FreeBSD Bugzilla – Attachment 160878 Details for
Bug 202941
audio/vorbis-tools: buffer overflow issue with invalid aiff files (CVE-2015-6749)
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Start of a patch
vorbis-tools-1.4.0_9,3.patch (text/plain), 2.29 KB, created by
Jason Unovitch
on 2015-09-09 20:04:38 UTC
(
hide
)
Description:
Start of a patch
Filename:
MIME Type:
Creator:
Jason Unovitch
Created:
2015-09-09 20:04:38 UTC
Size:
2.29 KB
patch
obsolete
>Index: Makefile >=================================================================== >--- Makefile (revision 396504) >+++ Makefile (working copy) >@@ -3,7 +3,7 @@ > > PORTNAME= vorbis-tools > PORTVERSION= 1.4.0 >-PORTREVISION= 8 >+PORTREVISION= 9 > PORTEPOCH= 3 > CATEGORIES= audio > MASTER_SITES= http://downloads.xiph.org/releases/vorbis/ >Index: files/patch-oggenv__audio.c >=================================================================== >--- files/patch-oggenv__audio.c (revision 0) >+++ files/patch-oggenv__audio.c (working copy) >@@ -0,0 +1,44 @@ >+Original source: >+https://trac.xiph.org/attachment/ticket/2212/0001-oggenc-Fix-large-alloca-on-bad-AIFF-input.patch >+ >+From 04815d3e1bfae3a6cdfb2c25358a5a72b61299f7 Mon Sep 17 00:00:00 2001 >+From: Mark Harris <mark.hsj@gmail.com> >+Date: Sun, 30 Aug 2015 05:54:46 -0700 >+Subject: [PATCH] oggenc: Fix large alloca on bad AIFF input >+ >+Fixes #2212 >+--- >+ oggenc/audio.c | 10 +++++----- >+ 1 file changed, 5 insertions(+), 5 deletions(-) >+ >+diff --git a/oggenc/audio.c b/oggenc/audio.c >+index 477da8c..4921fb9 100644 >+--- oggenc/audio.c >++++ oggenc/audio.c >+@@ -245,8 +245,8 @@ static int aiff_permute_matrix[6][6] = >+ int aiff_open(FILE *in, oe_enc_opt *opt, unsigned char *buf, int buflen) >+ { >+ int aifc; /* AIFC or AIFF? */ >+- unsigned int len; >+- unsigned char *buffer; >++ unsigned int len, readlen; >++ unsigned char buffer[22]; >+ unsigned char buf2[8]; >+ aiff_fmt format; >+ aifffile *aiff = malloc(sizeof(aifffile)); >+@@ -269,9 +269,9 @@ int aiff_open(FILE *in, oe_enc_opt *opt, unsigned char *buf, int buflen) >+ return 0; /* Weird common chunk */ >+ } >+ >+- buffer = alloca(len); >+- >+- if(fread(buffer,1,len,in) < len) >++ readlen = len < sizeof(buffer) ? len : sizeof(buffer); >++ if(fread(buffer,1,readlen,in) < readlen || >++ (len > readlen && !seek_forward(in, len-readlen))) >+ { >+ fprintf(stderr, _("Warning: Unexpected EOF in reading AIFF header\n")); >+ return 0; >+-- >+2.5.0 >+ > >Property changes on: files/patch-oggenv__audio.c >___________________________________________________________________ >Added: svn:mime-type >## -0,0 +1 ## >+text/plain >\ No newline at end of property >Added: fbsd:nokeywords >## -0,0 +1 ## >+yes >\ No newline at end of property >Added: svn:eol-style >## -0,0 +1 ## >+native >\ No newline at end of property
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=160878">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 202941
: 160878 |
160879