MIRRORS/meta-openembedded
1
0
Fork 0
mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-01-27 12:01:38 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

opusfile: patch CVE-2022-47021

Browse Source 
Details: https://nvd.nist.gov/vuln/detail/CVE-2022-47021

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
This commit is contained in:
Ankur Tyagi 2026-01-10 12:43:46 +13:00 committed by Anuj Mittal
parent 23edbe268c
commit 3d4aef2b2d
No known key found for this signature in database
GPG Key ID: 4340AEFE69F5085C
2 changed files with 48 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
meta-multimedia/recipes-multimedia/opusfile/opusfile/CVE-2022-47021.patch Normal file
View File

@ -0,0 +1,45 @@
From 84392e8ce385707de855865dd16d586f9331f2e5 Mon Sep 17 00:00:00 2001
From: Ralph Giles <giles@thaumas.net>
Date: Tue, 6 Sep 2022 19:04:31 -0700
Subject: [PATCH] Propagate allocation failure from ogg_sync_buffer.
Instead of segfault, report OP_EFAULT if ogg_sync_buffer returns
a null pointer. This allows more graceful recovery by the caller
in the unlikely event of a fallible ogg_malloc call.
We do check the return value elsewhere in the code, so the new
checks make the code more consistent.
Thanks to https://github.com/xiph/opusfile/issues/36 for reporting.
Signed-off-by: Timothy B. Terriberry <tterribe@xiph.org>
Signed-off-by: Mark Harris <mark.hsj@gmail.com>
CVE: CVE-2022-47021
Upstream-Status: Backport [https://github.com/xiph/opusfile/commit/0a4cd796df5b030cb866f3f4a5e41a4b92caddf5]
(cherry picked from commit 0a4cd796df5b030cb866f3f4a5e41a4b92caddf5)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
---
src/opusfile.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src/opusfile.c b/src/opusfile.c
index 642c784..edda2d3 100644
--- a/src/opusfile.c
+++ b/src/opusfile.c
@@ -148,6 +148,7 @@ static int op_get_data(OggOpusFile *_of,int _nbytes){
int nbytes;
OP_ASSERT(_nbytes>0);
buffer=(unsigned char *)ogg_sync_buffer(&_of->oy,_nbytes);
+ if(OP_UNLIKELY(buffer==NULL))return OP_EFAULT;
nbytes=(int)(*_of->callbacks.read)(_of->stream,buffer,_nbytes);
OP_ASSERT(nbytes<=_nbytes);
if(OP_LIKELY(nbytes>0))ogg_sync_wrote(&_of->oy,nbytes);
@@ -1527,6 +1528,7 @@ static int op_open1(OggOpusFile *_of,
if(_initial_bytes>0){
char *buffer;
buffer=ogg_sync_buffer(&_of->oy,(long)_initial_bytes);
+ if(OP_UNLIKELY(buffer==NULL))return OP_EFAULT;
memcpy(buffer,_initial_data,_initial_bytes*sizeof(*buffer));
ogg_sync_wrote(&_of->oy,(long)_initial_bytes);
}

4
meta-multimedia/recipes-multimedia/opusfile/opusfile_0.12.bb
View File

@ -7,7 +7,9 @@ DEPENDS = "libogg openssl libopus"
LICENSE = "BSD-3-Clause"
LIC_FILES_CHKSUM = "file://COPYING;md5=6ac22b992dde6a891f8949c3e2da8576"
SRC_URI = "https://downloads.xiph.org/releases/opus/${BP}.tar.gz"
SRC_URI = "https://downloads.xiph.org/releases/opus/${BP}.tar.gz \
file://CVE-2022-47021.patch \
"
SRC_URI[md5sum] = "45e8c62f6cd413395223c82f06bfa8ec"
SRC_URI[sha256sum] = "118d8601c12dd6a44f52423e68ca9083cc9f2bfe72da7a8c1acb22a80ae3550b"