Mageia Bugzilla – Attachment 14204 Details for
Bug 32608
audiofile needs two other patches for CVE-2019-13147
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
Log In
[x]
|
New Account
|
Forgot Password
[patch]
0014-Partial-fix-of-CVE-2019-13147.patch
0014-Partial-fix-of-CVE-2019-13147.patch (text/plain), 2.23 KB, created by
Philippe Didier
on 2023-12-09 15:39:48 CET
(
hide
)
Description:
0014-Partial-fix-of-CVE-2019-13147.patch
Filename:
MIME Type:
Creator:
Philippe Didier
Created:
2023-12-09 15:39:48 CET
Size:
2.23 KB
patch
obsolete
>From: =?utf-8?q?Bastien_Roucari=C3=A8s?= <rouca@debian.org> >Date: Sat, 11 Nov 2023 17:42:03 +0000 >Subject: Partial fix of CVE-2019-13147 > >This fix the symptom do not allow to allocate negative memory: >==129695==WARNING: AddressSanitizer failed to allocate 0xffffffffc2c00000 bytes >==129695==AddressSanitizer's allocator is terminating the process instead of returning 0 >==129695==If you don't like this behavior set allocator_may_return_null=1 >==129695==AddressSanitizer CHECK failed: ../../../../src/libsanitizer/sanitizer_common/sanitizer_allocator.cc:218 "((0)) != (0)" (0x0, 0x0) > #0 0x7f48c8503c02 (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xe9c02) > #1 0x7f48c8522595 in __sanitizer::CheckFailed(char const*, int, char const*, unsigned long long, unsigned long long) (/usr/lib/x86_64-linux-gnu/libasan.so.4+0x108595) > #2 0x7f48c8509342 (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xef342) > #3 0x7f48c8441e46 (/usr/lib/x86_64-linux-gnu/libasan.so.4+0x27e46) > #4 0x7f48c84f8b1a in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb1a) > #5 0x558dc209af68 in copyaudiodata /home/tim/audiofile-santi/sfcommands/sfconvert.c:327 > #6 0x558dc209a620 in main /home/tim/audiofile-santi/sfcommands/sfconvert.c:248 > #7 0x7f48c7d38b96 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b96) > #8 0x558dc209ac79 in _start (/home/tim/audiofile-santi/sfcommands/.libs/sfconvert+0x1c79) > >If negative bail out > >bug: https://github.com/mpruett/audiofile/issues/54 >forwarded: https://github.com/mpruett/audiofile/issues/54 >bug-debian-security: https://security-tracker.debian.org/tracker/CVE-2019-13147 >bug-debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931343 >--- > sfcommands/sfconvert.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > >diff --git a/sfcommands/sfconvert.c b/sfcommands/sfconvert.c >index 367f7a5..400d485 100644 >--- a/sfcommands/sfconvert.c >+++ b/sfcommands/sfconvert.c >@@ -349,7 +349,8 @@ void printversion (void) > bool copyaudiodata (AFfilehandle infile, AFfilehandle outfile, int trackid) > { > int frameSize = afGetVirtualFrameSize(infile, trackid, 1); >- >+ if(frameSize <= 0) >+ return false; > int kBufferFrameCount = 65536; > int bufferSize; > while (multiplyCheckOverflow(kBufferFrameCount, frameSize, &bufferSize))
From: =?utf-8?q?Bastien_Roucari=C3=A8s?= <rouca@debian.org> Date: Sat, 11 Nov 2023 17:42:03 +0000 Subject: Partial fix of CVE-2019-13147 This fix the symptom do not allow to allocate negative memory: ==129695==WARNING: AddressSanitizer failed to allocate 0xffffffffc2c00000 bytes ==129695==AddressSanitizer's allocator is terminating the process instead of returning 0 ==129695==If you don't like this behavior set allocator_may_return_null=1 ==129695==AddressSanitizer CHECK failed: ../../../../src/libsanitizer/sanitizer_common/sanitizer_allocator.cc:218 "((0)) != (0)" (0x0, 0x0) #0 0x7f48c8503c02 (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xe9c02) #1 0x7f48c8522595 in __sanitizer::CheckFailed(char const*, int, char const*, unsigned long long, unsigned long long) (/usr/lib/x86_64-linux-gnu/libasan.so.4+0x108595) #2 0x7f48c8509342 (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xef342) #3 0x7f48c8441e46 (/usr/lib/x86_64-linux-gnu/libasan.so.4+0x27e46) #4 0x7f48c84f8b1a in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb1a) #5 0x558dc209af68 in copyaudiodata /home/tim/audiofile-santi/sfcommands/sfconvert.c:327 #6 0x558dc209a620 in main /home/tim/audiofile-santi/sfcommands/sfconvert.c:248 #7 0x7f48c7d38b96 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b96) #8 0x558dc209ac79 in _start (/home/tim/audiofile-santi/sfcommands/.libs/sfconvert+0x1c79) If negative bail out bug: https://github.com/mpruett/audiofile/issues/54 forwarded: https://github.com/mpruett/audiofile/issues/54 bug-debian-security: https://security-tracker.debian.org/tracker/CVE-2019-13147 bug-debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931343 --- sfcommands/sfconvert.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/sfcommands/sfconvert.c b/sfcommands/sfconvert.c index 367f7a5..400d485 100644 --- a/sfcommands/sfconvert.c +++ b/sfcommands/sfconvert.c @@ -349,7 +349,8 @@ void printversion (void) bool copyaudiodata (AFfilehandle infile, AFfilehandle outfile, int trackid) { int frameSize = afGetVirtualFrameSize(infile, trackid, 1); - + if(frameSize <= 0) + return false; int kBufferFrameCount = 65536; int bufferSize; while (multiplyCheckOverflow(kBufferFrameCount, frameSize, &bufferSize))
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 32608
:
14203
| 14204