!8 [sync] PR-5: fix CVE-2020-23903

From: @openeuler-sync-bot Reviewed-by: @xiezhipeng1 Signed-off-by: @xiezhipeng1
2022-06-07 01:44:53 +00:00 · 2022-06-07 01:44:53 +00:00 · bd42e49890
commit bd42e49890
parent 89bc3fabcc 6e23ef4919
2 changed files with 34 additions and 1 deletions
--- a/backport-CVE-2020-23903.patch
+++ b/backport-CVE-2020-23903.patch
@ -0,0 +1,26 @@
 From 870ff845b32f314aec0036641ffe18aba4916887 Mon Sep 17 00:00:00 2001
 From: Tristan Matthews <tmatth@videolan.org>
 Date: Mon, 13 Jul 2020 23:25:03 -0400
 Subject: [PATCH] wav_io: guard against invalid channel numbers
 Fixes #13
 ---
 src/wav_io.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 diff --git a/src/wav_io.c b/src/wav_io.c
 index c2e2bc8..4d77cd7 100644
 --- a/src/wav_io.c
 +++ b/src/wav_io.c
@@ -108,7 +108,7 @@ int read_wav_header(FILE *file, int *rate, int *channels, int *format, spx_int32
    stmp = le_short(stmp);
    *channels = stmp;
 -   if (stmp>2)
 +   if (stmp>2 || stmp<1)
    {
       fprintf (stderr, "Only mono and (intensity) stereo supported\n");
       return -1;
 -- 
 1.8.3.1
--- a/speex.spec
+++ b/speex.spec
@ -1,12 +1,13 @@
 Name:		speex
 Version:	1.2.0
-Release:	5
+Release:	6
 Summary:	A Free Codec For Free Speech
 License:	BSD
 URL:		https://www.speex.org/
 Source0:	http://downloads.us.xiph.org/releases/speex/%{name}-%{version}.tar.gz
 Patch6000: backport-math_approx-use-unsigned-int-for-LCG-pseudorandom-ge.patch
 Patch6001: backport-CVE-2020-23903.patch
 BuildRequires: gcc git pkgconfig(ogg) pkgconfig(speexdsp)
@ -69,6 +70,12 @@ This package is the development and  files for speex.
 %{_mandir}/man1/speexdec.1.gz
 %changelog
 * Mon Jun 06 2022 shixuantong<shixuantong@h-partners.com> - 1.2.0-6
 - Type:CVE
 - ID:CVE-2020-23903
 - SUG:NA
 - DESC:fix CVE-2020-23903
 * Mon Sep 14 2020 shangyibin<shangyibin1@huawei.com> - 1.2.0-5
 - Type:bugfix
 - ID:NA