main/libvorbis: security fix

CVE-2017-14632 CVE-2017-14633
author: dai9ah <dai9ah@protonmail.com> 2018-02-15 23:33:52 +0200
committer: Sören Tempel <soeren+git@soeren-tempel.net> 2018-02-18 23:27:48 +0100
commit: 40cdf3534fef3e22e6fbce05a34ff18b125d8ea9 (patch)
tree: 2b319e86148fc7c18323dca75cecc3b13c874ed2 /main/libvorbis/CVE-2017-14633.patch
parent: fe5066c55875bf3c0436139ed70a40c784889bae (diff)
download: aports-40cdf3534fef3e22e6fbce05a34ff18b125d8ea9.tar.bz2
aports-40cdf3534fef3e22e6fbce05a34ff18b125d8ea9.tar.xz
1 files changed, 11 insertions, 0 deletions
diff --git a/main/libvorbis/CVE-2017-14633.patch b/main/libvorbis/CVE-2017-14633.patch
new file mode 100644
index 0000000000..76af2652c8
--- /dev/null
+++ b/main/libvorbis/CVE-2017-14633.patch
@@ -0,0 +1,11 @@
+--- a/lib/info.c
++++ b/lib/info.c
+@@ -583,7 +583,7 @@ int vorbis_analysis_headerout(vorbis_dsp
+   oggpack_buffer opb;
+   private_state *b=v->backend_state;
+ 
+-  if(!b||vi->channels<=0){
++  if(!b||vi->channels<=0||vi->channels>256){
+     b = NULL;
+     ret=OV_EFAULT;
+     goto err_out;
author	dai9ah <dai9ah@protonmail.com>	2018-02-15 23:33:52 +0200
committer	Sören Tempel <soeren+git@soeren-tempel.net>	2018-02-18 23:27:48 +0100
commit	40cdf3534fef3e22e6fbce05a34ff18b125d8ea9 (patch)
tree	2b319e86148fc7c18323dca75cecc3b13c874ed2 /main/libvorbis/CVE-2017-14633.patch
parent	fe5066c55875bf3c0436139ed70a40c784889bae (diff)
download	aports-40cdf3534fef3e22e6fbce05a34ff18b125d8ea9.tar.bz2 aports-40cdf3534fef3e22e6fbce05a34ff18b125d8ea9.tar.xz