diff options
Diffstat (limited to 'user/sox/CVE-2017-11358.patch')
| -rw-r--r-- | user/sox/CVE-2017-11358.patch | 44 |
1 files changed, 0 insertions, 44 deletions
diff --git a/user/sox/CVE-2017-11358.patch b/user/sox/CVE-2017-11358.patch deleted file mode 100644 index 4fadeda30..000000000 --- a/user/sox/CVE-2017-11358.patch +++ /dev/null @@ -1,44 +0,0 @@ -From e410d00c4821726accfbe1f825f2def6376e181f Mon Sep 17 00:00:00 2001 -From: Mans Rullgard <mans@mansr.com> -Date: Sun, 5 Nov 2017 16:43:35 +0000 -Subject: [PATCH] hcom: fix crash on input with corrupt dictionary - (CVE-2017-11358) - ---- - src/hcom.c | 13 +++++++++++++ - 1 file changed, 13 insertions(+) - -diff --git a/src/hcom.c b/src/hcom.c -index e76820e9..be17d9d2 100644 ---- a/src/hcom.c -+++ b/src/hcom.c -@@ -73,6 +73,14 @@ typedef struct { - size_t pos; /* Where next byte goes */ - } priv_t; - -+static int dictvalid(int n, int size, int left, int right) -+{ -+ if (n > 0 && left < 0) -+ return 1; -+ -+ return (unsigned)left < size && (unsigned)right < size; -+} -+ - static int startread(sox_format_t * ft) - { - priv_t *p = (priv_t *) ft->priv; -@@ -150,6 +158,11 @@ static int startread(sox_format_t * ft) - lsx_debug("%d %d", - p->dictionary[i].dict_leftson, - p->dictionary[i].dict_rightson); -+ if (!dictvalid(i, dictsize, p->dictionary[i].dict_leftson, -+ p->dictionary[i].dict_rightson)) { -+ lsx_fail_errno(ft, SOX_EHDR, "Invalid dictionary"); -+ return SOX_EOF; -+ } - } - rc = lsx_skipbytes(ft, (size_t) 1); /* skip pad byte */ - if (rc) --- -2.25.0 - |