Halaman utama Jelajahi Bantuan
Daftar Masuk
PUBLIC_REPOS
/
buildroot
cermin dari git://git.buildroot.net/buildroot
2
1
Fork 0
Berkas
Jelajahi Sumber

package/sox: add fix for CVE-2022-31650, CVE-2023-26590

Patch comes from Debian. The CVEs are not reported by pkg-stats
because the NVD database has associated it to the sox_project:sox
vendor/product CPE. This has been reported to NVD:

  https://lore.kernel.org/buildroot/20250517220322.4da9bdb3@windsurf/

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
Thomas Petazzoni 2 bulan lalu
induk
1c1ee69fa7
melakukan
34cb164b7e
2 mengubah file dengan 68 tambahan dan 0 penghapusan
Tampilan Split Tampilkan Statistik Diff
  1. 63 0
      package/sox/0009-formats-aiff-reject-implausibly-large-number-of-chan.patch
  2. 5 0
      package/sox/sox.mk

+ 63 - 0
package/sox/0009-formats-aiff-reject-implausibly-large-number-of-chan.patch
Tampilan Berkas 

@@ -0,0 +1,63 @@
 
+From 452bfd55096e24ff5eb4a5eb491c70125ce05be8 Mon Sep 17 00:00:00 2001
 
+From: Helmut Grohne <helmut@subdivi.de>
 
+Date: Sat, 17 May 2025 22:55:32 +0200
 
+Subject: [PATCH] formats+aiff: reject implausibly large number of channels
 
+
 
+Bug: https://sourceforge.net/p/sox/bugs/360/
 
+Bug-Debian: https://bugs.debian.org/1012516
 
+
 
+Upstream: https://sourceforge.net/p/sox/bugs/360/
 
+Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
 
+---
 
+ src/aiff.c      |  5 +++++
 
+ src/formats_i.c | 10 ++++++++--
 
+ 2 files changed, 13 insertions(+), 2 deletions(-)
 
+
 
+diff --git a/src/aiff.c b/src/aiff.c
 
+index 3a152c58..6de94f32 100644
 
+--- a/src/aiff.c
 
++++ b/src/aiff.c
 
+@@ -619,6 +619,11 @@ int lsx_aiffstartwrite(sox_format_t * ft)
 
+            At 48 kHz, 16 bits stereo, this gives ~3 hours of audio.
 
+            Sorry, the AIFF format does not provide for an indefinite
 
+            number of samples. */
 
++        if (ft->signal.channels >= (0x7f000000 / (ft->encoding.bits_per_sample >> 3)))
 
++        {
 
++                lsx_fail_errno(ft, SOX_EOF, "too many channels for AIFF header");
 
++                return SOX_EOF;
 
++        }
 
+         return(aiffwriteheader(ft, (uint64_t) 0x7f000000 / ((ft->encoding.bits_per_sample>>3)*ft->signal.channels)));
 
+ }
 
+ 
+diff --git a/src/formats_i.c b/src/formats_i.c
 
+index 7048040d..6a7c27e3 100644
 
+--- a/src/formats_i.c
 
++++ b/src/formats_i.c
 
+@@ -19,6 +19,7 @@
 
+  */
 
+ 
+ #include "sox_i.h"
 
++#include <limits.h>
 
+ #include <string.h>
 
+ #include <sys/stat.h>
 
+ #include <stdarg.h>
 
+@@ -60,9 +61,14 @@ int lsx_check_read_params(sox_format_t * ft, unsigned channels,
 
+   if (ft->seekable)
 
+     ft->data_start = lsx_tell(ft);
 
+ 
+-  if (channels && ft->signal.channels && ft->signal.channels != channels)
 
++  if (channels && ft->signal.channels && ft->signal.channels != channels) {
 
+     lsx_warn("`%s': overriding number of channels", ft->filename);
 
+-  else ft->signal.channels = channels;
 
++  } else if (channels > SHRT_MAX) {
 
++    lsx_fail_errno(ft, EINVAL, "implausibly large number of channels");
 
++    return SOX_EOF;
 
++  } else {
 
++    ft->signal.channels = channels;
 
++  }
 
+ 
+   if (rate && ft->signal.rate && ft->signal.rate != rate)
 
+     lsx_warn("`%s': overriding sample rate", ft->filename);
 
+-- 
+2.49.0
 
+

+ 5 - 0
package/sox/sox.mk
Tampilan Berkas 

@@ -74,6 +74,11 @@ SOX_IGNORE_CVES += CVE-2021-23159 CVE-2021-23172 CVE-2023-34318
 
 # due to the change of CPE ID to libsox_project:libsox in the NVD database
 
 SOX_IGNORE_CVES += CVE-2021-40426
 
 
+# 0009-formats-aiff-reject-implausibly-large-number-of-chan.patch
 
+# This entry is NOT stale, those CVEs are not reported by pkg-stats
 
+# due to the change of CPE ID to sox_project:sox in the NVD database
 
+SOX_IGNORE_CVES += CVE-2022-31650 CVE-2023-26590
 
+
 
 SOX_CONF_OPTS = \
 
 	--with-distro="Buildroot" \
 
 	--disable-stack-protector