Page MenuHomeSolus
Differential D546

Update mpg123 to 1.25.1 - fix CVE-2017-10683
ClosedPublic
Actions

Authored by kyrios123 on Jul 3 2017, 2:15 PM.
Tags
  • Restricted Project
Referenced Files
F11065559: D546.diff
Fri, Aug 11, 5:02 PM
F10964598: D546.id.diff
Wed, Jul 19, 12:43 PM
F10942235: D546.id.diff
Fri, Jul 14, 10:19 AM
Subscribers
None

Details

Reviewers
None
Group Reviewers
Triage Team
Commits
R2106:0d991e714c63: Update mpg123 to 1.25.1 - fix CVE-2017-10683
Summary
  • Avoid memset(NULL, 0, 0) to calm down the paranoid.
  • Fix bug 252, invalid read of size 1 in ID3v2 parser due to forgotten offset from the frame flag bytes (unnoticed in practice for a long time). Fuzzers are in the house again. This one got CVE-2017-10683.
  • Avoid a mostly harmless conditional jump depending on uninitialised fr->lay in compute_bpf() (mpg123_position()) when track is not ready yet.
  • Fix undefined shifts on signed long mask in layer3.c (worked in practice, never right in theory). Code might be a bit faster now, even. Thanks to Agostino Sarubbo for reporting.

Signed-off-by: Pierre-Yves <pyu@riseup.net>

Test Plan
  • successfully build cantata against this library

Diff Detail

Repository
R2106 mpg123
Branch
master
Lint
No Lint Coverage
Unit
No Test Coverage

Revision Contents
Changeset List

PathSize
16 lines
56 lines

Diff 1181

View Options

package.yml

Loading...
View Options

pspec_x86_64.xml

Loading...
Copyright © 2015-2021 Solus Project. The Solus logo is Copyright © 2016-2021 Solus Project. All Rights Reserved.