Details: https://nvd.nist.gov/vuln/detail/CVE-2019-8354
Pick the patch that was identified by Debian[1] as the solution. [1]: https://security-tracker.debian.org/tracker/CVE-2019-8354 Signed-off-by: Gyorgy Sarvari <[email protected]> --- .../sox/sox/CVE-2019-8354.patch | 29 +++++++++++++++++++ .../recipes-multimedia/sox/sox_14.4.2.bb | 1 + 2 files changed, 30 insertions(+) create mode 100644 meta-multimedia/recipes-multimedia/sox/sox/CVE-2019-8354.patch diff --git a/meta-multimedia/recipes-multimedia/sox/sox/CVE-2019-8354.patch b/meta-multimedia/recipes-multimedia/sox/sox/CVE-2019-8354.patch new file mode 100644 index 0000000000..c45917c1c9 --- /dev/null +++ b/meta-multimedia/recipes-multimedia/sox/sox/CVE-2019-8354.patch @@ -0,0 +1,29 @@ +From 5066f093b08b4033f59ea6d99001f059e919239b Mon Sep 17 00:00:00 2001 +From: Mans Rullgard <[email protected]> +Date: Wed, 24 Apr 2019 14:57:34 +0100 +Subject: [PATCH] fix possible buffer size overflow in lsx_make_lpf() + (CVE-2019-8354) + +The multiplication in the size argument malloc() might overflow, +resulting in a small buffer being allocated. Use calloc() instead. + +CVE: CVE-2019-8354 +Upstream-Status: Backport [https://github.com/mansr/sox/commit/f70911261a84333b077c29908e1242f69d7439eb] +Signed-off-by: Gyorgy Sarvari <[email protected]> +--- + src/effects_i_dsp.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/effects_i_dsp.c b/src/effects_i_dsp.c +index a979b50..e32dfa0 100644 +--- a/src/effects_i_dsp.c ++++ b/src/effects_i_dsp.c +@@ -357,7 +357,7 @@ double * lsx_make_lpf(int num_taps, double Fc, double beta, double rho, + double scale, sox_bool dc_norm) + { + int i, m = num_taps - 1; +- double * h = malloc(num_taps * sizeof(*h)), sum = 0; ++ double * h = calloc(num_taps, sizeof(*h)), sum = 0; + double mult = scale / lsx_bessel_I_0(beta), mult1 = 1 / (.5 * m + rho); + assert(Fc >= 0 && Fc <= 1); + lsx_debug("make_lpf(n=%i Fc=%.7g β=%g ρ=%g dc-norm=%i scale=%g)", num_taps, Fc, beta, rho, dc_norm, scale); diff --git a/meta-multimedia/recipes-multimedia/sox/sox_14.4.2.bb b/meta-multimedia/recipes-multimedia/sox/sox_14.4.2.bb index 5b47382334..24acd882fc 100644 --- a/meta-multimedia/recipes-multimedia/sox/sox_14.4.2.bb +++ b/meta-multimedia/recipes-multimedia/sox/sox_14.4.2.bb @@ -39,6 +39,7 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/sox/sox-${PV}.tar.gz \ file://CVE-2017-15642.patch \ file://CVE-2017-18189.patch \ file://CVE-2019-13590.patch \ + file://CVE-2019-8354.patch \ " SRC_URI[md5sum] = "d04fba2d9245e661f245de0577f48a33" SRC_URI[sha256sum] = "b45f598643ffbd8e363ff24d61166ccec4836fea6d3888881b8df53e3bb55f6c"
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#123888): https://lists.openembedded.org/g/openembedded-devel/message/123888 Mute This Topic: https://lists.openembedded.org/mt/117467449/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
