From: Peter Marko <[email protected]> This patch is mentioned in [1] and [2].
[1] https://nvd.nist.gov/vuln/detail/CVE-2022-47021 [2] https://github.com/xiph/opusfile/issues/36 Signed-off-by: Peter Marko <[email protected]> --- .../opusfile/opusfile/CVE-2022-47021.patch | 44 +++++++++++++++++++ .../opusfile/opusfile_0.12.bb | 2 + 2 files changed, 46 insertions(+) create mode 100644 meta-multimedia/recipes-multimedia/opusfile/opusfile/CVE-2022-47021.patch diff --git a/meta-multimedia/recipes-multimedia/opusfile/opusfile/CVE-2022-47021.patch b/meta-multimedia/recipes-multimedia/opusfile/opusfile/CVE-2022-47021.patch new file mode 100644 index 0000000000..48a7cab3f5 --- /dev/null +++ b/meta-multimedia/recipes-multimedia/opusfile/opusfile/CVE-2022-47021.patch @@ -0,0 +1,44 @@ +From 0a4cd796df5b030cb866f3f4a5e41a4b92caddf5 Mon Sep 17 00:00:00 2001 +From: Ralph Giles <[email protected]> +Date: Tue, 6 Sep 2022 19:04:31 -0700 +Subject: [PATCH] Propagate allocation failure from ogg_sync_buffer. + +Instead of segfault, report OP_EFAULT if ogg_sync_buffer returns +a null pointer. This allows more graceful recovery by the caller +in the unlikely event of a fallible ogg_malloc call. + +We do check the return value elsewhere in the code, so the new +checks make the code more consistent. + +Thanks to https://github.com/xiph/opusfile/issues/36 for reporting. + +Signed-off-by: Timothy B. Terriberry <[email protected]> +Signed-off-by: Mark Harris <[email protected]> + +CVE: CVE-2022-47021 +Upstream-Status: Backport [https://github.com/xiph/opusfile/commit/0a4cd796df5b030cb866f3f4a5e41a4b92caddf5] +Signed-off-by: Peter Marko <[email protected]> +--- + src/opusfile.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/src/opusfile.c b/src/opusfile.c +index ca219b2..3c3c81e 100644 +--- a/src/opusfile.c ++++ b/src/opusfile.c +@@ -148,6 +148,7 @@ static int op_get_data(OggOpusFile *_of,int _nbytes){ + int nbytes; + OP_ASSERT(_nbytes>0); + buffer=(unsigned char *)ogg_sync_buffer(&_of->oy,_nbytes); ++ if(OP_UNLIKELY(buffer==NULL))return OP_EFAULT; + nbytes=(int)(*_of->callbacks.read)(_of->stream,buffer,_nbytes); + OP_ASSERT(nbytes<=_nbytes); + if(OP_LIKELY(nbytes>0))ogg_sync_wrote(&_of->oy,nbytes); +@@ -1527,6 +1528,7 @@ static int op_open1(OggOpusFile *_of, + if(_initial_bytes>0){ + char *buffer; + buffer=ogg_sync_buffer(&_of->oy,(long)_initial_bytes); ++ if(OP_UNLIKELY(buffer==NULL))return OP_EFAULT; + memcpy(buffer,_initial_data,_initial_bytes*sizeof(*buffer)); + ogg_sync_wrote(&_of->oy,(long)_initial_bytes); + } diff --git a/meta-multimedia/recipes-multimedia/opusfile/opusfile_0.12.bb b/meta-multimedia/recipes-multimedia/opusfile/opusfile_0.12.bb index c775cef5a1..9e1d80e8dd 100644 --- a/meta-multimedia/recipes-multimedia/opusfile/opusfile_0.12.bb +++ b/meta-multimedia/recipes-multimedia/opusfile/opusfile_0.12.bb @@ -11,4 +11,6 @@ SRC_URI = "https://downloads.xiph.org/releases/opus/${BP}.tar.gz"; SRC_URI[md5sum] = "45e8c62f6cd413395223c82f06bfa8ec" SRC_URI[sha256sum] = "118d8601c12dd6a44f52423e68ca9083cc9f2bfe72da7a8c1acb22a80ae3550b" +SRC_URI += "file://CVE-2022-47021.patch" + inherit autotools pkgconfig -- 2.30.2
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#114546): https://lists.openembedded.org/g/openembedded-devel/message/114546 Mute This Topic: https://lists.openembedded.org/mt/110271255/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
