flac: drop CVE patches
These are alredy included in 1.3.1, and should have been dropped when I merged next. Reported-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit is contained in:
Peter Korsgaard
parent
fe1b2ef1d3
commit
c8fbd1f82a
@ -1,34 +0,0 @@
|
||||
From fcf0ba06ae12ccd7c67cee3c8d948df15f946b85 Mon Sep 17 00:00:00 2001
|
||||
From: Erik de Castro Lopo <erikd@mega-nerd.com>
|
||||
Date: Wed, 19 Nov 2014 19:35:59 -0800
|
||||
Subject: [PATCH] src/libFACL/stream_decoder.c : Fail safely to avoid a heap overflow.
|
||||
|
||||
A file provided by the reporters caused the stream decoder to write to
|
||||
un-allocated heap space resulting in a segfault. The solution is to
|
||||
error out (by returning false from read_residual_partitioned_rice_())
|
||||
instead of trying to continue to decode.
|
||||
|
||||
Fixes: CVE-2014-9028
|
||||
Reported-by: Michele Spagnuolo,
|
||||
Google Security Team <mikispag@google.com>
|
||||
---
|
||||
src/libFLAC/stream_decoder.c | 3 ++-
|
||||
1 files changed, 2 insertions(+), 1 deletions(-)
|
||||
|
||||
diff --git a/src/libFLAC/stream_decoder.c b/src/libFLAC/stream_decoder.c
|
||||
index 88a656d..54e84d4 100644
|
||||
--- a/src/libFLAC/stream_decoder.c
|
||||
+++ b/src/libFLAC/stream_decoder.c
|
||||
@@ -2736,7 +2736,8 @@ FLAC__bool read_residual_partitioned_rice_(FLAC__StreamDecoder *decoder, unsigne
|
||||
if(decoder->private_->frame.header.blocksize < predictor_order) {
|
||||
send_error_to_client_(decoder, FLAC__STREAM_DECODER_ERROR_STATUS_LOST_SYNC);
|
||||
decoder->protected_->state = FLAC__STREAM_DECODER_SEARCH_FOR_FRAME_SYNC;
|
||||
- return true;
|
||||
+ /* We have received a potentially malicious bt stream. All we can do is error out to avoid a heap overflow. */
|
||||
+ return false;
|
||||
}
|
||||
}
|
||||
else {
|
||||
--
|
||||
1.7.2.5
|
||||
|
||||
@ -1,40 +0,0 @@
|
||||
From 5b3033a2b355068c11fe637e14ac742d273f076e Mon Sep 17 00:00:00 2001
|
||||
From: Erik de Castro Lopo <erikd@mega-nerd.com>
|
||||
Date: Tue, 18 Nov 2014 07:20:25 -0800
|
||||
Subject: [PATCH] src/libFLAC/stream_decoder.c : Fix buffer read overflow.
|
||||
|
||||
This is CVE-2014-8962.
|
||||
|
||||
Reported-by: Michele Spagnuolo,
|
||||
Google Security Team <mikispag@google.com>
|
||||
---
|
||||
src/libFLAC/stream_decoder.c | 6 +++++-
|
||||
1 files changed, 5 insertions(+), 1 deletions(-)
|
||||
|
||||
diff --git a/src/libFLAC/stream_decoder.c b/src/libFLAC/stream_decoder.c
|
||||
index cb66fe2..88a656d 100644
|
||||
--- a/src/libFLAC/stream_decoder.c
|
||||
+++ b/src/libFLAC/stream_decoder.c
|
||||
@@ -71,7 +71,7 @@ FLAC_API int FLAC_API_SUPPORTS_OGG_FLAC =
|
||||
*
|
||||
***********************************************************************/
|
||||
|
||||
-static FLAC__byte ID3V2_TAG_[3] = { 'I', 'D', '3' };
|
||||
+static const FLAC__byte ID3V2_TAG_[3] = { 'I', 'D', '3' };
|
||||
|
||||
/***********************************************************************
|
||||
*
|
||||
@@ -1361,6 +1361,10 @@ FLAC__bool find_metadata_(FLAC__StreamDecoder *decoder)
|
||||
id = 0;
|
||||
continue;
|
||||
}
|
||||
+
|
||||
+ if(id >= 3)
|
||||
+ return false;
|
||||
+
|
||||
if(x == ID3V2_TAG_[id]) {
|
||||
id++;
|
||||
i = 0;
|
||||
--
|
||||
1.7.2.5
|
||||
|
||||
Loading…
Reference in New Issue
Block a user