diff options
author | Kiyoshi Aman <kiyoshi.aman+apkfission@gmail.com> | 2018-12-06 08:27:52 -0600 |
---|---|---|
committer | Kiyoshi Aman <kiyoshi.aman+apkfission@gmail.com> | 2018-12-06 10:35:16 -0600 |
commit | a9690f97d468433e5f61cf79f8ba94062aca94db (patch) | |
tree | cc005ff7df91f4abcef195b2e813df1cb70d4daf /user/wavpack/cve2018-19841.patch | |
parent | 20f6886b2f4338a78ea1409a8497982c9024509a (diff) | |
download | packages-a9690f97d468433e5f61cf79f8ba94062aca94db.tar.gz packages-a9690f97d468433e5f61cf79f8ba94062aca94db.tar.bz2 packages-a9690f97d468433e5f61cf79f8ba94062aca94db.tar.xz packages-a9690f97d468433e5f61cf79f8ba94062aca94db.zip |
user/wavpack: patches for CVEs 2018-19840 & -19841
Diffstat (limited to 'user/wavpack/cve2018-19841.patch')
-rw-r--r-- | user/wavpack/cve2018-19841.patch | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/user/wavpack/cve2018-19841.patch b/user/wavpack/cve2018-19841.patch new file mode 100644 index 000000000..6872ed91e --- /dev/null +++ b/user/wavpack/cve2018-19841.patch @@ -0,0 +1,29 @@ +From bba5389dc598a92bdf2b297c3ea34620b6679b5b Mon Sep 17 00:00:00 2001 +From: David Bryant <david@wavpack.com> +Date: Thu, 29 Nov 2018 21:53:51 -0800 +Subject: [PATCH] issue #54: fix potential out-of-bounds heap read + +--- + src/open_utils.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/open_utils.c b/src/open_utils.c +index 80051fc..4fe0d67 100644 +--- a/src/open_utils.c ++++ b/src/open_utils.c +@@ -1258,13 +1258,13 @@ int WavpackVerifySingleBlock (unsigned char *buffer, int verify_checksum) + #endif + + if (meta_bc == 4) { +- if (*dp++ != (csum & 0xff) || *dp++ != ((csum >> 8) & 0xff) || *dp++ != ((csum >> 16) & 0xff) || *dp++ != ((csum >> 24) & 0xff)) ++ if (*dp != (csum & 0xff) || dp[1] != ((csum >> 8) & 0xff) || dp[2] != ((csum >> 16) & 0xff) || dp[3] != ((csum >> 24) & 0xff)) + return FALSE; + } + else { + csum ^= csum >> 16; + +- if (*dp++ != (csum & 0xff) || *dp++ != ((csum >> 8) & 0xff)) ++ if (*dp != (csum & 0xff) || dp[1] != ((csum >> 8) & 0xff)) + return FALSE; + } + |