diff options
Diffstat (limited to 'recipes/libvorbis/libvorbis/r14598-CVE-2008-1420.patch')
-rw-r--r-- | recipes/libvorbis/libvorbis/r14598-CVE-2008-1420.patch | 36 |
1 files changed, 36 insertions, 0 deletions
diff --git a/recipes/libvorbis/libvorbis/r14598-CVE-2008-1420.patch b/recipes/libvorbis/libvorbis/r14598-CVE-2008-1420.patch new file mode 100644 index 0000000000..5fb5b2acda --- /dev/null +++ b/recipes/libvorbis/libvorbis/r14598-CVE-2008-1420.patch @@ -0,0 +1,36 @@ +patch taken from redhat + +Index: libvorbis-1.2.0/lib/res0.c +=================================================================== +--- libvorbis-1.2.0/lib/res0.c (revision 14597) ++++ libvorbis-1.2.0/lib/res0.c (revision 14598) +@@ -223,6 +223,20 @@ + for(j=0;j<acc;j++) + if(info->booklist[j]>=ci->books)goto errout; + ++ /* verify the phrasebook is not specifying an impossible or ++ inconsistent partitioning scheme. */ ++ { ++ int entries = ci->book_param[info->groupbook]->entries; ++ int dim = ci->book_param[info->groupbook]->dim; ++ int partvals = 1; ++ while(dim>0){ ++ partvals *= info->partitions; ++ if(partvals > entries) goto errout; ++ dim--; ++ } ++ if(partvals != entries) goto errout; ++ } ++ + return(info); + errout: + res0_free_info(info); +@@ -263,7 +277,7 @@ + } + } + +- look->partvals=rint(pow((float)look->parts,(float)dim)); ++ look->partvals=look->phrasebook->entries; + look->stages=maxstage; + look->decodemap=_ogg_malloc(look->partvals*sizeof(*look->decodemap)); + for(j=0;j<look->partvals;j++){ |