fix CVE-2020-23903

(cherry picked from commit 390fd1c8aead46df263aaa315f6ca9251add1b8c)
2022-06-06 15:16:29 +08:00 · 2022-06-06 15:16:29 +08:00 · 6e23ef4919
commit 6e23ef4919
parent 89bc3fabcc
2 changed files with 34 additions and 1 deletions
--- a/backport-CVE-2020-23903.patch
+++ b/backport-CVE-2020-23903.patch
@ -0,0 +1,26 @@
+From 870ff845b32f314aec0036641ffe18aba4916887 Mon Sep 17 00:00:00 2001
+From: Tristan Matthews <tmatth@videolan.org>
+Date: Mon, 13 Jul 2020 23:25:03 -0400
+Subject: [PATCH] wav_io: guard against invalid channel numbers
+
+Fixes #13
+---
+ src/wav_io.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/wav_io.c b/src/wav_io.c
+index c2e2bc8..4d77cd7 100644
+--- a/src/wav_io.c
+++ b/src/wav_io.c
+@@ -108,7 +108,7 @@ int read_wav_header(FILE *file, int *rate, int *channels, int *format, spx_int32
+    stmp = le_short(stmp);
+    *channels = stmp;
+ 
+-   if (stmp>2)
+   if (stmp>2 || stmp<1)
+    {
+       fprintf (stderr, "Only mono and (intensity) stereo supported\n");
+       return -1;
+-- 
+1.8.3.1
+
--- a/speex.spec
+++ b/speex.spec
@ -1,12 +1,13 @@
 Name:		speex
 Version:	1.2.0
-Release:	5
+Release:	6
 Summary:	A Free Codec For Free Speech
 License:	BSD
 URL:		https://www.speex.org/
 Source0:	http://downloads.us.xiph.org/releases/speex/%{name}-%{version}.tar.gz

 Patch6000: backport-math_approx-use-unsigned-int-for-LCG-pseudorandom-ge.patch
+Patch6001: backport-CVE-2020-23903.patch

 BuildRequires: gcc git pkgconfig(ogg) pkgconfig(speexdsp)

@ -69,6 +70,12 @@ This package is the development and  files for speex.
 %{_mandir}/man1/speexdec.1.gz

 %changelog
+* Mon Jun 06 2022 shixuantong<shixuantong@h-partners.com> - 1.2.0-6
+- Type:CVE
+- ID:CVE-2020-23903
+- SUG:NA
+- DESC:fix CVE-2020-23903
+
 * Mon Sep 14 2020 shangyibin<shangyibin1@huawei.com> - 1.2.0-5
 - Type:bugfix
 - ID:NA