ima_adpcm: fix buffer overflow on corrupt input + (CVE-2017-15370) + +Add the same check bad block size as was done for MS adpcm in commit +f39c574b ("More checks for invalid MS ADPCM blocks"). +--- + src/wav.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/wav.c b/src/wav.c +index eca1cde5..fad334cf 100644 +--- a/src/wav.c ++++ b/src/wav.c +@@ -127,7 +127,7 @@ static unsigned short ImaAdpcmReadBlock(sox_format_t * ft) + /* work with partial blocks. Specs say it should be null */ + /* padded but I guess this is better than trailing quiet. */ + samplesThisBlock = lsx_ima_samples_in((size_t)0, (size_t)ft->signal.channels, bytesRead, (size_t) 0); +- if (samplesThisBlock == 0) ++ if (samplesThisBlock == 0 || samplesThisBlock > wav->samplesPerBlock) + { + lsx_warn("Premature EOF on .wav input file"); + return 0; +-- +2.25.0 + |