diff options
Diffstat (limited to 'poky/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2018-19758.patch')
-rw-r--r-- | poky/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2018-19758.patch | 34 |
1 files changed, 34 insertions, 0 deletions
diff --git a/poky/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2018-19758.patch b/poky/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2018-19758.patch new file mode 100644 index 0000000000..c3586f9dfc --- /dev/null +++ b/poky/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2018-19758.patch @@ -0,0 +1,34 @@ +There is a heap-based buffer over-read at wav.c in wav_write_header in +libsndfile 1.0.28 that will cause a denial of service. + +CVE: CVE-2018-19758 +Upstream-Status: Backport [42132c543358cee9f7c3e9e9b15bb6c1063a608e] +Signed-off-by: Ross Burton <ross.burton@intel.com> + +From c12173b0197dd0c5cfa2cd27977e982d2ae59486 Mon Sep 17 00:00:00 2001 +From: Erik de Castro Lopo <erikd@mega-nerd.com> +Date: Tue, 1 Jan 2019 20:11:46 +1100 +Subject: [PATCH] src/wav.c: Fix heap read overflow + +This is CVE-2018-19758. + +Closes: https://github.com/erikd/libsndfile/issues/435 +--- + src/wav.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/src/wav.c b/src/wav.c +index e8405b55..6fb94ae8 100644 +--- a/src/wav.c ++++ b/src/wav.c +@@ -1094,6 +1094,8 @@ wav_write_header (SF_PRIVATE *psf, int calc_length) + psf_binheader_writef (psf, "44", 0, 0) ; /* SMTPE format */ + psf_binheader_writef (psf, "44", psf->instrument->loop_count, 0) ; + ++ /* Loop count is signed 16 bit number so we limit it range to something sensible. */ ++ psf->instrument->loop_count &= 0x7fff ; + for (tmp = 0 ; tmp < psf->instrument->loop_count ; tmp++) + { int type ; + +-- +2.11.0 |