Fix CVE-2022-47021
This commit is contained in:
starlet-dx
parent
e631f6af19
commit
6a4b440a01
40
CVE-2022-47021.patch
Normal file
40
CVE-2022-47021.patch
Normal file
@ -0,0 +1,40 @@
|
||||
From 0a4cd796df5b030cb866f3f4a5e41a4b92caddf5 Mon Sep 17 00:00:00 2001
|
||||
From: Ralph Giles <giles@thaumas.net>
|
||||
Date: Tue, 6 Sep 2022 19:04:31 -0700
|
||||
Subject: [PATCH] Propagate allocation failure from ogg_sync_buffer.
|
||||
|
||||
Instead of segfault, report OP_EFAULT if ogg_sync_buffer returns
|
||||
a null pointer. This allows more graceful recovery by the caller
|
||||
in the unlikely event of a fallible ogg_malloc call.
|
||||
|
||||
We do check the return value elsewhere in the code, so the new
|
||||
checks make the code more consistent.
|
||||
|
||||
Thanks to https://github.com/xiph/opusfile/issues/36 for reporting.
|
||||
|
||||
Signed-off-by: Timothy B. Terriberry <tterribe@xiph.org>
|
||||
Signed-off-by: Mark Harris <mark.hsj@gmail.com>
|
||||
---
|
||||
src/opusfile.c | 2 ++
|
||||
1 file changed, 2 insertions(+)
|
||||
|
||||
diff --git a/src/opusfile.c b/src/opusfile.c
|
||||
index ca219b2..3c3c81e 100644
|
||||
--- a/src/opusfile.c
|
||||
+++ b/src/opusfile.c
|
||||
@@ -148,6 +148,7 @@ static int op_get_data(OggOpusFile *_of,int _nbytes){
|
||||
int nbytes;
|
||||
OP_ASSERT(_nbytes>0);
|
||||
buffer=(unsigned char *)ogg_sync_buffer(&_of->oy,_nbytes);
|
||||
+ if(OP_UNLIKELY(buffer==NULL))return OP_EFAULT;
|
||||
nbytes=(int)(*_of->callbacks.read)(_of->stream,buffer,_nbytes);
|
||||
OP_ASSERT(nbytes<=_nbytes);
|
||||
if(OP_LIKELY(nbytes>0))ogg_sync_wrote(&_of->oy,nbytes);
|
||||
@@ -1527,6 +1528,7 @@ static int op_open1(OggOpusFile *_of,
|
||||
if(_initial_bytes>0){
|
||||
char *buffer;
|
||||
buffer=ogg_sync_buffer(&_of->oy,(long)_initial_bytes);
|
||||
+ if(OP_UNLIKELY(buffer==NULL))return OP_EFAULT;
|
||||
memcpy(buffer,_initial_data,_initial_bytes*sizeof(*buffer));
|
||||
ogg_sync_wrote(&_of->oy,(long)_initial_bytes);
|
||||
}
|
||||
@ -1,6 +1,6 @@
|
||||
Name: opusfile
|
||||
Version: 0.11
|
||||
Release: 6
|
||||
Release: 7
|
||||
Summary: A high-level API provides seeking, decode, and playback of Opus streams
|
||||
License: BSD
|
||||
URL: http://www.opus-codec.org/
|
||||
@ -9,6 +9,7 @@ Patch0000: 0001-fix-MemorySanitizer-use-of-uninitialized-value.patch
|
||||
Patch0001: Fix-short-circuit-test-when-seeking-in-short-files.patch
|
||||
Patch0002: fix-left-shift.patch
|
||||
Patch0003: Fix-intermediate-overflow-in-op_pcm_total.patch
|
||||
Patch0004: CVE-2022-47021.patch
|
||||
|
||||
BuildRequires: libogg-devel openssl-devel opus-devel
|
||||
|
||||
@ -53,6 +54,9 @@ Development package for opusfile package.
|
||||
%{_libdir}/{libopusfile.so,libopusurl.so}
|
||||
|
||||
%changelog
|
||||
* Sun Jan 29 2023 yaoxin <yaoxin30@h-partners.com> - 0.11-7
|
||||
- Fix CVE-2022-47021
|
||||
|
||||
* Wed Dec 22 2021 xu_ping <xuping33@huawei.com> - 0.11-6
|
||||
- Fix intermediate overflow in op_pcm_total
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user