poky/meta/recipes-multimedia/speex/speex/CVE-2020-23903.patch - stefanberger/openbmc - Gitiles

 Backport patch to fix CVE-2020-23903.

 CVE: CVE-2020-23903
 Upstream-Status: Backport [https://github.com/xiph/speex/commit/870ff84]

 Signed-off-by: Kai Kang <kai.kang@windriver.com>

 From 870ff845b32f314aec0036641ffe18aba4916887 Mon Sep 17 00:00:00 2001
 From: Tristan Matthews <tmatth@videolan.org>
 Date: Mon, 13 Jul 2020 23:25:03 -0400
 Subject: [PATCH] wav_io: guard against invalid channel numbers

 Fixes #13
 ---
  src/wav_io.c | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)

 diff --git a/src/wav_io.c b/src/wav_io.c
 index b5183015..09d62eb0 100644
 --- a/src/wav_io.c
 +++ b/src/wav_io.c
 @@ -111,7 +111,7 @@ int read_wav_header(FILE *file, int *rate, int *channels, int *format, spx_int32
     stmp = le_short(stmp);
     *channels = stmp;

 -   if (stmp>2)
 +   if (stmp>2 || stmp<1)
     {
        fprintf (stderr, "Only mono and (intensity) stereo supported\n");
        return -1;
	Backport patch to fix CVE-2020-23903.

	CVE: CVE-2020-23903
	Upstream-Status: Backport [https://github.com/xiph/speex/commit/870ff84]

	Signed-off-by: Kai Kang <kai.kang@windriver.com>

	From 870ff845b32f314aec0036641ffe18aba4916887 Mon Sep 17 00:00:00 2001
	From: Tristan Matthews <tmatth@videolan.org>
	Date: Mon, 13 Jul 2020 23:25:03 -0400
	Subject: [PATCH] wav_io: guard against invalid channel numbers

	Fixes #13
	---
	src/wav_io.c \| 2 +-
	1 file changed, 1 insertion(+), 1 deletion(-)

	diff --git a/src/wav_io.c b/src/wav_io.c
	index b5183015..09d62eb0 100644
	--- a/src/wav_io.c
	+++ b/src/wav_io.c
	@@ -111,7 +111,7 @@ int read_wav_header(FILE file, int rate, int channels, int format, spx_int32
	stmp = le_short(stmp);
	*channels = stmp;

	- if (stmp>2)
	+ if (stmp>2 \|\| stmp<1)
	{
	fprintf (stderr, "Only mono and (intensity) stereo supported\n");
	return -1;