packages/libass
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!6 [sync] PR-5: CVE-2020-36430

Browse Source 
From: @openeuler-sync-bot
Reviewed-by: @small_leek,@small_leek
Signed-off-by: @small_leek,@small_leek
This commit is contained in:
openeuler-ci-bot 2021-07-30 07:47:41 +00:00 committed by Gitee
commit a6aafe0b83
2 changed files with 47 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
CVE-2020-36430.patch Normal file
View File

@ -0,0 +1,40 @@
From 017137471d0043e0321e377ed8da48e45a3ec632 Mon Sep 17 00:00:00 2001
From: Oleg Oshmyan <chortos@inbox.lv>
Date: Tue, 27 Oct 2020 15:46:04 +0200
Subject: [PATCH] decode_font: fix subtraction broken by change to unsigned
type
This caused a one-byte buffer overwrite and an assertion failure.
Regression in commit 910211f1c0078e37546f73e95306724358b89be2.
Discovered by OSS-Fuzz.
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26674.
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26678.
---
libass/ass.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/libass/ass.c b/libass/ass.c
index 428a332ff..5be09a7cf 100644
--- a/libass/ass.c
+++ b/libass/ass.c
@@ -857,7 +857,7 @@ static int decode_font(ASS_Track *track)
ass_msg(track->library, MSGL_ERR, "Bad encoded data size");
goto error_decode_font;
}
- buf = malloc(size / 4 * 3 + FFMAX(size % 4 - 1, 0));
+ buf = malloc(size / 4 * 3 + FFMAX(size % 4, 1) - 1);
if (!buf)
goto error_decode_font;
q = buf;
@@ -871,7 +871,7 @@ static int decode_font(ASS_Track *track)
q = decode_chars(p, q, 3);
}
dsize = q - buf;
- assert(dsize == size / 4 * 3 + FFMAX(size % 4 - 1, 0));
+ assert(dsize == size / 4 * 3 + FFMAX(size % 4, 1) - 1);
if (track->library->extract_fonts) {
ass_add_font(track->library, track->parser_priv->fontname,

9
libass.spec
View File

@ -1,6 +1,6 @@
Name: libass Name: libass
Version: 0.15.0 Version: 0.15.0
Release: 1 Release: 2
Summary: Portable subtitle renderer for the ASS/SSA subtitle format Summary: Portable subtitle renderer for the ASS/SSA subtitle format
License: ISC License: ISC
URL: https://github.com/libass URL: https://github.com/libass
@ -9,6 +9,8 @@ Source0: https://github.com/libass/libass/releases/download/%{version}/li
BuildRequires: gcc nasm pkgconfig(fontconfig) >= 2.10.92 pkgconfig(freetype2) >= 9.10.3 BuildRequires: gcc nasm pkgconfig(fontconfig) >= 2.10.92 pkgconfig(freetype2) >= 9.10.3
BuildRequires: pkgconfig(fribidi) >= 0.19.0 pkgconfig(harfbuzz) >= 0.9.5 pkgconfig(libpng) >= 1.2.0 BuildRequires: pkgconfig(fribidi) >= 0.19.0 pkgconfig(harfbuzz) >= 0.9.5 pkgconfig(libpng) >= 1.2.0
Patch0: CVE-2020-36430.patch
%description %description
libass is a portable subtitle renderer for the ASS/SSA (Advanced Substation Alpha/Substation Alpha) libass is a portable subtitle renderer for the ASS/SSA (Advanced Substation Alpha/Substation Alpha)
subtitle format. It is mostly compatible with VSFilter. subtitle format. It is mostly compatible with VSFilter.
@ -24,7 +26,7 @@ The package contains libraries and header files for developing of libass applica
%package_help %package_help
%prep %prep
%autosetup %autosetup -p1
%build %build
%configure %configure
@ -55,6 +57,9 @@ make check
%doc Changelog %doc Changelog
%changelog %changelog
* Thu Jul 29 2021 houyingchao <houyingchao@huawei.com> - 0.15.0-2
- Fix CVE-2020-36430
* Fri Feb 5 2021 zhanghua <zhanghua40@huawei.com> - 0.15.0-1 * Fri Feb 5 2021 zhanghua <zhanghua40@huawei.com> - 0.15.0-1
- update to 0.15.0 to fix CVE-2020-26682 - update to 0.15.0 to fix CVE-2020-26682