[Buildroot] [git commit branch/2022.11.x] package/opusfile: fix CVE-2022-47021
Peter Korsgaard
peter at korsgaard.com
Tue Feb 21 20:32:16 UTC 2023
commit: https://git.buildroot.net/buildroot/commit/?id=3959f94377fd1d36c5779791320bbaee0f383e24
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/2022.11.x
A null pointer dereference issue was discovered in functions op_get_data
and op_open1 in opusfile.c in xiph opusfile 0.9 thru 0.12 allows
attackers to cause denial of service or other unspecified impacts.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice at gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998 at free.fr>
(cherry picked from commit ae65870e652088dd65ca41d63304893d1d4443a2)
Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
---
...e-allocation-failure-from-ogg_sync_buffer.patch | 44 ++++++++++++++++++++++
package/opusfile/opusfile.mk | 3 ++
2 files changed, 47 insertions(+)
diff --git a/package/opusfile/0001-Propagate-allocation-failure-from-ogg_sync_buffer.patch b/package/opusfile/0001-Propagate-allocation-failure-from-ogg_sync_buffer.patch
new file mode 100644
index 0000000000..2ef08502ab
--- /dev/null
+++ b/package/opusfile/0001-Propagate-allocation-failure-from-ogg_sync_buffer.patch
@@ -0,0 +1,44 @@
+From 0a4cd796df5b030cb866f3f4a5e41a4b92caddf5 Mon Sep 17 00:00:00 2001
+From: Ralph Giles <giles at thaumas.net>
+Date: Tue, 6 Sep 2022 19:04:31 -0700
+Subject: [PATCH] Propagate allocation failure from ogg_sync_buffer.
+
+Instead of segfault, report OP_EFAULT if ogg_sync_buffer returns
+a null pointer. This allows more graceful recovery by the caller
+in the unlikely event of a fallible ogg_malloc call.
+
+We do check the return value elsewhere in the code, so the new
+checks make the code more consistent.
+
+Thanks to https://github.com/xiph/opusfile/issues/36 for reporting.
+
+Signed-off-by: Timothy B. Terriberry <tterribe at xiph.org>
+Signed-off-by: Mark Harris <mark.hsj at gmail.com>
+
+[Retrieved from:
+https://github.com/xiph/opusfile/commit/0a4cd796df5b030cb866f3f4a5e41a4b92caddf5]
+Signed-off-by: Fabrice Fontaine <fontaine.fabrice at gmail.com>
+---
+ src/opusfile.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/src/opusfile.c b/src/opusfile.c
+index ca219b2..3c3c81e 100644
+--- a/src/opusfile.c
++++ b/src/opusfile.c
+@@ -148,6 +148,7 @@ static int op_get_data(OggOpusFile *_of,int _nbytes){
+ int nbytes;
+ OP_ASSERT(_nbytes>0);
+ buffer=(unsigned char *)ogg_sync_buffer(&_of->oy,_nbytes);
++ if(OP_UNLIKELY(buffer==NULL))return OP_EFAULT;
+ nbytes=(int)(*_of->callbacks.read)(_of->stream,buffer,_nbytes);
+ OP_ASSERT(nbytes<=_nbytes);
+ if(OP_LIKELY(nbytes>0))ogg_sync_wrote(&_of->oy,nbytes);
+@@ -1527,6 +1528,7 @@ static int op_open1(OggOpusFile *_of,
+ if(_initial_bytes>0){
+ char *buffer;
+ buffer=ogg_sync_buffer(&_of->oy,(long)_initial_bytes);
++ if(OP_UNLIKELY(buffer==NULL))return OP_EFAULT;
+ memcpy(buffer,_initial_data,_initial_bytes*sizeof(*buffer));
+ ogg_sync_wrote(&_of->oy,(long)_initial_bytes);
+ }
diff --git a/package/opusfile/opusfile.mk b/package/opusfile/opusfile.mk
index 72ae82e801..63553a81e7 100644
--- a/package/opusfile/opusfile.mk
+++ b/package/opusfile/opusfile.mk
@@ -11,6 +11,9 @@ OPUSFILE_LICENSE = BSD-3-Clause
OPUSFILE_LICENSE_FILES = COPYING
OPUSFILE_INSTALL_STAGING = YES
+# 0001-Propagate-allocation-failure-from-ogg_sync_buffer.patch
+OPUSFILE_IGNORE_CVES += CVE-2022-47021
+
ifeq ($(BR2_PACKAGE_OPENSSL),y)
OPUSFILE_DEPENDENCIES += openssl
else
More information about the buildroot
mailing list