[oe] [meta-oe][kirkstone][PATCH 4/6] audiofile: backport test for CVE-2015-7747

Gyorgy Sarvari via lists.openembedded.org Sat, 15 Nov 2025 05:11:15 -0800

This is a backported patch from opensuse, which contains a testcase
for CVE-2015-7747 (which is already patched in ths recipe, but not
tested explicitly).


Signed-off-by: Gyorgy Sarvari <[email protected]>
Signed-off-by: Khem Raj <[email protected]>
(cherry picked from commit 6c98db2449a52de0f9533ab84e31c7a1d2bd7e49)
---
 .../audiofile/audiofile_0.3.6.bb              |   1 +
 .../files/test-for-CVE-2015-7747.patch        | 166 ++++++++++++++++++
 2 files changed, 167 insertions(+)
 create mode 100644 
meta-oe/recipes-multimedia/audiofile/files/test-for-CVE-2015-7747.patch

diff --git a/meta-oe/recipes-multimedia/audiofile/audiofile_0.3.6.bb 
b/meta-oe/recipes-multimedia/audiofile/audiofile_0.3.6.bb
index dabc8b66b3..f9683bd0c6 100644
--- a/meta-oe/recipes-multimedia/audiofile/audiofile_0.3.6.bb
+++ b/meta-oe/recipes-multimedia/audiofile/audiofile_0.3.6.bb
@@ -19,6 +19,7 @@ SRC_URI = " \
     file://0006-Check-for-multiplication-overflow-in-sfconvert.patch \
     file://0007-Actually-fail-when-error-occurs-in-parseFormat.patch \
     file://0008-Check-for-multiplication-overflow-in-MSADPCM-decodeS.patch \
+    file://test-for-CVE-2015-7747.patch \
     file://CVE-2019-13147.patch \
     file://CVE-2022-24599.patch \
 "
diff --git 
a/meta-oe/recipes-multimedia/audiofile/files/test-for-CVE-2015-7747.patch 
b/meta-oe/recipes-multimedia/audiofile/files/test-for-CVE-2015-7747.patch
new file mode 100644
index 0000000000..a62cc7589b
--- /dev/null
+++ b/meta-oe/recipes-multimedia/audiofile/files/test-for-CVE-2015-7747.patch
@@ -0,0 +1,166 @@
+From 1debf51f3a89d44c0bd46e7bc45c07342087dd7c Mon Sep 17 00:00:00 2001
+From: Fabrizio Gennari <[email protected]>
+Date: Sun, 4 Oct 2015 01:14:00 +0200
+Subject: [PATCH 2/2] Add a test case for conversion of both sample format and
+ number of channels
+
+This patch contains the testcase backport to version 0.3.6.
+Author: Stanislav Brabec <[email protected]>
+
+https://bugzilla.novell.com/show_bug.cgi?id=949399#c7
+
+
+This patch is from opensuse, to verify a CVE fix:
+https://build.opensuse.org/projects/multimedia:libs/packages/audiofile/files/audiofile-CVE-2015-7747.patch:
+
+Upstream-Status: Inactive-Upstream [lastcommit: 2016-Aug-30]
+Signed-off-by: Gyorgy Sarvari <[email protected]>
+---
+ test/Makefile.am                    |   2 +
+ test/sixteen-stereo-to-eight-mono.c | 118 ++++++++++++++++++++++++++++++++++++
+ 2 files changed, 120 insertions(+)
+ create mode 100644 test/sixteen-stereo-to-eight-mono.c
+
+diff --git a/test/Makefile.am b/test/Makefile.am
+index 7bbf8e4..d311719 100644
+--- a/test/Makefile.am
++++ b/test/Makefile.am
+@@ -27,6 +27,7 @@ TESTS = \
+       VirtualFile \
+       floatto24 \
+       query2 \
++      sixteen-stereo-to-eight-mono \
+       sixteen-to-eight \
+       testchannelmatrix \
+       testdouble \
+@@ -143,6 +144,7 @@ printmarkers_SOURCES = printmarkers.c
+ printmarkers_LDADD = $(LIBAUDIOFILE) -lm
+ 
+ sixteen_to_eight_SOURCES = sixteen-to-eight.c TestUtilities.cpp 
TestUtilities.h
++sixteen_stereo_to_eight_mono_SOURCES = sixteen-stereo-to-eight-mono.c 
TestUtilities.cpp TestUtilities.h
+ 
+ testchannelmatrix_SOURCES = testchannelmatrix.c TestUtilities.cpp 
TestUtilities.h
+ 
+diff --git a/test/sixteen-stereo-to-eight-mono.c 
b/test/sixteen-stereo-to-eight-mono.c
+new file mode 100644
+index 0000000..0f14636
+--- /dev/null
++++ b/test/sixteen-stereo-to-eight-mono.c
+@@ -0,0 +1,117 @@
++/*
++      Audio File Library
++
++      Copyright 2000, Silicon Graphics, Inc.
++
++      This program is free software; you can redistribute it and/or modify
++      it under the terms of the GNU General Public License as published by
