libsndfile: fix CVE-2014-9756
Fix divide by zero bug (CVE-2014-9756) (From OE-Core rev: f47cf07ab9d00ed7eddc8e867138481f7bd2bb7d) Signed-off-by: Maxin B. John <maxin.john@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
parent
aa07eb161c
commit
6c3f68039d
|
@ -0,0 +1,24 @@
|
|||
src/file_io.c : Prevent potential divide-by-zero.
|
||||
|
||||
Closes: https://github.com/erikd/libsndfile/issues/92
|
||||
|
||||
Upstream-Status: Backport
|
||||
|
||||
Fixes CVE-2014-9756
|
||||
|
||||
Signed-off-by: Erik de Castro Lopo <erikd@mega-nerd.com>
|
||||
Signed-off-by: Maxin B. John <maxin.john@intel.com>
|
||||
---
|
||||
diff -Naur libsndfile-1.0.25-orig/src/file_io.c libsndfile-1.0.25/src/file_io.c
|
||||
--- libsndfile-1.0.25-orig/src/file_io.c 2011-01-19 12:12:28.000000000 +0200
|
||||
+++ libsndfile-1.0.25/src/file_io.c 2015-11-04 15:02:04.337395618 +0200
|
||||
@@ -358,6 +358,9 @@
|
||||
{ sf_count_t total = 0 ;
|
||||
ssize_t count ;
|
||||
|
||||
+ if (bytes == 0 || items == 0)
|
||||
+ return 0 ;
|
||||
+
|
||||
if (psf->virtual_io)
|
||||
return psf->vio.write (ptr, bytes*items, psf->vio_user_data) / bytes ;
|
||||
|
|
@ -9,6 +9,7 @@ PR = "r2"
|
|||
SRC_URI = "http://www.mega-nerd.com/libsndfile/files/libsndfile-${PV}.tar.gz \
|
||||
file://0001-src-sd2.c-Fix-segfault-in-SD2-RSRC-parser.patch \
|
||||
file://0001-src-sd2.c-Fix-two-potential-buffer-read-overflows.patch \
|
||||
file://libsndfile-fix-CVE-2014-9756.patch \
|
||||
"
|
||||
|
||||
SRC_URI[md5sum] = "e2b7bb637e01022c7d20f95f9c3990a2"
|
||||
|
|
Loading…
Reference in New Issue