Google Git
Sign in
cos / third_party / overlays / portage-stable / 4dfd58efe6060397ddbdbb4f7d9b855a547bff4a
commit4dfd58efe6060397ddbdbb4f7d9b855a547bff4a[log] [tgz]
authorJudy Hsiao <judyhsiao@google.com>Tue Jan 21 09:52:39 2020 +0800
committerCommit Bot <commit-bot@chromium.org>Sat Feb 15 04:43:15 2020 +0000
tree35ca9bf6ae575e5ca27cba29a76335e6726bf5a2
parent462c4896b3134816411b00d86af5e319fb18c97e [diff]
sox: Fix CVE-2019-13590

Cap the comments size to 1 GB to avoid overflows in subsequent
arithmetic.
The missing null check mentioned in the bug report is bogus since
lsx_calloc() returns a valid pointer or aborts.

patch from:
https://sourceforge.net/p/sox/code/ci/7b6a889217d62ed7e28188621403cc7542fd1f7e/
https://github.com/gentoo/gentoo/pull/14561

BUG=chromium:1043332
TEST=ebuild and run soxi sox-fmt_56_integer_overflow.mp3. The soxi
command should return a error: "premature EOF" rather than giving
a core dump.

Change-Id: Ie042165490c49082a8fe4f97796018a1b8c8701f
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/overlays/portage-stable/+/2008978
Tested-by: Judy Hsiao <judyhsiao@chromium.org>
Auto-Submit: Judy Hsiao <judyhsiao@chromium.org>
Commit-Queue: Judy Hsiao <judyhsiao@chromium.org>
Reviewed-by: Cheng-Yi Chiang <cychiang@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
2 files changed
tree: 35ca9bf6ae575e5ca27cba29a76335e6726bf5a2
  1. app-accessibility/
  2. app-admin/
  3. app-arch/
  4. app-benchmarks/
  5. app-cdr/
  6. app-crypt/
  7. app-doc/
  8. app-editors/
  9. app-emacs/
  10. app-emulation/
  11. app-eselect/
  12. app-i18n/
  13. app-misc/
  14. app-mobilephone/
  15. app-office/
  16. app-portage/
  17. app-shells/
  18. app-text/
  19. app-vim/
  20. dev-cpp/
  21. dev-db/
  22. dev-embedded/
  23. dev-haskell/
  24. dev-java/
  25. dev-lang/
  26. dev-libs/
  27. dev-perl/
  28. dev-python/
  29. dev-ruby/
  30. dev-tcltk/
  31. dev-util/
  32. dev-vcs/
  33. eclass/
  34. games-emulation/
  35. games-util/
  36. gnome-base/
  37. gnome-extra/
  38. licenses/
  39. mail-client/
  40. media-fonts/
  41. media-gfx/
  42. media-libs/
  43. media-plugins/
  44. media-sound/
  45. media-video/
  46. metadata/
  47. net-analyzer/
  48. net-dialup/
  49. net-dns/
  50. net-firewall/
  51. net-fs/
  52. net-ftp/
  53. net-libs/
  54. net-misc/
  55. net-nds/
  56. net-print/
  57. net-proxy/
  58. net-wireless/
  59. perl-core/
  60. profiles/
  61. sci-calculators/
  62. sci-geosciences/
  63. sci-libs/
  64. sci-visualization/
  65. sys-apps/
  66. sys-auth/
  67. sys-block/
  68. sys-boot/
  69. sys-cluster/
  70. sys-devel/
  71. sys-firmware/
  72. sys-fs/
  73. sys-kernel/
  74. sys-libs/
  75. sys-power/
  76. sys-process/
  77. virtual/
  78. www-servers/
  79. x11-apps/
  80. x11-base/
  81. x11-libs/
  82. x11-misc/
  83. x11-proto/
  84. OWNERS
  85. OWNERS.general
  86. PRESUBMIT.cfg
  87. README