[libvorbisidec] 01/01: Import Debian changes 1.0.2+svn18153-1+deb9u1
Petter Reinholdtsen
pere at moszumanska.debian.org
Fri Apr 6 14:19:23 UTC 2018
This is an automated email from the git hooks/post-receive script.
pere pushed a commit to annotated tag debian/1.0.2+svn18153-1+deb9u1
in repository libvorbisidec.
commit 7a726db4a1d92cb51fd74b109839c2e7cb4ef5c6
Author: Salvatore Bonaccorso <carnil at debian.org>
Date: Fri Mar 16 21:00:34 2018 +0100
Import Debian changes 1.0.2+svn18153-1+deb9u1
libvorbisidec (1.0.2+svn18153-1+deb9u1) stretch-security; urgency=high
* Non-maintainer upload by the Security Team.
* Prevent out-of-bounds write in codebook decoding (CVE-2018-5147)
(Closes: #893132)
---
codebook.c | 18 +++++++++---------
debian/changelog | 8 ++++++++
2 files changed, 17 insertions(+), 9 deletions(-)
diff --git a/codebook.c b/codebook.c
index f8b7983..1e1ae8a 100644
--- a/codebook.c
+++ b/codebook.c
@@ -258,7 +258,7 @@ long vorbis_book_decodevs_add(codebook *book,ogg_int32_t *a,
t[i] = book->valuelist+entry[i]*book->dim;
}
for(i=0,o=0;i<book->dim;i++,o+=step)
- for (j=0;j<step;j++)
+ for (j=0;o+j<n && j<step;j++)
a[o+j]+=t[j][i]>>shift;
}else{
for (i = 0; i < step; i++) {
@@ -267,7 +267,7 @@ long vorbis_book_decodevs_add(codebook *book,ogg_int32_t *a,
t[i] = book->valuelist+entry[i]*book->dim;
}
for(i=0,o=0;i<book->dim;i++,o+=step)
- for (j=0;j<step;j++)
+ for (j=0;o+j<n && j<step;j++)
a[o+j]+=t[j][i]<<-shift;
}
}
@@ -287,7 +287,7 @@ long vorbis_book_decodev_add(codebook *book,ogg_int32_t *a,
entry = decode_packed_entry_number(book,b);
if(entry==-1)return(-1);
t = book->valuelist+entry*book->dim;
- for (j=0;j<book->dim;)
+ for (j=0;i<n && j<book->dim;)
a[i++]+=t[j++]>>shift;
}
}else{
@@ -295,7 +295,7 @@ long vorbis_book_decodev_add(codebook *book,ogg_int32_t *a,
entry = decode_packed_entry_number(book,b);
if(entry==-1)return(-1);
t = book->valuelist+entry*book->dim;
- for (j=0;j<book->dim;)
+ for (j=0;i<n && j<book->dim;)
a[i++]+=t[j++]<<-shift;
}
}
@@ -352,15 +352,15 @@ long vorbis_book_decodevv_add(codebook *book,ogg_int32_t **a,\
long i,j,entry;
int chptr=0;
int shift=point-book->binarypoint;
-
+ int m=offset+n;
if(shift>=0){
- for(i=offset;i<offset+n;){
+ for(i=offset;i<m;){
entry = decode_packed_entry_number(book,b);
if(entry==-1)return(-1);
{
const ogg_int32_t *t = book->valuelist+entry*book->dim;
- for (j=0;j<book->dim;j++){
+ for (j=0;i<m && j<book->dim;j++){
a[chptr++][i]+=t[j]>>shift;
if(chptr==ch){
chptr=0;
@@ -371,12 +371,12 @@ long vorbis_book_decodevv_add(codebook *book,ogg_int32_t **a,\
}
}else{
- for(i=offset;i<offset+n;){
+ for(i=offset;i<m;){
entry = decode_packed_entry_number(book,b);
if(entry==-1)return(-1);
{
const ogg_int32_t *t = book->valuelist+entry*book->dim;
- for (j=0;j<book->dim;j++){
+ for (j=0;i<m && j<book->dim;j++){
a[chptr++][i]+=t[j]<<-shift;
if(chptr==ch){
chptr=0;
diff --git a/debian/changelog b/debian/changelog
index ae7ee70..ebae443 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+libvorbisidec (1.0.2+svn18153-1+deb9u1) stretch-security; urgency=high
+
+ * Non-maintainer upload by the Security Team.
+ * Prevent out-of-bounds write in codebook decoding (CVE-2018-5147)
+ (Closes: #893132)
+
+ -- Salvatore Bonaccorso <carnil at debian.org> Fri, 16 Mar 2018 21:00:34 +0100
+
libvorbisidec (1.0.2+svn18153-1) unstable; urgency=medium
* QA upload.
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-xiph/libvorbisidec.git
More information about the pkg-xiph-commits
mailing list