diff options
Diffstat (limited to 'meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2019-3832.patch')
-rw-r--r-- | meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2019-3832.patch | 37 |
1 files changed, 0 insertions, 37 deletions
diff --git a/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2019-3832.patch b/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2019-3832.patch deleted file mode 100644 index ab37211399..0000000000 --- a/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2019-3832.patch +++ /dev/null @@ -1,37 +0,0 @@ -From 43886efc408c21e1e329086ef70c88860310f25b Mon Sep 17 00:00:00 2001 -From: Emilio Pozuelo Monfort <pochu27@gmail.com> -Date: Tue, 5 Mar 2019 11:27:17 +0100 -Subject: [PATCH] wav_write_header: don't read past the array end - -CVE-2018-19758 wasn't entirely fixed in the fix, so fix it harder. - -CVE: CVE-2019-3832 -Upstream-Status: Backport [7408c4c788ce047d4e652b60a04e7796bcd7267e] -Signed-off-by: Ross Burton <ross.burton@intel.com> - -If loop_count is bigger than the array, truncate it to the array -length (and not to 32k). - -CVE-2019-3832 - ---- - src/wav.c | 6 ++++-- - 1 file changed, 4 insertions(+), 2 deletions(-) - -diff --git a/src/wav.c b/src/wav.c -index daae3cc..8851549 100644 ---- a/src/wav.c -+++ b/src/wav.c -@@ -1094,8 +1094,10 @@ wav_write_header (SF_PRIVATE *psf, int calc_length) - psf_binheader_writef (psf, "44", 0, 0) ; /* SMTPE format */ - psf_binheader_writef (psf, "44", psf->instrument->loop_count, 0) ; - -- /* Loop count is signed 16 bit number so we limit it range to something sensible. */ -- psf->instrument->loop_count &= 0x7fff ; -+ /* Make sure we don't read past the loops array end. */ -+ if (psf->instrument->loop_count > ARRAY_LEN (psf->instrument->loops)) -+ psf->instrument->loop_count = ARRAY_LEN (psf->instrument->loops) ; -+ - for (tmp = 0 ; tmp < psf->instrument->loop_count ; tmp++) - { int type ; - |