diff options
| author |   Sebastian Pipping <sping@gentoo.org> | 2020-03-16 22:04:33 +0100 |
|---|---|---|
| committer | Sebastian Pipping <sping@gentoo.org> | 2020-03-16 22:04:52 +0100 |
| commit | 9dc346fb2bd5debe6bedfc047255438242505d66 (patch) | |
| tree | 0b22dcc0c120fc515165e3a6503b4a20cd0f8edc /media-libs/tremor | |
| parent | dev-python/sphinx: Replace virts with cond deps (diff) | |
| download | gentoo-9dc346fb2bd5debe6bedfc047255438242505d66.tar.gz gentoo-9dc346fb2bd5debe6bedfc047255438242505d66.tar.bz2 gentoo-9dc346fb2bd5debe6bedfc047255438242505d66.zip | |
media-libs/tremor: Fix out-of-bounds write
Bug: https://bugs.gentoo.org/650656
Signed-off-by: Sebastian Pipping <sping@gentoo.org>
Package-Manager: Portage-2.3.92, Repoman-2.3.20
Diffstat (limited to 'media-libs/tremor')
| -rw-r--r-- | media-libs/tremor/files/tremor-0_pre20130223-out-of-bounds-write.patch | 88 | ||||
| -rw-r--r-- | media-libs/tremor/tremor-0_pre20130223-r2.ebuild | 50 |
2 files changed, 138 insertions, 0 deletions
diff --git a/media-libs/tremor/files/tremor-0_pre20130223-out-of-bounds-write.patch b/media-libs/tremor/files/tremor-0_pre20130223-out-of-bounds-write.patch new file mode 100644 index 000000000000..403a89e670a9 --- /dev/null +++ b/media-libs/tremor/files/tremor-0_pre20130223-out-of-bounds-write.patch @@ -0,0 +1,88 @@ +From 562307a4a7082e24553f3d2c55dab397a17c4b4f Mon Sep 17 00:00:00 2001 +From: Thomas Daede <daede003@umn.edu> +Date: Thu, 15 Mar 2018 21:47:09 -0700 +Subject: [PATCH] Prevent out-of-bounds write in codebook decoding. + +Codebooks that are not an exact divisor of the partition size are now +truncated to fit within the partition. +--- + codebook.c | 18 +++++++++--------- + 1 file changed, 9 insertions(+), 9 deletions(-) + +diff --git a/codebook.c b/codebook.c +index f8b7983..1e1ae8a 100644 +--- a/codebook.c ++++ b/codebook.c +@@ -258,7 +258,7 @@ long vorbis_book_decodevs_add(codebook *book,ogg_int32_t *a, + t[i] = book->valuelist+entry[i]*book->dim; + } + for(i=0,o=0;i<book->dim;i++,o+=step) +- for (j=0;j<step;j++) ++ for (j=0;o+j<n && j<step;j++) + a[o+j]+=t[j][i]>>shift; + }else{ + for (i = 0; i < step; i++) { +@@ -267,7 +267,7 @@ long vorbis_book_decodevs_add(codebook *book,ogg_int32_t *a, + t[i] = book->valuelist+entry[i]*book->dim; + } + for(i=0,o=0;i<book->dim;i++,o+=step) +- for (j=0;j<step;j++) ++ for (j=0;o+j<n && j<step;j++) + a[o+j]+=t[j][i]<<-shift; + } + } +@@ -287,7 +287,7 @@ long vorbis_book_decodev_add(codebook *book,ogg_int32_t *a, + entry = decode_packed_entry_number(book,b); + if(entry==-1)return(-1); + t = book->valuelist+entry*book->dim; +- for (j=0;j<book->dim;) ++ for (j=0;i<n && j<book->dim;) + a[i++]+=t[j++]>>shift; + } + }else{ +@@ -295,7 +295,7 @@ long vorbis_book_decodev_add(codebook *book,ogg_int32_t *a, + entry = decode_packed_entry_number(book,b); + if(entry==-1)return(-1); + t = book->valuelist+entry*book->dim; +- for (j=0;j<book->dim;) ++ for (j=0;i<n && j<book->dim;) + a[i++]+=t[j++]<<-shift; + } + } +@@ -352,15 +352,15 @@ long vorbis_book_decodevv_add(codebook *book,ogg_int32_t **a,\ + long i,j,entry; + int chptr=0; + int shift=point-book->binarypoint; +- ++ int m=offset+n; + if(shift>=0){ + +- for(i=offset;i<offset+n;){ ++ for(i=offset;i<m;){ + entry = decode_packed_entry_number(book,b); + if(entry==-1)return(-1); + { + const ogg_int32_t *t = book->valuelist+entry*book->dim; +- for (j=0;j<book->dim;j++){ ++ for (j=0;i<m && j<book->dim;j++){ + a[chptr++][i]+=t[j]>>shift; + if(chptr==ch){ + chptr=0; +@@ -371,12 +371,12 @@ long vorbis_book_decodevv_add(codebook *book,ogg_int32_t **a,\ + } + }else{ + +- for(i=offset;i<offset+n;){ ++ for(i=offset;i<m;){ + entry = decode_packed_entry_number(book,b); + if(entry==-1)return(-1); + { + const ogg_int32_t *t = book->valuelist+entry*book->dim; +- for (j=0;j<book->dim;j++){ ++ for (j=0;i<m && j<book->dim;j++){ + a[chptr++][i]+=t[j]<<-shift; + if(chptr==ch){ + chptr=0; +-- +2.11.0 + diff --git a/media-libs/tremor/tremor-0_pre20130223-r2.ebuild b/media-libs/tremor/tremor-0_pre20130223-r2.ebuild new file mode 100644 index 000000000000..a316b2867b7d --- /dev/null +++ b/media-libs/tremor/tremor-0_pre20130223-r2.ebuild @@ -0,0 +1,50 @@ +# Copyright 1999-2020 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=5 + +# svn export http://svn.xiph.org/trunk/Tremor tremor-${PV} + +inherit autotools eutils ltprune multilib-minimal + +DESCRIPTION="A fixed-point version of the Ogg Vorbis decoder (also known as libvorbisidec)" +HOMEPAGE="https://wiki.xiph.org/Tremor" +SRC_URI="https://dev.gentoo.org/~ssuominen/${P}.tar.xz" + +LICENSE="BSD" +SLOT="0" +KEYWORDS="~amd64 ~arm ~arm64 ~hppa ~ia64 ~ppc ~ppc64 ~sparc ~x86" +IUSE="low-accuracy static-libs" + +RDEPEND=">=media-libs/libogg-1.3.0:=[${MULTILIB_USEDEP}]" +DEPEND="${RDEPEND} + virtual/pkgconfig" + +DOCS=( "CHANGELOG" "README" ) + +PATCHES=( + "${FILESDIR}"/${P}-out-of-bounds-write.patch +) + +src_prepare() { + epatch "${PATCHES[@]}" + + sed -i \ + -e '/CFLAGS/s:-O2::' \ + -e 's:AM_CONFIG_HEADER:AC_CONFIG_HEADERS:' \ + configure.in || die + + eautoreconf +} + +multilib_src_configure() { + ECONF_SOURCE="${S}" econf \ + $(use_enable static-libs static) \ + $(use_enable low-accuracy) +} + +multilib_src_install_all() { + einstalldocs + dohtml -r doc/* + prune_libtool_files +} |