diff options
Diffstat (limited to 'poky/meta/recipes-multimedia/libvorbis/libvorbis/CVE-2017-14160.patch')
-rw-r--r-- | poky/meta/recipes-multimedia/libvorbis/libvorbis/CVE-2017-14160.patch | 33 |
1 files changed, 33 insertions, 0 deletions
diff --git a/poky/meta/recipes-multimedia/libvorbis/libvorbis/CVE-2017-14160.patch b/poky/meta/recipes-multimedia/libvorbis/libvorbis/CVE-2017-14160.patch new file mode 100644 index 000000000..7564d9287 --- /dev/null +++ b/poky/meta/recipes-multimedia/libvorbis/libvorbis/CVE-2017-14160.patch @@ -0,0 +1,33 @@ +From 018ca26dece618457dd13585cad52941193c4a25 Mon Sep 17 00:00:00 2001 +From: Thomas Daede <daede003@umn.edu> +Date: Wed, 9 May 2018 14:56:59 -0700 +Subject: [PATCH] CVE-2017-14160: fix bounds check on very low sample rates. + +CVE: CVE-2017-14160 +CVE: CVE-2018-10393 +Upstream-Status: Backport from https://gitlab.xiph.org/xiph/vorbis/commit/018ca26dece618457dd13585cad52941193c4a25 + +Signed-off-by: Thomas Daede <daede003@umn.edu> +Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com> +--- + lib/psy.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/lib/psy.c b/lib/psy.c +index 422c6f1..1310123 100644 +--- a/lib/psy.c ++++ b/lib/psy.c +@@ -602,8 +602,9 @@ static void bark_noise_hybridmp(int n,const long *b, + for (i = 0, x = 0.f;; i++, x += 1.f) { + + lo = b[i] >> 16; +- if( lo>=0 ) break; + hi = b[i] & 0xffff; ++ if( lo>=0 ) break; ++ if( hi>=n ) break; + + tN = N[hi] + N[-lo]; + tX = X[hi] - X[-lo]; +-- +2.7.4 + |