helium-3rd-party/meta-openembedded
1
0
Fork 0
mirror of git://git.openembedded.org/meta-openembedded synced 2026-04-02 02:49:12 +00:00
Code Issues Packages Projects Releases Wiki Activity

sox: patch CVE-2019-8354

Browse Source 
Details: https://nvd.nist.gov/vuln/detail/CVE-2019-8354

Pick the patch that was identified by Debian[1] as the solution.

[1]: https://security-tracker.debian.org/tracker/CVE-2019-8354

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
This commit is contained in:
Gyorgy Sarvari 2026-02-09 12:38:58 +01:00
parent d782346939
commit 4ae1930999
2 changed files with 30 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
meta-multimedia/recipes-multimedia/sox/sox/CVE-2019-8354.patch Normal file
View File

@ -0,0 +1,29 @@
From 5066f093b08b4033f59ea6d99001f059e919239b Mon Sep 17 00:00:00 2001
From: Mans Rullgard <mans@mansr.com>
Date: Wed, 24 Apr 2019 14:57:34 +0100
Subject: [PATCH] fix possible buffer size overflow in lsx_make_lpf()
(CVE-2019-8354)
The multiplication in the size argument malloc() might overflow,
resulting in a small buffer being allocated. Use calloc() instead.
CVE: CVE-2019-8354
Upstream-Status: Backport [https://github.com/mansr/sox/commit/f70911261a84333b077c29908e1242f69d7439eb]
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
src/effects_i_dsp.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/effects_i_dsp.c b/src/effects_i_dsp.c
index a979b50..e32dfa0 100644
--- a/src/effects_i_dsp.c
+++ b/src/effects_i_dsp.c
@@ -357,7 +357,7 @@ double * lsx_make_lpf(int num_taps, double Fc, double beta, double rho,
double scale, sox_bool dc_norm)
{
int i, m = num_taps - 1;
- double * h = malloc(num_taps * sizeof(*h)), sum = 0;
+ double * h = calloc(num_taps, sizeof(*h)), sum = 0;
double mult = scale / lsx_bessel_I_0(beta), mult1 = 1 / (.5 * m + rho);
assert(Fc >= 0 && Fc <= 1);
lsx_debug("make_lpf(n=%i Fc=%.7g β=%g ρ=%g dc-norm=%i scale=%g)", num_taps, Fc, beta, rho, dc_norm, scale);

1
meta-multimedia/recipes-multimedia/sox/sox_14.4.2.bb
View File

@ -39,6 +39,7 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/sox/sox-${PV}.tar.gz \
file://CVE-2017-15642.patch \
file://CVE-2017-18189.patch \
file://CVE-2019-13590.patch \
file://CVE-2019-8354.patch \
"
SRC_URI[md5sum] = "d04fba2d9245e661f245de0577f48a33"
SRC_URI[sha256sum] = "b45f598643ffbd8e363ff24d61166ccec4836fea6d3888881b8df53e3bb55f6c"