diff options
| author | Peter Korsgaard <peter@korsgaard.com> | 2017-03-30 23:03:34 +0200 |
|---|---|---|
| committer | Peter Korsgaard <peter@korsgaard.com> | 2017-03-31 13:36:26 +0200 |
| commit | bd5f84d301c4e74ca200a9336eca88468ec0e1f3 (patch) | |
| tree | edc86baa35f6f2c4c8f8123803cfe2f239f895da /package/audiofile/0006-Actually-fail-when-error-occurs-in-parseFormat.patch | |
| parent | 4a1a8277bba490d227f413e218138e39f1fe1203 (diff) | |
| download | buildroot-bd5f84d301c4e74ca200a9336eca88468ec0e1f3.tar.gz buildroot-bd5f84d301c4e74ca200a9336eca88468ec0e1f3.zip | |
audiofile: add security patch for CVE-2017-6831
Heap-based buffer overflow in the decodeBlockWAVE function in IMA.cpp in
Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a
denial of service (crash) via a crafted file.
https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-imadecodeblockwave-ima-cpp
https://github.com/mpruett/audiofile/issues/35
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Diffstat (limited to 'package/audiofile/0006-Actually-fail-when-error-occurs-in-parseFormat.patch')
| -rw-r--r-- | package/audiofile/0006-Actually-fail-when-error-occurs-in-parseFormat.patch | 42 |
1 files changed, 42 insertions, 0 deletions
diff --git a/package/audiofile/0006-Actually-fail-when-error-occurs-in-parseFormat.patch b/package/audiofile/0006-Actually-fail-when-error-occurs-in-parseFormat.patch new file mode 100644 index 0000000000..0c6be2a2c5 --- /dev/null +++ b/package/audiofile/0006-Actually-fail-when-error-occurs-in-parseFormat.patch @@ -0,0 +1,42 @@ +From a2e9eab8ea87c4ffc494d839ebb4ea145eb9f2e6 Mon Sep 17 00:00:00 2001 +From: Antonio Larrosa <larrosa@kde.org> +Date: Mon, 6 Mar 2017 18:59:26 +0100 +Subject: [PATCH] Actually fail when error occurs in parseFormat + +When there's an unsupported number of bits per sample or an invalid +number of samples per block, don't only print an error message using +the error handler, but actually stop parsing the file. + +This fixes #35 (also reported at +https://bugzilla.opensuse.org/show_bug.cgi?id=1026983 and +https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-imadecodeblockwave-ima-cpp/ +) + +Signed-off-by: Peter Korsgaard <peter@korsgaard.com> +--- + libaudiofile/WAVE.cpp | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/libaudiofile/WAVE.cpp b/libaudiofile/WAVE.cpp +index 0e81cf7..d762249 100644 +--- a/libaudiofile/WAVE.cpp ++++ b/libaudiofile/WAVE.cpp +@@ -326,6 +326,7 @@ status WAVEFile::parseFormat(const Tag &id, uint32_t size) + { + _af_error(AF_BAD_NOT_IMPLEMENTED, + "IMA ADPCM compression supports only 4 bits per sample"); ++ return AF_FAIL; + } + + int bytesPerBlock = (samplesPerBlock + 14) / 8 * 4 * channelCount; +@@ -333,6 +334,7 @@ status WAVEFile::parseFormat(const Tag &id, uint32_t size) + { + _af_error(AF_BAD_CODEC_CONFIG, + "Invalid samples per block for IMA ADPCM compression"); ++ return AF_FAIL; + } + + track->f.sampleWidth = 16; +-- +2.11.0 + |
