Hello community, here is the log from the commit of package opus for openSUSE:Factory checked in at 2013-01-14 09:44:10 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/opus (Old) and /work/SRC/openSUSE:Factory/.opus.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "opus", Maintainer is "" Changes: -------- --- /work/SRC/openSUSE:Factory/opus/opus.changes 2012-09-25 10:44:50.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.opus.new/opus.changes 2013-01-14 09:44:12.000000000 +0100 @@ -1,0 +2,9 @@ +Sun Jan 13 20:13:46 UTC 2013 - [email protected] + +- Add + opus-fix-out-of-bounds-read-issue-with-the-padding-handling.patch + Fixes an out-of-bounds read that could be triggered by a + malicious Opus packet causing an integer wrap-around in the + padding code. + +------------------------------------------------------------------- New: ---- opus-fix-out-of-bounds-read-issue-with-the-padding-handling.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ opus.spec ++++++ --- /var/tmp/diff_new_pack.1fNQgk/_old 2013-01-14 09:44:13.000000000 +0100 +++ /var/tmp/diff_new_pack.1fNQgk/_new 2013-01-14 09:44:13.000000000 +0100 @@ -1,7 +1,7 @@ # # spec file for package opus # -# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. # Copyright (c) 2012 Pascal Bleser <[email protected]> # # All modifications and additions to the file contributed by third parties @@ -26,6 +26,8 @@ Group: System/Libraries Source: http://downloads.xiph.org/releases/opus/opus-%{version}.tar.gz Source99: baselibs.conf +# PATCH-FIX-UPSTREAM opus-fix-out-of-bounds-read-issue-with-the-padding-handling.patch [email protected] -- Fixes an out-of-bounds read issue with the padding handling code +Patch0: opus-fix-out-of-bounds-read-issue-with-the-padding-handling.patch Url: http://opus-codec.org/ BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: libtool @@ -68,6 +70,7 @@ %prep %setup -q +%patch0 -p1 %build %configure \ ++++++ opus-fix-out-of-bounds-read-issue-with-the-padding-handling.patch ++++++ X-Git-Url: https://git.xiph.org/?p=opus.git;a=blobdiff_plain;f=src%2Fopus_decoder.c;h=0be6730d133c417fd87620b774029986dcee6efb;hp=167e4e4891e66dce7a65a6ca761fb58fb190267a;hb=9345aaa5ca1c2fb7d62981b2a538e0ce20612c38;hpb=b05aa1dd763fe238c6e928385664e86bd66118e7 diff --git a/src/opus_decoder.c b/src/opus_decoder.c index 167e4e4..0be6730 100644 --- a/src/opus_decoder.c +++ b/src/opus_decoder.c @@ -641,16 +641,14 @@ static int opus_packet_parse_impl(const unsigned char *data, opus_int32 len, /* Padding flag is bit 6 */ if (ch&0x40) { - int padding=0; int p; do { if (len<=0) return OPUS_INVALID_PACKET; p = *data++; len--; - padding += p==255 ? 254: p; + len -= p==255 ? 254: p; } while (p==255); - len -= padding; } if (len<0) return OPUS_INVALID_PACKET; -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
