Skip to content

oss-fuzz ASAN fixes #713

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Feb 21, 2021
Merged

oss-fuzz ASAN fixes #713

merged 2 commits into from
Feb 21, 2021

Conversation

bobsayshilol
Copy link
Contributor

This PR fixes the security issues spotted by oss-fuzz in https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26026 and https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26803. Of the other publicly visible security issues only https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=27503 looks frightening, and that looks like it'll go away once the UBSan issues in ALAC are fixed.

@bobsayshilol
wavlike: Fix incorrect size check
243b518 
The SF_CART_INFO_16K struct has an additional 4 byte field to hold
the size of 'tag_text' which the file header doesn't, so don't
include it as part of the check when looking for the max length.

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26026
@bobsayshilol
ms_adpcm: Fix and extend size checks
68a4bc0 
'blockalign' is the size of a block, and each block contains 7 samples
per channel as part of the preamble, so check against 'samplesperblock'
rather than 'blockalign'. Also add an additional check that the block
is big enough to hold the samples it claims to hold.

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26803
@evpobr evpobr self-assigned this Feb 21, 2021
@evpobr evpobr added the Bug Something isn't working label Feb 21, 2021
@evpobr evpobr added this to the v1.1.0 milestone Feb 21, 2021
@evpobr evpobr merged commit deb669e into libsndfile:master Feb 21, 2021
@evpobr
Copy link
Member

evpobr commented Feb 21, 2021

Thanks again @bobsayshilol !

@krisfed krisfed mentioned this pull request Aug 11, 2021
Closed
halstead pushed a commit to openembedded/openembedded-core that referenced this pull request Sep 29, 2021
@mvakuster @sakoman
libsndfile: Security fix for CVE-2021-3246
f999bac 
Source: https://github.com/libsndfile/libsndfile
MR: 112098
Type: Security Fix
Disposition: Backport from libsndfile/libsndfile#713
ChangeID: 10d137de063b7a1e543ee96fbcf948945a452869
Description:

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
seambot pushed a commit to seamapi/poky that referenced this pull request Sep 29, 2021
@mvakuster @rpurdie
libsndfile: Security fix for CVE-2021-3246
874fe76 
Source: https://github.com/libsndfile/libsndfile
MR: 112098
Type: Security Fix
Disposition: Backport from libsndfile/libsndfile#713
ChangeID: 10d137de063b7a1e543ee96fbcf948945a452869
Description:

(From OE-Core rev: f999bac187a935821f8580f3c5b1d08107ba9851)

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@evpobr evpobr

Labels

Bug Something isn't working

Projects

None yet

Milestone

v1.1.0

Development

Successfully merging this pull request may close these issues.

2 participants

@bobsayshilol @evpobr