[Buildroot] [git commit branch/2018.02.x] package/libvorbis: add upstream security patch to fix CVE-2017-14160

Peter Korsgaard peter at korsgaard.com
Sun Jun 17 15:26:14 UTC 2018


commit: https://git.buildroot.net/buildroot/commit/?id=c5d023f659f0decd4cbb8971237e4758daf1445b
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/2018.02.x

Signed-off-by: Bernd Kuhls <bernd.kuhls at t-online.de>
Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
(cherry picked from commit dc7f8715746d50d3a7db36211d5da6c68020eb18)
Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
---
 ...fix-bounds-check-on-very-low-sample-rates.patch | 28 ++++++++++++++++++++++
 1 file changed, 28 insertions(+)

diff --git a/package/libvorbis/0001-CVE-2017-14160-fix-bounds-check-on-very-low-sample-rates.patch b/package/libvorbis/0001-CVE-2017-14160-fix-bounds-check-on-very-low-sample-rates.patch
new file mode 100644
index 0000000000..e84f3d4799
--- /dev/null
+++ b/package/libvorbis/0001-CVE-2017-14160-fix-bounds-check-on-very-low-sample-rates.patch
@@ -0,0 +1,28 @@
+From: Thomas Daede <daede003 at umn.edu>
+Date: Wed, 9 May 2018 21:56:59 +0000 (-0700)
+Subject: CVE-2017-14160: fix bounds check on very low sample rates.
+X-Git-Url: https://git.xiph.org/?p=vorbis.git;a=commitdiff_plain;h=018ca26dece618457dd13585cad52941193c4a25
+
+CVE-2017-14160: fix bounds check on very low sample rates.
+
+Downloaded from upstream commit
+https://git.xiph.org/?p=vorbis.git;a=commitdiff;h=018ca26dece618457dd13585cad52941193c4a25
+
+Signed-off-by: Bernd Kuhls <bernd.kuhls at t-online.de>
+---
+
+diff --git a/lib/psy.c b/lib/psy.c
+index 422c6f1..1310123 100644
+--- a/lib/psy.c
++++ b/lib/psy.c
+@@ -602,8 +602,9 @@ static void bark_noise_hybridmp(int n,const long *b,
+   for (i = 0, x = 0.f;; i++, x += 1.f) {
+ 
+     lo = b[i] >> 16;
+-    if( lo>=0 ) break;
+     hi = b[i] & 0xffff;
++    if( lo>=0 ) break;
++    if( hi>=n ) break;
+ 
+     tN = N[hi] + N[-lo];
+     tX = X[hi] - X[-lo];


More information about the buildroot mailing list