kumquat-buildroot/package/libvorbis/0001-CVE-2017-14160-fix-bounds-check-on-very-low-sample-rates.patch
Fabrice Fontaine e21730db5c package/libvorbis: annote CVE-2018-10393
bark_noise_hybridmp in psy.c in Xiph.Org libvorbis 1.3.6 has a
stack-based buffer over-read.

Same patch as for CVE-2017-14160

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr:
  - update 0001-*.patch to also reference CVE-2018-10393
]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2020-03-01 19:13:45 +01:00

32 lines
1.0 KiB
Diff

From: Thomas Daede <daede003@umn.edu>
Date: Wed, 9 May 2018 21:56:59 +0000 (-0700)
Subject: CVE-2017-14160: fix bounds check on very low sample rates.
X-Git-Url: https://git.xiph.org/?p=vorbis.git;a=commitdiff_plain;h=018ca26dece618457dd13585cad52941193c4a25
CVE-2017-14160: fix bounds check on very low sample rates.
CVE-2018-10393: Out-of-bounds Read
Downloaded from upstream commit
https://git.xiph.org/?p=vorbis.git;a=commitdiff;h=018ca26dece618457dd13585cad52941193c4a25
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
[yann.morin.1998@free.fr: also fixes CVE-2018-10393]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
---
diff --git a/lib/psy.c b/lib/psy.c
index 422c6f1..1310123 100644
--- a/lib/psy.c
+++ b/lib/psy.c
@@ -602,8 +602,9 @@ static void bark_noise_hybridmp(int n,const long *b,
for (i = 0, x = 0.f;; i++, x += 1.f) {
lo = b[i] >> 16;
- if( lo>=0 ) break;
hi = b[i] & 0xffff;
+ if( lo>=0 ) break;
+ if( hi>=n ) break;
tN = N[hi] + N[-lo];
tX = X[hi] - X[-lo];