audiofile: patch CVE-2019-13147 and CVE-2022-24599

Details: https://nvd.nist.gov/vuln/detail/CVE-2019-13147 https://nvd.nist.gov/vuln/detail/CVE-2022-24599 These patches are used by opensuse to mitigate the corresponding vulnerabulities. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
2025-12-14 22:35:25 +01:00 · 2025-11-14 09:24:46 +01:00 · 2025-11-14 09:24:46 +01:00 · 8ef997336a
commit 8ef997336a
parent 513e5f1a66
3 changed files with 83 additions and 0 deletions
--- a/meta-oe/recipes-multimedia/audiofile/audiofile_0.3.6.bb
+++ b/meta-oe/recipes-multimedia/audiofile/audiofile_0.3.6.bb
@ -18,6 +18,8 @@ SRC_URI = " \
    file://0006-Check-for-multiplication-overflow-in-sfconvert.patch \
    file://0007-Actually-fail-when-error-occurs-in-parseFormat.patch \
    file://0008-Check-for-multiplication-overflow-in-MSADPCM-decodeS.patch \
+    file://CVE-2019-13147.patch \
+    file://CVE-2022-24599.patch \
 "
 SRC_URI[sha256sum] = "ea2449ad3f201ec590d811db9da6d02ffc5e87a677d06b92ab15363d8cb59782"

--- a/meta-oe/recipes-multimedia/audiofile/files/CVE-2019-13147.patch
+++ b/meta-oe/recipes-multimedia/audiofile/files/CVE-2019-13147.patch
@ -0,0 +1,31 @@
+This patch is taken from opensuse: 
+https://build.opensuse.org/package/show/multimedia:libs/audiofile
+
+CVE: CVE-2019-13147
+Upstream-Status: Inactive-Upstream [lastcommit: 2016-Aug-30]
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+
+diff --unified --recursive --text --new-file --color audiofile-0.3.6/libaudiofile/NeXT.cpp audiofile-0.3.6.new/libaudiofile/NeXT.cpp
+--- audiofile-0.3.6/libaudiofile/NeXT.cpp	2013-03-06 13:30:03.000000000 +0800
+++ audiofile-0.3.6.new/libaudiofile/NeXT.cpp	2025-05-14 10:45:11.685700984 +0800
+@@ -32,6 +32,7 @@
+ #include <stdint.h>
+ #include <stdlib.h>
+ #include <string.h>
+#include <limits.h>
+ 
+ #include "File.h"
+ #include "Setup.h"
+@@ -122,6 +123,12 @@
+ 		_af_error(AF_BAD_CHANNELS, "invalid file with 0 channels");
+ 		return AF_FAIL;
+ 	}
+	/* avoid overflow of INT for double size rate */
+	if (channelCount > (INT32_MAX / (sizeof(double))))
+	{
+		_af_error(AF_BAD_CHANNELS, "invalid file with %i channels", channelCount);
+		return AF_FAIL;
+	}
+ 
+ 	Track *track = allocateTrack();
+ 	if (!track)
--- a/meta-oe/recipes-multimedia/audiofile/files/CVE-2022-24599.patch
+++ b/meta-oe/recipes-multimedia/audiofile/files/CVE-2022-24599.patch
@ -0,0 +1,50 @@
+This patch is taken from opensuse:
+https://build.opensuse.org/package/show/multimedia:libs/audiofile
+
+CVE: CVE-2022-24599
+Upstream-Status: Inactive-Upstream [lastcommit: 2016-Aug-30]
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+
+diff --unified --recursive --text --new-file --color audiofile-0.3.6.old/sfcommands/printinfo.c audiofile-0.3.6.new/sfcommands/printinfo.c
+--- audiofile-0.3.6.old/sfcommands/printinfo.c	2013-03-06 13:30:03.000000000 +0800
+++ audiofile-0.3.6.new/sfcommands/printinfo.c	2025-04-30 15:18:24.778177640 +0800
+@@ -37,6 +37,7 @@
+ #include <stdint.h>
+ #include <stdio.h>
+ #include <stdlib.h>
+#include <limits.h>
+ 
+ static char *copyrightstring (AFfilehandle file);
+ 
+@@ -147,7 +148,11 @@
+ 	int		i, misccount;
+ 
+ 	misccount = afGetMiscIDs(file, NULL);
+-	miscids = (int *) malloc(sizeof (int) * misccount);
+	if (!misccount)
+	    return NULL;
+	miscids = (int *)calloc(misccount, sizeof(int));
+	if (!miscids)
+	    return NULL;
+ 	afGetMiscIDs(file, miscids);
+ 
+ 	for (i=0; i<misccount; i++)
+@@ -159,13 +164,16 @@
+ 			If this code executes, the miscellaneous chunk is a
+ 			copyright chunk.
+ 		*/
+-		int datasize = afGetMiscSize(file, miscids[i]);
+-		char *data = (char *) malloc(datasize);
+		size_t datasize = afGetMiscSize(file, miscids[i]);
+		if (datasize >= INT_MAX - 1)
+		    goto error;
+		char *data = (char *)calloc(datasize + 1, sizeof(char));
+ 		afReadMisc(file, miscids[i], data, datasize);
+ 		copyright = data;
+ 		break;
+ 	}
+ 
+error:
+ 	free(miscids);
+ 
+ 	return copyright;