From 51a724359874e28841ad91ed995307abca5e4064 Mon Sep 17 00:00:00 2001 From: starlet-dx <15929766099@163.com> Date: Sun, 29 Jan 2023 15:23:10 +0800 Subject: [PATCH] Fix CVE-2022-47021 (cherry picked from commit 848080c5c0d1d78af99165755fdadf9c3e6f7379) --- CVE-2022-47021.patch | 40 ++++++++++++++++++++++++++++++++++++++++ opusfile.spec | 8 ++++++-- 2 files changed, 46 insertions(+), 2 deletions(-) create mode 100644 CVE-2022-47021.patch diff --git a/CVE-2022-47021.patch b/CVE-2022-47021.patch new file mode 100644 index 0000000..b41ef35 --- /dev/null +++ b/CVE-2022-47021.patch @@ -0,0 +1,40 @@ +From 0a4cd796df5b030cb866f3f4a5e41a4b92caddf5 Mon Sep 17 00:00:00 2001 +From: Ralph Giles +Date: Tue, 6 Sep 2022 19:04:31 -0700 +Subject: [PATCH] Propagate allocation failure from ogg_sync_buffer. + +Instead of segfault, report OP_EFAULT if ogg_sync_buffer returns +a null pointer. This allows more graceful recovery by the caller +in the unlikely event of a fallible ogg_malloc call. + +We do check the return value elsewhere in the code, so the new +checks make the code more consistent. + +Thanks to https://github.com/xiph/opusfile/issues/36 for reporting. + +Signed-off-by: Timothy B. Terriberry +Signed-off-by: Mark Harris +--- + src/opusfile.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/src/opusfile.c b/src/opusfile.c +index ca219b2..3c3c81e 100644 +--- a/src/opusfile.c ++++ b/src/opusfile.c +@@ -148,6 +148,7 @@ static int op_get_data(OggOpusFile *_of,int _nbytes){ + int nbytes; + OP_ASSERT(_nbytes>0); + buffer=(unsigned char *)ogg_sync_buffer(&_of->oy,_nbytes); ++ if(OP_UNLIKELY(buffer==NULL))return OP_EFAULT; + nbytes=(int)(*_of->callbacks.read)(_of->stream,buffer,_nbytes); + OP_ASSERT(nbytes<=_nbytes); + if(OP_LIKELY(nbytes>0))ogg_sync_wrote(&_of->oy,nbytes); +@@ -1527,6 +1528,7 @@ static int op_open1(OggOpusFile *_of, + if(_initial_bytes>0){ + char *buffer; + buffer=ogg_sync_buffer(&_of->oy,(long)_initial_bytes); ++ if(OP_UNLIKELY(buffer==NULL))return OP_EFAULT; + memcpy(buffer,_initial_data,_initial_bytes*sizeof(*buffer)); + ogg_sync_wrote(&_of->oy,(long)_initial_bytes); + } diff --git a/opusfile.spec b/opusfile.spec index 9ae332f..8b469f5 100644 --- a/opusfile.spec +++ b/opusfile.spec @@ -1,11 +1,12 @@ Name: opusfile Version: 0.11 -Release: 4 +Release: 5 Summary: A high-level API provides seeking, decode, and playback of Opus streams License: BSD URL: http://www.opus-codec.org/ Source0: http://downloads.xiph.org/releases/opus/%{name}-%{version}.tar.gz Patch0000: 0001-fix-MemorySanitizer-use-of-uninitialized-value.patch +Patch0001: CVE-2022-47021.patch BuildRequires: gcc libogg-devel openssl-devel opus-devel @@ -50,7 +51,10 @@ Development package for opusfile package. %{_libdir}/{libopusfile.so,libopusurl.so} %changelog -* Web 02 Jun 2021 zhaoyao - 0.11-4 +* Sun Jan 29 2023 yaoxin - 0.11-5 +- Fix CVE-2022-47021 + +* Wed Jun 02 2021 zhaoyao - 0.11-4 - fixs faileds: /bin/sh: gcc: command not found. * Thu Dec 03 2020 maminjie - 0.11-3 -- Gitee