reinit the tree, so we can have metadata

author: V3n3RiX <venerix@redcorelinux.org> 2017-10-09 18:53:29 +0100
committer: V3n3RiX <venerix@redcorelinux.org> 2017-10-09 18:53:29 +0100
commit: 4f2d7949f03e1c198bc888f2d05f421d35c57e21 (patch)
tree: ba5f07bf3f9d22d82e54a462313f5d244036c768 /media-sound/vorbis-tools/files/vorbis-tools-1.4.0-CVE-2014-9638.patch
1 files changed, 92 insertions, 0 deletions
diff --git a/media-sound/vorbis-tools/files/vorbis-tools-1.4.0-CVE-2014-9638.patch b/media-sound/vorbis-tools/files/vorbis-tools-1.4.0-CVE-2014-9638.patch
new file mode 100644
index 000000000000..79859df0274f
--- /dev/null
+++ b/media-sound/vorbis-tools/files/vorbis-tools-1.4.0-CVE-2014-9638.patch
@@ -0,0 +1,92 @@
+Patches taken as references: 
+https://github.com/mark4o/opus-tools/commit/8c412e619b83eb6dd32191909cf6672e93e5802e
+https://trac.xiph.org/attachment/ticket/2212/0001-oggenc-Fix-large-alloca-on-bad-AIFF-input.patch
+To fix bug report:
+http://www.openwall.com/lists/oss-security/2015/08/29/1
+    https://bugs.gentoo.org/show_bug.cgi?id=559170
+https://bugs.gentoo.org/show_bug.cgi?id=537422
+--- oggenc/audio.h
++++ oggenc/audio.h
+@@ -25,7 +25,7 @@
+ 
+ typedef struct {
+     short format;
+-    short channels;
++    unsigned short channels;
+     int samplerate;
+     int bytespersec;
+     short align;
+@@ -44,7 +44,7 @@
+ } wavfile;
+ 
+ typedef struct {
+-    short channels;
++    unsigned short channels;
+     int totalframes;
+     short samplesize;
+     int rate;
+--- oggenc/audio.c	
++++ oggenc/audio.c
+@@ -245,8 +245,8 @@
+ int aiff_open(FILE *in, oe_enc_opt *opt, unsigned char *buf, int buflen)
+ {
+     int aifc; /* AIFC or AIFF? */
+-    unsigned int len;
+-    unsigned char *buffer;
++    unsigned int len,readlen;
++    unsigned char buffer[22];
+     unsigned char buf2[8];
+     aiff_fmt format;
+     aifffile *aiff = malloc(sizeof(aifffile));
+@@ -269,9 +269,9 @@
+         return 0; /* Weird common chunk */
+     }
+
+-    buffer = alloca(len);
+-
+-    if(fread(buffer,1,len,in) < len)
++    readlen = len < sizeof(buffer) ? len : sizeof(buffer);
++    if(fread(buffer,1,readlen,in) < readlen ||
++        (len > readlen && !seek_forward(in, len-readlen)))
+     {
+         fprintf(stderr, _("Warning: Unexpected EOF in reading AIFF header\n"));
+         return 0;
+@@ -277,11 +277,18 @@
+         return 0;
+     }
+ 
+-    format.channels = READ_U16_BE(buffer);
++    format.channels = (short)READ_U16_BE(buffer);
+     format.totalframes = READ_U32_BE(buffer+2);
+     format.samplesize = READ_U16_BE(buffer+6);
+     format.rate = (int)read_IEEE80(buffer+8);
+ 
++    if(format.channels <=0)
++    {
++    	fprintf(stderr, _("ERROR: Invalid channel count in AIFF header\n"));
++	return 0;
++
++    }
++
+     aiff->bigendian = 1;
+ 
+     if(aifc)
+@@ -449,11 +449,17 @@
+     }
+
+     format.format =      READ_U16_LE(buf);
+-    format.channels =    READ_U16_LE(buf+2);
++    format.channels =    (short)READ_U16_LE(buf+2);
+     format.samplerate =  READ_U32_LE(buf+4);
+     format.bytespersec = READ_U32_LE(buf+8);
+     format.align =       READ_U16_LE(buf+12);
+     format.samplesize =  READ_U16_LE(buf+14);
++
++    if(format.channels == 0)
++    {
++      fprintf(stderr, _("ERROR: Zero channels in WAV header\n"));
++      return 0;
++    }
+
+     if(format.format == -2) /* WAVE_FORMAT_EXTENSIBLE */
+     {
author	V3n3RiX <venerix@redcorelinux.org>	2017-10-09 18:53:29 +0100
committer	V3n3RiX <venerix@redcorelinux.org>	2017-10-09 18:53:29 +0100
commit	4f2d7949f03e1c198bc888f2d05f421d35c57e21 (patch)
tree	ba5f07bf3f9d22d82e54a462313f5d244036c768 /media-sound/vorbis-tools/files/vorbis-tools-1.4.0-CVE-2014-9638.patch