summaryrefslogtreecommitdiff
path: root/user/wavpack/cve2018-19841.patch
diff options
context:
space:
mode:
authorKiyoshi Aman <kiyoshi.aman+apkfission@gmail.com>2018-12-06 08:27:52 -0600
committerKiyoshi Aman <kiyoshi.aman+apkfission@gmail.com>2018-12-06 10:35:16 -0600
commita9690f97d468433e5f61cf79f8ba94062aca94db (patch)
treecc005ff7df91f4abcef195b2e813df1cb70d4daf /user/wavpack/cve2018-19841.patch
parent20f6886b2f4338a78ea1409a8497982c9024509a (diff)
downloadpackages-a9690f97d468433e5f61cf79f8ba94062aca94db.tar.gz
packages-a9690f97d468433e5f61cf79f8ba94062aca94db.tar.bz2
packages-a9690f97d468433e5f61cf79f8ba94062aca94db.tar.xz
packages-a9690f97d468433e5f61cf79f8ba94062aca94db.zip
user/wavpack: patches for CVEs 2018-19840 & -19841
Diffstat (limited to 'user/wavpack/cve2018-19841.patch')
-rw-r--r--user/wavpack/cve2018-19841.patch29
1 files changed, 29 insertions, 0 deletions
diff --git a/user/wavpack/cve2018-19841.patch b/user/wavpack/cve2018-19841.patch
new file mode 100644
index 000000000..6872ed91e
--- /dev/null
+++ b/user/wavpack/cve2018-19841.patch
@@ -0,0 +1,29 @@
+From bba5389dc598a92bdf2b297c3ea34620b6679b5b Mon Sep 17 00:00:00 2001
+From: David Bryant <david@wavpack.com>
+Date: Thu, 29 Nov 2018 21:53:51 -0800
+Subject: [PATCH] issue #54: fix potential out-of-bounds heap read
+
+---
+ src/open_utils.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/open_utils.c b/src/open_utils.c
+index 80051fc..4fe0d67 100644
+--- a/src/open_utils.c
++++ b/src/open_utils.c
+@@ -1258,13 +1258,13 @@ int WavpackVerifySingleBlock (unsigned char *buffer, int verify_checksum)
+ #endif
+
+ if (meta_bc == 4) {
+- if (*dp++ != (csum & 0xff) || *dp++ != ((csum >> 8) & 0xff) || *dp++ != ((csum >> 16) & 0xff) || *dp++ != ((csum >> 24) & 0xff))
++ if (*dp != (csum & 0xff) || dp[1] != ((csum >> 8) & 0xff) || dp[2] != ((csum >> 16) & 0xff) || dp[3] != ((csum >> 24) & 0xff))
+ return FALSE;
+ }
+ else {
+ csum ^= csum >> 16;
+
+- if (*dp++ != (csum & 0xff) || *dp++ != ((csum >> 8) & 0xff))
++ if (*dp != (csum & 0xff) || dp[1] != ((csum >> 8) & 0xff))
+ return FALSE;
+ }
+