file: add patch with upstream commit 0641e56 to fix CVE-2014-3587

Signed-off-by: Alexander Dahl <post@lespocky.de>
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>

2 files changed, 31 insertions, 0 deletions

diff --git a/patches/file-5.19/0001-Prevent-wrap-around-Remi-Collet-at-redhat-cherry-pic.patch b/patches/file-5.19/0001-Prevent-wrap-around-Remi-Collet-at-redhat-cherry-pic.patch
new file mode 100644
index 000000000..bcb141f5a
--- /dev/null
+++ b/patches/file-5.19/0001-Prevent-wrap-around-Remi-Collet-at-redhat-cherry-pic.patch
@@ -0,0 +1,26 @@
+From: Christos Zoulas <christos@zoulas.com>
+Date: Thu, 7 Aug 2014 09:38:35 +0000
+Subject: [PATCH] Prevent wrap around (Remi Collet at redhat) (cherry picked
+ from commit 0641e56be1af003aa02c7c6b0184466540637233)
+
+Conflicts:
+	src/cdf.c
+---
+ src/cdf.c |    4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/src/cdf.c b/src/cdf.c
+index 106fc7a..bc94cb9 100644
+--- a/src/cdf.c
++++ b/src/cdf.c
+@@ -824,6 +824,10 @@ cdf_read_property_info(const cdf_stream_t *sst, const cdf_header_t *h,
+ 		q = (const uint8_t *)(const void *)
+ 		    ((const char *)(const void *)p + ofs
+ 		    - 2 * sizeof(uint32_t));
++		if (q < p) {
++			DPRINTF(("Wrapped around %p < %p\n", q, p));
++			goto out;
++		}
+ 		if (q > e) {
+ 			DPRINTF(("Ran of the end %p > %p\n", q, e));
+ 			goto out;
diff --git a/patches/file-5.19/series b/patches/file-5.19/series
new file mode 100644
index 000000000..eacd4da44
--- /dev/null
+++ b/patches/file-5.19/series
@@ -0,0 +1,5 @@
+# generated by git-ptx-patches
+#tag:base --start-number 1
+#tag:upstream --start-number 1
+0001-Prevent-wrap-around-Remi-Collet-at-redhat-cherry-pic.patch
+# 5d28e91bad86a7562482bbcb752de1f1  - git-ptx-patches magic