From 491802e5efd6fa2d5543de51e93ffc2ae0a6f1b1 Mon Sep 17 00:00:00 2001 From: Zach van Rijn Date: Mon, 6 Feb 2023 03:51:29 +0000 Subject: user/sox: move to legacy/ This package has numerous CVEs and does not currently build on our pmmx target. It is not required by any other packages at the moment. See also: #961. --- user/sox/CVE-2017-15370.patch | 28 ---------------------------- 1 file changed, 28 deletions(-) delete mode 100644 user/sox/CVE-2017-15370.patch (limited to 'user/sox/CVE-2017-15370.patch') diff --git a/user/sox/CVE-2017-15370.patch b/user/sox/CVE-2017-15370.patch deleted file mode 100644 index 9e6a7f7ee..000000000 --- a/user/sox/CVE-2017-15370.patch +++ /dev/null @@ -1,28 +0,0 @@ -From e076a7ad504add6e8c3b8699e8587eef0e0d9bc3 Mon Sep 17 00:00:00 2001 -From: Mans Rullgard -Date: Sun, 5 Nov 2017 16:21:23 +0000 -Subject: [PATCH] wav: ima_adpcm: fix buffer overflow on corrupt input - (CVE-2017-15370) - -Add the same check bad block size as was done for MS adpcm in commit -f39c574b ("More checks for invalid MS ADPCM blocks"). ---- - src/wav.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/wav.c b/src/wav.c -index eca1cde5..fad334cf 100644 ---- a/src/wav.c -+++ b/src/wav.c -@@ -127,7 +127,7 @@ static unsigned short ImaAdpcmReadBlock(sox_format_t * ft) - /* work with partial blocks. Specs say it should be null */ - /* padded but I guess this is better than trailing quiet. */ - samplesThisBlock = lsx_ima_samples_in((size_t)0, (size_t)ft->signal.channels, bytesRead, (size_t) 0); -- if (samplesThisBlock == 0) -+ if (samplesThisBlock == 0 || samplesThisBlock > wav->samplesPerBlock) - { - lsx_warn("Premature EOF on .wav input file"); - return 0; --- -2.25.0 - -- cgit v1.2.3-70-g09d2