++      the Free Software Foundation; either version 2 of the License, or
++      (at your option) any later version.
++
++      This program is distributed in the hope that it will be useful,
++      but WITHOUT ANY WARRANTY; without even the implied warranty of
++      MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++      GNU General Public License for more details.
++
++      You should have received a copy of the GNU General Public License along
++      with this program; if not, write to the Free Software Foundation, Inc.,
++      51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
++*/
++
++/*
++      sixteen-stereo-to-eight-mono.c
++
++      This program tests the conversion from 2-channel 16-bit integers to
++      1-channel 8-bit integers.
++*/
++
++#ifdef HAVE_CONFIG_H
++#include <config.h>
++#endif
++
++#include <stdint.h>
++#include <stdio.h>
++#include <stdlib.h>
++#include <string.h>
++#include <unistd.h>
++#include <limits.h>
++
++#include <audiofile.h>
++
++#include "TestUtilities.h"
++
++int main (int argc, char **argv)
++{
++      AFfilehandle file;
++      AFfilesetup setup;
++      int16_t frames16[] = {14298, 392, 3923, -683, 958, -1921};
++      int8_t frames8[] = {28, 6, -2};
++      int i, frameCount = 3;
++      int8_t byte;
++      AFframecount result;
++
++      setup = afNewFileSetup();
++
++      afInitFileFormat(setup, AF_FILE_WAVE);
++
++      afInitSampleFormat(setup, AF_DEFAULT_TRACK, AF_SAMPFMT_TWOSCOMP, 16);
++      afInitChannels(setup, AF_DEFAULT_TRACK, 2);
++
++      char testFileName[PATH_MAX];
++      if (!createTemporaryFile("sixteen-to-eight", testFileName))
++      {
++              fprintf(stderr, "Could not create temporary file.\n");
++              exit(EXIT_FAILURE);
++      }
++
++      file = afOpenFile(testFileName, "w", setup);
++      if (file == AF_NULL_FILEHANDLE)
++      {
++              fprintf(stderr, "could not open file for writing\n");
++              exit(EXIT_FAILURE);
++      }
++
++      afFreeFileSetup(setup);
++
++      afWriteFrames(file, AF_DEFAULT_TRACK, frames16, frameCount);
++
++      afCloseFile(file);
++
++      file = afOpenFile(testFileName, "r", AF_NULL_FILESETUP);
++      if (file == AF_NULL_FILEHANDLE)
++      {
++              fprintf(stderr, "could not open file for reading\n");
++              exit(EXIT_FAILURE);
++      }
++
++      afSetVirtualSampleFormat(file, AF_DEFAULT_TRACK, AF_SAMPFMT_TWOSCOMP, 
8);
++      afSetVirtualChannels(file, AF_DEFAULT_TRACK, 1);
++
++      for (i=0; i<frameCount; i++)
++      {
++              /* Read one frame. */
++              result = afReadFrames(file, AF_DEFAULT_TRACK, &byte, 1);
++
++              if (result != 1)
++                      break;
++
++              /* Compare the byte read with its precalculated value. */
++              if (memcmp(&byte, &frames8[i], 1) != 0)
++              {
++                      printf("error\n");
++                      printf("expected %d, got %d\n", frames8[i], byte);
++                      exit(EXIT_FAILURE);
++              }
++              else
++              {
++#ifdef DEBUG
++                      printf("got what was expected: %d\n", byte);
++#endif
++              }
++      }
++
++      afCloseFile(file);
++      unlink(testFileName);
++
++      exit(EXIT_SUCCESS);
++}

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#121733): 
https://lists.openembedded.org/g/openembedded-devel/message/121733
Mute This Topic: https://lists.openembedded.org/mt/116306934/21656
Group Owner: [email protected]
Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub 
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-

[oe] [meta-oe][kirkstone][PATCH 4/6] audiofile: backport test for CVE-2015-7747

Reply via email to