Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP2:GA
libvpx
CVE-2019-9232.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-2019-9232.patch of Package libvpx
commit 46e17f0cb4a80b36755c84b8bf15731d3386c08f Author: Fyodor Kyslov <kyslov@google.com> Date: Fri Jan 4 17:04:09 2019 -0800 Fix OOB memory access on fuzzed data vp8_norm table has 256 elements while index to it can be higher on fuzzed data. Typecasting it to unsigned char will ensure valid range and will trigger proper error later. Also declaring "shift" as unsigned char to avoid UB sanitizer warning BUG=b/122373286,b/122373822,b/122371119 Change-Id: I3cef1d07f107f061b1504976a405fa0865afe9f5 Index: libvpx-1.3.0/vp8/decoder/dboolhuff.h =================================================================== --- libvpx-1.3.0.orig/vp8/decoder/dboolhuff.h +++ libvpx-1.3.0/vp8/decoder/dboolhuff.h @@ -84,7 +84,7 @@ static int vp8dx_decode_bool(BOOL_DECODE } { - register unsigned int shift = vp8_norm[range]; + register unsigned int shift = vp8_norm[(unsigned char)range]; range <<= shift; value <<= shift; count -= shift;
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor