]> code.ossystems Code Review - openembedded-core.git/commitdiff
Code Review / openembedded-core.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | patch | inline | side by side (parent: c5bf709)
libsndfile1: fix CVE-2021-4156
authorChangqing Li <changqing.li@windriver.com>
Thu, 13 Jan 2022 09:00:52 +0000 (17:00 +0800)
committerAnuj Mittal <anuj.mittal@intel.com>
Mon, 17 Jan 2022 02:14:14 +0000 (10:14 +0800)
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2021-4156.patch [new file with mode: 0644] patch | blob
meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb patch | blob | history

diff --git a/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2021-4156.patch b/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2021-4156.patch
new file mode 100644 (file)
index 0000000..b0ff1a0
--- /dev/null
+++ b/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2021-4156.patch
@@ -0,0 +1,32 @@
+From 5adbc377cd90aa40f0cd56ae325ca70065a8aa19 Mon Sep 17 00:00:00 2001
+From: Changqing Li <changqing.li@windriver.com>
+Date: Thu, 13 Jan 2022 16:45:59 +0800
+Subject: [PATCH] flac: Fix improper buffer reusing
+
+CVE: CVE-2021-4156.patch
+Upstream-Status: Backport [https://github.com/libsndfile/libsndfile/issues/731]
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ src/flac.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/src/flac.c b/src/flac.c
+index 0be82ac..6548bba 100644
+--- a/src/flac.c
++++ b/src/flac.c
+@@ -952,7 +952,11 @@ flac_read_loop (SF_PRIVATE *psf, unsigned len)
+       /* Decode some more. */
+       while (pflac->pos < pflac->len)
+       {       if (FLAC__stream_decoder_process_single (pflac->fsd) == 0)
++              {       psf_log_printf (psf, "FLAC__stream_decoder_process_single returned false\n") ;
++                      /* Current frame is busted, so NULL the pointer. */
++                      pflac->frame = NULL ;
+                       break ;
++                }
+               state = FLAC__stream_decoder_get_state (pflac->fsd) ;
+               if (state >= FLAC__STREAM_DECODER_END_OF_STREAM)
+               {       psf_log_printf (psf, "FLAC__stream_decoder_get_state returned %s\n", FLAC__StreamDecoderStateString [state]) ;
+-- 
+2.17.1
+
diff --git a/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb b/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb
index 044881a8591bb94dffde5e9367b769b232557c87..8eb007884ee3d1bca1413079aeacef7a22527fdd 100644 (file)
--- a/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb
+++ b/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb
@@ -20,6 +20,7 @@ SRC_URI = "http://www.mega-nerd.com/libsndfile/files/libsndfile-${PV}.tar.gz \
            file://CVE-2017-12562.patch \
            file://CVE-2018-19758.patch \
            file://CVE-2019-3832.patch \
+           file://CVE-2021-4156.patch \
           "
 
 SRC_URI[md5sum] = "646b5f98ce89ac60cdb060fcd398247c"
Mirror of the official openembedded-core repository