mirror of
https://git.in.rschanz.org/ryan77627/guix.git
synced 2024-11-07 15:36:20 -05:00
a8e149434e
Patches should fix all CVEs reported by `guix lint`: CVE-2015-7747; CVE-2017-6827, CVE-2017-6828, CVE-2017-6829, CVE-2017-6830, CVE-2017-6831, CVE-2017-6832, CVE-2017-6833, CVE-2017-6834, CVE-2017-6835, CVE-2017-6836, CVE-2017-6837, CVE-2017-6838, CVE-2017-6839; CVE-2018-13440; CVE-2018-17095 Since the patches do not reference to CVEs, it's a bit hard to tell which patch actually closes which CVE. Debian reports all these to be closed by the patches below and NixPkgs provides references. * gnu/packages/audio.scm (audiofile): New variable. * gnu/packages/patches/audiofile-fix-datatypes-in-tests.patch, gnu/packages/patches/audiofile-fix-sign-conversion.patch, gnu/packages/patches/audiofile-CVE-2015-7747.patch, gnu/packages/patches/audiofile-CVE-2018-13440.patch, gnu/packages/patches/audiofile-CVE-2018-17095.patch, gnu/packages/patches/audiofile-Check-the-number-of-coefficients.patch, gnu/packages/patches/audiofile-Fail-on-error-in-parseFormat.patch, gnu/packages/patches/audiofile-Fix-index-overflow-in-IMA.cpp.patch, gnu/packages/patches/audiofile-Fix-multiply-overflow-sfconvert.patch, gnu/packages/patches/audiofile-Fix-overflow-in-MSADPCM-decodeSam.patch, gnu/packages/patches/audiofile-division-by-zero-BlockCodec-runPull.patch, gnu/packages/patches/audiofile-hurd.patch, gnu/packages/patches/audiofile-signature-of-multiplyCheckOverflow.patch: New files. * gnu/local.mk: Add them.
36 lines
1.2 KiB
Diff
36 lines
1.2 KiB
Diff
From: Antonio Larrosa <larrosa@kde.org>
|
|
Date: Mon, 6 Mar 2017 18:59:26 +0100
|
|
Subject: Actually fail when error occurs in parseFormat
|
|
|
|
When there's an unsupported number of bits per sample or an invalid
|
|
number of samples per block, don't only print an error message using
|
|
the error handler, but actually stop parsing the file.
|
|
|
|
This fixes #35 (also reported at
|
|
https://bugzilla.opensuse.org/show_bug.cgi?id=1026983 and
|
|
https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-imadecodeblockwave-ima-cpp/
|
|
)
|
|
---
|
|
libaudiofile/WAVE.cpp | 2 ++
|
|
1 file changed, 2 insertions(+)
|
|
|
|
diff --git a/libaudiofile/WAVE.cpp b/libaudiofile/WAVE.cpp
|
|
index 0fc48e8..d04b796 100644
|
|
--- a/libaudiofile/WAVE.cpp
|
|
+++ b/libaudiofile/WAVE.cpp
|
|
@@ -332,6 +332,7 @@ status WAVEFile::parseFormat(const Tag &id, uint32_t size)
|
|
{
|
|
_af_error(AF_BAD_NOT_IMPLEMENTED,
|
|
"IMA ADPCM compression supports only 4 bits per sample");
|
|
+ return AF_FAIL;
|
|
}
|
|
|
|
int bytesPerBlock = (samplesPerBlock + 14) / 8 * 4 * channelCount;
|
|
@@ -339,6 +340,7 @@ status WAVEFile::parseFormat(const Tag &id, uint32_t size)
|
|
{
|
|
_af_error(AF_BAD_CODEC_CONFIG,
|
|
"Invalid samples per block for IMA ADPCM compression");
|
|
+ return AF_FAIL;
|
|
}
|
|
|
|
track->f.sampleWidth = 16;
|