From e0f6e2da18feafadda5f22501df0fe37a6b91b34 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=C3=98rjan=20Malde?= <red@foxi.me>
Date: Fri, 26 Mar 2021 15:20:15 +0100
Subject: groups/251.native_packages_lib.group: adds libmp3splt v0.9.2
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Lucio Andrés Illanes Albornoz <lucio@lucioillanes.de>
---
 patches/libmp3splt/CVE-2017-15185.patch | 41 +++++++++++++++++++++++++++++++++
 1 file changed, 41 insertions(+)
 create mode 100644 patches/libmp3splt/CVE-2017-15185.patch

(limited to 'patches/libmp3splt/CVE-2017-15185.patch')

diff --git a/patches/libmp3splt/CVE-2017-15185.patch b/patches/libmp3splt/CVE-2017-15185.patch
new file mode 100644
index 00000000..82090f43
--- /dev/null
+++ b/patches/libmp3splt/CVE-2017-15185.patch
@@ -0,0 +1,41 @@
+diff --git a/plugins/ogg.c b/plugins/ogg.c
+index 50cc495..57745f1 100644
+--- a/plugins/ogg.c
++++ b/plugins/ogg.c
+@@ -212,26 +212,36 @@ static splt_ogg_state *splt_ogg_v_new(int *error)
+     goto error;
+   }
+   memset(oggstate, 0, sizeof(splt_ogg_state));
++
+   if ((oggstate->sync_in = malloc(sizeof(ogg_sync_state)))==NULL)
+   {
+     goto error;
+   }
++  memset(oggstate->sync_in, 0, sizeof(ogg_sync_state));
++
+   if ((oggstate->stream_in = malloc(sizeof(ogg_stream_state)))==NULL)
+   {
+     goto error;
+   }
++  memset(oggstate->stream_in, 0, sizeof(ogg_stream_state));
++
+   if ((oggstate->vd = malloc(sizeof(vorbis_dsp_state)))==NULL)
+   {
+     goto error;
+   }
++  memset(oggstate->vd, 0, sizeof(vorbis_dsp_state));
++
+   if ((oggstate->vi = malloc(sizeof(vorbis_info)))==NULL)
+   {
+     goto error;
+   }
++  memset(oggstate->vi, 0, sizeof(vorbis_info));
++
+   if ((oggstate->vb = malloc(sizeof(vorbis_block)))==NULL)
+   {
+     goto error;
+   }
++  memset(oggstate->vb, 0, sizeof(vorbis_block));
+ 
+   if ((oggstate->headers = malloc(sizeof(splt_v_packet) * TOTAL_HEADER_PACKETS))==NULL)
+   {
-- 
cgit v1.2.3