diff options
Diffstat (limited to 'meta/recipes-multimedia/libvorbis/libvorbis/CVE-2018-10392.patch')
-rw-r--r-- | meta/recipes-multimedia/libvorbis/libvorbis/CVE-2018-10392.patch | 34 |
1 files changed, 34 insertions, 0 deletions
diff --git a/meta/recipes-multimedia/libvorbis/libvorbis/CVE-2018-10392.patch b/meta/recipes-multimedia/libvorbis/libvorbis/CVE-2018-10392.patch new file mode 100644 index 0000000000..b7936b4b4d --- /dev/null +++ b/meta/recipes-multimedia/libvorbis/libvorbis/CVE-2018-10392.patch @@ -0,0 +1,34 @@ +From 112d3bd0aaacad51305e1464d4b381dabad0e88b Mon Sep 17 00:00:00 2001 +From: Thomas Daede <daede003@umn.edu> +Date: Thu, 17 May 2018 16:19:19 -0700 +Subject: [PATCH] Sanity check number of channels in setup. + +Fixes #2335. + +--- +CVE: CVE-2018-10392 + +Upstream-Status: Backport [gitlab.com/Xiph.Org/Vorbis/Commits/112d3bd...] + +Signed-off-by: Joe Slater <joe.slater@windriver.com> +--- + + lib/vorbisenc.c | 1 + + 1 file changed, 1 insertion(+) + + +diff --git a/lib/vorbisenc.c b/lib/vorbisenc.c +index 4fc7b62..64a51b5 100644 +--- a/lib/vorbisenc.c ++++ b/lib/vorbisenc.c +@@ -684,6 +684,7 @@ int vorbis_encode_setup_init(vorbis_info *vi){ + highlevel_encode_setup *hi=&ci->hi; + + if(ci==NULL)return(OV_EINVAL); ++ if(vi->channels<1||vi->channels>255)return(OV_EINVAL); + if(!hi->impulse_block_p)i0=1; + + /* too low/high an ATH floater is nonsensical, but doesn't break anything */ +-- +1.7.9.5 + |