commit | 4dfd58efe6060397ddbdbb4f7d9b855a547bff4a | [log] [tgz] |
---|---|---|
author | Judy Hsiao <judyhsiao@google.com> | Tue Jan 21 09:52:39 2020 +0800 |
committer | Commit Bot <commit-bot@chromium.org> | Sat Feb 15 04:43:15 2020 +0000 |
tree | 35ca9bf6ae575e5ca27cba29a76335e6726bf5a2 | |
parent | 462c4896b3134816411b00d86af5e319fb18c97e [diff] |
sox: Fix CVE-2019-13590 Cap the comments size to 1 GB to avoid overflows in subsequent arithmetic. The missing null check mentioned in the bug report is bogus since lsx_calloc() returns a valid pointer or aborts. patch from: https://sourceforge.net/p/sox/code/ci/7b6a889217d62ed7e28188621403cc7542fd1f7e/ https://github.com/gentoo/gentoo/pull/14561 BUG=chromium:1043332 TEST=ebuild and run soxi sox-fmt_56_integer_overflow.mp3. The soxi command should return a error: "premature EOF" rather than giving a core dump. Change-Id: Ie042165490c49082a8fe4f97796018a1b8c8701f Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/overlays/portage-stable/+/2008978 Tested-by: Judy Hsiao <judyhsiao@chromium.org> Auto-Submit: Judy Hsiao <judyhsiao@chromium.org> Commit-Queue: Judy Hsiao <judyhsiao@chromium.org> Reviewed-by: Cheng-Yi Chiang <cychiang@chromium.org> Reviewed-by: Mike Frysinger <vapier@chromium.org>