amaharaneko/guix-mirrors
1
1
Fork 0
mirror of https://codeberg.org/guix/guix.git synced 2025-10-02 02:15:12 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

gnu: opusfile: Fix CVE-2022-47021 [security-fix].

Browse source 
* gnu/packages/patches/opusfile-CVE-2022-47021.patch: New patch.
* gnu/local.mk (dist_patch_DATA): Register it.
* gnu/packages/xiph.scm (opusfile): Apply it.

Change-Id: I32ce75de721778165da3627df34cad99e6d79630
Signed-off-by: Gabriel Wicki <gabriel@erlikon.ch>
This commit is contained in:
Simeon Prause 2025-09-22 12:33:17 +02:00 committed by Gabriel Wicki
parent 642083da2b
commit 1aa6da547d
No known key found for this signature in database
GPG key ID: CC98E9F04330FD7F
3 changed files with 43 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

1
gnu/local.mk
View file

@ -1994,6 +1994,7 @@ dist_patch_DATA = \
%D%/packages/patches/openssl-hurd64.patch \
%D%/packages/patches/opentaxsolver-file-browser-fix.patch \
%D%/packages/patches/open-zwave-hidapi.patch \
%D%/packages/patches/opusfile-CVE-2022-47021.patch \
%D%/packages/patches/orangeduck-mpc-fix-pkg-config.patch \
%D%/packages/patches/orbit2-fix-array-allocation-32bit.patch \
%D%/packages/patches/orpheus-cast-errors-and-includes.patch \

40
gnu/packages/patches/opusfile-CVE-2022-47021.patch Normal file
View file

@ -0,0 +1,40 @@
From 0a4cd796df5b030cb866f3f4a5e41a4b92caddf5 Mon Sep 17 00:00:00 2001
From: Ralph Giles <giles@thaumas.net>
Date: Tue, 6 Sep 2022 19:04:31 -0700
Subject: [PATCH] Propagate allocation failure from ogg_sync_buffer.
Instead of segfault, report OP_EFAULT if ogg_sync_buffer returns
a null pointer. This allows more graceful recovery by the caller
in the unlikely event of a fallible ogg_malloc call.
We do check the return value elsewhere in the code, so the new
checks make the code more consistent.
Thanks to https://github.com/xiph/opusfile/issues/36 for reporting.
Signed-off-by: Timothy B. Terriberry <tterribe@xiph.org>
Signed-off-by: Mark Harris <mark.hsj@gmail.com>
---
src/opusfile.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src/opusfile.c b/src/opusfile.c
index ca219b2..3c3c81e 100644
--- a/src/opusfile.c
+++ b/src/opusfile.c
@@ -148,6 +148,7 @@ static int op_get_data(OggOpusFile *_of,int _nbytes){
int nbytes;
OP_ASSERT(_nbytes>0);
buffer=(unsigned char *)ogg_sync_buffer(&_of->oy,_nbytes);
+ if(OP_UNLIKELY(buffer==NULL))return OP_EFAULT;
nbytes=(int)(*_of->callbacks.read)(_of->stream,buffer,_nbytes);
OP_ASSERT(nbytes<=_nbytes);
if(OP_LIKELY(nbytes>0))ogg_sync_wrote(&_of->oy,nbytes);
@@ -1527,6 +1528,7 @@ static int op_open1(OggOpusFile *_of,
if(_initial_bytes>0){
char *buffer;
buffer=ogg_sync_buffer(&_of->oy,(long)_initial_bytes);
+ if(OP_UNLIKELY(buffer==NULL))return OP_EFAULT;
memcpy(buffer,_initial_data,_initial_bytes*sizeof(*buffer));
ogg_sync_wrote(&_of->oy,(long)_initial_bytes);
}

3
gnu/packages/xiph.scm
View file

@ -438,7 +438,8 @@ decoding .opus files.")
".tar.gz"))
(sha256
(base32
"02smwc5ah8nb3a67mnkjzqmrzk43j356hgj2a97s9midq40qd38i"))))
"02smwc5ah8nb3a67mnkjzqmrzk43j356hgj2a97s9midq40qd38i"))
(patches (search-patches "opusfile-CVE-2022-47021.patch"))))
(build-system gnu-build-system)
(arguments
'(#:configure-flags '("--disable-static")