diff options
Diffstat (limited to 'user/sox/CVE-2017-18189.patch')
| -rw-r--r-- | user/sox/CVE-2017-18189.patch | 33 |
1 files changed, 0 insertions, 33 deletions
diff --git a/user/sox/CVE-2017-18189.patch b/user/sox/CVE-2017-18189.patch deleted file mode 100644 index aa3791d01..000000000 --- a/user/sox/CVE-2017-18189.patch +++ /dev/null @@ -1,33 +0,0 @@ -From 09d7388c8ad5701ed9c59d1d600ff6154b066397 Mon Sep 17 00:00:00 2001 -From: Mans Rullgard <mans@mansr.com> -Date: Thu, 9 Nov 2017 11:45:10 +0000 -Subject: [PATCH] xa: validate channel count (CVE-2017-18189) - -A corrupt header specifying zero channels would send read_channels() -into an infinite loop. Prevent this by sanity checking the channel -count in open_read(). Also add an upper bound to prevent overflow -in multiplication. ---- - src/xa.c | 6 ++++++ - 1 file changed, 6 insertions(+) - -diff --git a/src/xa.c b/src/xa.c -index 81a76772..9fc086ec 100644 ---- a/src/xa.c -+++ b/src/xa.c -@@ -143,6 +143,12 @@ static int startread(sox_format_t * ft) - lsx_report("User options overriding rate read in .xa header"); - } - -+ if (ft->signal.channels == 0 || ft->signal.channels > UINT16_MAX) { -+ lsx_fail_errno(ft, SOX_EFMT, "invalid channel count %d", -+ ft->signal.channels); -+ return SOX_EOF; -+ } -+ - /* Check for supported formats */ - if (ft->encoding.bits_per_sample != 16) { - lsx_fail_errno(ft, SOX_EFMT, "%d-bit sample resolution not supported.", --- -2.25.0 - |