!4 fix CVE-2014-9640

From: @wang_yue111 Reviewed-by: @wangxiao65,@small_leek Signed-off-by: @small_leek
2021-01-11 15:59:56 +08:00 · 2021-01-11 15:59:56 +08:00 · defa660051
commit defa660051
parent 5ad332ebd4 e5b8c52a01
2 changed files with 47 additions and 1 deletions
--- a/CVE-2014-9640.patch
+++ b/CVE-2014-9640.patch
@ -0,0 +1,42 @@
+From af4a9502aa73c358f331ecc038e1e11375898a32 Mon Sep 17 00:00:00 2001
+Date: Mon, 11 Jan 2021 11:51:23 +0800
+Subject: [PATCH] fix CVE-2014-9640
+
+diff --git a/oggenc/oggenc.c b/oggenc/oggenc.c
+index 323dedb..4616506 100644
+--- a/oggenc/oggenc.c
+++ b/oggenc/oggenc.c
+@@ -97,6 +97,8 @@ int main(int argc, char **argv)
+               .3,-1,
+               0,0,0.f,
+               0, 0, 0, 0, 0};
+    input_format raw_format = {NULL, 0, raw_open, wav_close, "raw",
+      N_("RAW file reader")};
+ 
+     int i;
+ 
+@@ -239,8 +241,6 @@ int main(int argc, char **argv)
+ 
+         if(opt.rawmode)
+         {
+-            static input_format raw_format = {NULL, 0, raw_open, wav_close, "raw",
+-                N_("RAW file reader")};
+ 
+             enc_opts.rate=opt.raw_samplerate;
+             enc_opts.channels=opt.raw_channels;
+diff --git a/oggenc/skeleton.h b/oggenc/skeleton.h
+index cf87dc2..50b070f 100644
+--- a/oggenc/skeleton.h
+++ b/oggenc/skeleton.h
+@@ -41,7 +41,7 @@ typedef struct {
+     ogg_int64_t granule_rate_d;                            /* granule rate denominator */
+     ogg_int64_t start_granule;                             /* start granule value */
+     ogg_uint32_t preroll;                                   /* preroll */
+-    unsigned char granule_shift; // a 8-bit field           /* 1 byte value holding the granule shift */
+    unsigned char granule_shift;                            /* 1 byte value holding the granule shift */
+     char *message_header_fields;                            /* holds all the message header fields */
+     /* current total size of the message header fields, for realloc purpose, initially zero */
+     ogg_uint32_t current_header_size;
+-- 
+2.23.0
+
--- a/vorbis-tools.spec
+++ b/vorbis-tools.spec
@ -1,7 +1,7 @@
 Name:		vorbis-tools
 Summary:	Several Ogg Vorbis Tools
 Version:	1.4.0
-Release:	30
+Release:	31
 Epoch:		1
 License:	GPLv2
 URL:		http://www.xiph.org/
@ -14,6 +14,7 @@ Patch3:		vorbis-tools-1.4.0-bz1116650.patch
 Patch4:		vorbis-tools-1.4.0-bz1185558.patch
 Patch5:		vorbis-tools-1.4.0-CVE-2014-9638-CVE-2014-9639.patch
 Patch6:		vorbis-tools-1.4.0-CVE-2015-6749.patch
+Patch7:		CVE-2014-9640.patch

 BuildRequires:	flac-devel gettext gcc libao-devel libcurl-devel libvorbis-devel speex-devel

@ -54,5 +55,8 @@ export CFLAGS="$RPM_OPT_FLAGS -Wno-error=format-security"
 %exclude %{_docdir}/%{name}*

 %changelog
+* Mon Jan 11 2021 wangyue<wangyue92@huawei.com> - 1:1.4.0-31
+- fix CVE-2014-9640
+
 * Tue Nov 19 2019 caomeng<caomeng5@huawei.com> - 1:1.4.0-30
 - Package init