meta/recipes-multimedia/speex/speex/CVE-2020-23903.patch


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30

Backport patch to fix CVE-2020-23903.

CVE: CVE-2020-23903
Upstream-Status: Backport [https://github.com/xiph/speex/commit/870ff84]

Signed-off-by: Kai Kang <kai.kang@windriver.com>

From 870ff845b32f314aec0036641ffe18aba4916887 Mon Sep 17 00:00:00 2001
From: Tristan Matthews <tmatth@videolan.org>
Date: Mon, 13 Jul 2020 23:25:03 -0400
Subject: [PATCH] wav_io: guard against invalid channel numbers

Fixes #13
---
 src/wav_io.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/wav_io.c b/src/wav_io.c
index b5183015..09d62eb0 100644
--- a/src/wav_io.c
+++ b/src/wav_io.c
@@ -111,7 +111,7 @@ int read_wav_header(FILE *file, int *rate, int *channels, int *format, spx_int32
    stmp = le_short(stmp);
    *channels = stmp;
 
-   if (stmp>2)
+   if (stmp>2 || stmp<1)
    {
       fprintf (stderr, "Only mono and (intensity) stereo supported\n");
       return -1;