libvorbis: add patch for CVE-2017-14632 and CVE-2017-14633

[feed/packages.git] / libs / libvorbis / patches / 100-CVE-2017-14632-CVE-2017-14633.patch

diff --git a/libs/libvorbis/patches/100-CVE-2017-14632-CVE-2017-14633.patch b/libs/libvorbis/patches/100-CVE-2017-14632-CVE-2017-14633.patch
new file mode 100644 (file)
index 0000000..84601ff
--- /dev/null
+++ b/libs/libvorbis/patches/100-CVE-2017-14632-CVE-2017-14633.patch
@@ -0,0 +1,12 @@
+--- a/lib/info.c
++++ b/lib/info.c
+@@ -583,7 +583,8 @@ int vorbis_analysis_headerout(vorbis_dsp
+   oggpack_buffer opb;
+   private_state *b=v->backend_state;
+ 
+-  if(!b||vi->channels<=0){
++  if(!b||vi->channels<=0||vi->channels>255){
++    b = NULL;
+     ret=OV_EFAULT;
+     goto err_out;
+   }