[SCM] libgig/master: Add patch to fix CVE-2017-12951. (Closes: #877651)
mira-guest at users.alioth.debian.org
mira-guest at users.alioth.debian.org
Fri Oct 13 20:40:22 UTC 2017
The following commit has been merged in the master branch:
commit 5ff664d1f2a1800dfe0e32c477e22ba5c81347f0
Author: Jaromír Mikeš <mira.mikes at seznam.cz>
Date: Fri Oct 13 22:23:22 2017 +0200
Add patch to fix CVE-2017-12951. (Closes: #877651)
diff --git a/debian/patches/CVE-2017-12951.patch b/debian/patches/CVE-2017-12951.patch
new file mode 100644
index 0000000..28ff6f1
--- /dev/null
+++ b/debian/patches/CVE-2017-12951.patch
@@ -0,0 +1,43 @@
+Description: Avoid some crashes
+ https://security-tracker.debian.org/tracker/CVE-2017-12951
+ http://seclists.org/fulldisclosure/2017/Aug/39
+Author: Jaromír Mikeš <mira.mikes at seznam.cz>
+
+Index: libgig/src/gig.cpp
+===================================================================
+--- libgig.orig/src/gig.cpp
++++ libgig/src/gig.cpp
+@@ -2045,6 +2045,33 @@ namespace {
+ // get the corresponding velocity table from the table map or create & calculate that table if it doesn't exist yet
+ double* DimensionRegion::GetVelocityTable(curve_type_t curveType, uint8_t depth, uint8_t scaling)
+ {
++ // sanity check input parameters
++ // (fallback to some default parameters on ill input)
++ switch (curveType) {
++ case curve_type_nonlinear:
++ case curve_type_linear:
++ if (depth > 4) {
++ printf("Warning: Invalid depth (0x%x) for velocity curve type (0x%x).\n", depth, curveType);
++ depth = 0;
++ scaling = 0;
++ }
++ break;
++ case curve_type_special:
++ if (depth > 5) {
++ printf("Warning: Invalid depth (0x%x) for velocity curve type 'special'.\n", depth);
++ depth = 0;
++ scaling = 0;
++ }
++ break;
++ case curve_type_unknown:
++ default:
++ printf("Warning: Unknown velocity curve type (0x%x).\n", curveType);
++ curveType = curve_type_linear;
++ depth = 0;
++ scaling = 0;
++ break;
++ }
++
+ double* table;
+ uint32_t tableKey = (curveType<<16) | (depth<<8) | scaling;
+ if (pVelocityTables->count(tableKey)) { // if key exists
diff --git a/debian/patches/series b/debian/patches/series
index 4078684..f61745c 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -3,3 +3,5 @@
04-spelling.patch
05-fix-libdir.patch
CVE-2017-12952.diff
+CVE-2017-12951.patch
+CVE-2017-12954.patch
--
libgig packaging
More information about the pkg-multimedia-commits
mailing list