diff options
Diffstat (limited to 'community/sox/CVE-2019-8355.patch')
| -rw-r--r-- | community/sox/CVE-2019-8355.patch | 69 |
1 files changed, 69 insertions, 0 deletions
diff --git a/community/sox/CVE-2019-8355.patch b/community/sox/CVE-2019-8355.patch new file mode 100644 index 0000000000..4dfeb591cf --- /dev/null +++ b/community/sox/CVE-2019-8355.patch @@ -0,0 +1,69 @@ +From f8587e2d50dad72d40453ac1191c539ee9e50381 Mon Sep 17 00:00:00 2001 +From: Mans Rullgard <mans@mansr.com> +Date: Wed, 24 Apr 2019 17:39:45 +0100 +Subject: [PATCH] fix possible overflow in lsx_(re)valloc() size calculation + (CVE-2019-8355) + +--- + src/Makefile.am | 2 +- + src/xmalloc.c | 10 ++++++++++ + src/xmalloc.h | 5 +++-- + 3 files changed, 14 insertions(+), 3 deletions(-) + +diff --git a/src/Makefile.am b/src/Makefile.am +index 42573ec5..d5f6d125 100644 +--- a/src/Makefile.am ++++ b/src/Makefile.am +@@ -95,7 +95,7 @@ libsox_la_LIBADD += @GOMP_LIBS@ + + libsox_la_CFLAGS = @WARN_CFLAGS@ + libsox_la_LDFLAGS = @APP_LDFLAGS@ -version-info @SHLIB_VERSION@ \ +- -export-symbols-regex '^(sox_.*|lsx_(([cm]|re)alloc|check_read_params|(close|open)_dllibrary|(debug(_more|_most)?|fail|report|warn)_impl|eof|error|fail_errno|filelength|find_(enum_(text|value)|file_extension)|flush|getopt(_init)?|lpc10_(create_(de|en)coder_state|(de|en)code)|raw(read|write)|read(_b_buf|buf|chars)|rewind|seeki|sigfigs3p?|strcasecmp|strdup|tell|unreadb|write(b|_b_buf|buf|s)))$$' ++ -export-symbols-regex '^(sox_.*|lsx_(([cm]|re)alloc.*|check_read_params|(close|open)_dllibrary|(debug(_more|_most)?|fail|report|warn)_impl|eof|error|fail_errno|filelength|find_(enum_(text|value)|file_extension)|flush|getopt(_init)?|lpc10_(create_(de|en)coder_state|(de|en)code)|raw(read|write)|read(_b_buf|buf|chars)|rewind|seeki|sigfigs3p?|strcasecmp|strdup|tell|unreadb|write(b|_b_buf|buf|s)))$$' + + if HAVE_WIN32_LTDL + libsox_la_SOURCES += win32-ltdl.c win32-ltdl.h +diff --git a/src/xmalloc.c b/src/xmalloc.c +index 56fe6944..72c9ea4d 100644 +--- a/src/xmalloc.c ++++ b/src/xmalloc.c +@@ -57,6 +57,16 @@ void *lsx_calloc(size_t n, size_t size) + return lsx_checkptr(calloc(n + !n, size + !size)); + } + ++void *lsx_realloc_array(void *p, size_t n, size_t size) ++{ ++ if (n > (size_t)-1 / size) { ++ lsx_fail("malloc size overflow"); ++ exit(2); ++ } ++ ++ return lsx_realloc(p, n * size); ++} ++ + char *lsx_strdup(const char *s) + { + return lsx_checkptr(strdup(s)); +diff --git a/src/xmalloc.h b/src/xmalloc.h +index 92ac64d9..21ff6630 100644 +--- a/src/xmalloc.h ++++ b/src/xmalloc.h +@@ -25,11 +25,12 @@ + + LSX_RETURN_VALID void *lsx_malloc(size_t size); + LSX_RETURN_VALID void *lsx_calloc(size_t n, size_t size); ++LSX_RETURN_VALID void *lsx_realloc_array(void *p, size_t n, size_t size); + LSX_RETURN_VALID char *lsx_strdup(const char *s); + + #define lsx_Calloc(v,n) v = lsx_calloc(n,sizeof(*(v))) + #define lsx_memdup(p,s) ((p)? memcpy(lsx_malloc(s), p, s) : NULL) +-#define lsx_valloc(v,n) v = lsx_malloc((n)*sizeof(*(v))) +-#define lsx_revalloc(v,n) v = lsx_realloc(v, (n)*sizeof(*(v))) ++#define lsx_valloc(v,n) v = lsx_realloc_array(NULL, n, sizeof(*(v))) ++#define lsx_revalloc(v,n) v = lsx_realloc_array(v, n, sizeof(*(v))) + + #endif +-- +2.22.0 + + |