fix CVE-2020-0499

(cherry picked from commit aa1625e07685f5e16e43afe26c4e9cd2b3e26e10)
2022-05-28 11:49:05 +08:00 · 2022-05-28 11:49:05 +08:00 · 3a32dd609e
commit 3a32dd609e
parent 452cda29ed
2 changed files with 30 additions and 1 deletions
--- a/CVE-2020-0499.patch
+++ b/CVE-2020-0499.patch
@ -0,0 +1,25 @@
+From 2e7931c27eb15e387da440a37f12437e35b22dd4 Mon Sep 17 00:00:00 2001
+From: Erik de Castro Lopo <erikd@mega-nerd.com>
+Date: Mon, 7 Oct 2019 12:55:58 +1100
+Subject: [PATCH] libFLAC/bitreader.c: Fix out-of-bounds read
+
+Credit: Oss-Fuzz
+Issue: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=17069
+Testcase: fuzzer_decoder-5670265022840832
+---
+ src/libFLAC/bitreader.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/libFLAC/bitreader.c b/src/libFLAC/bitreader.c
+index 5e4b59180e..3df4d02c0b 100644
+--- a/src/libFLAC/bitreader.c
+++ b/src/libFLAC/bitreader.c
+@@ -869,7 +869,7 @@ FLAC__bool FLAC__bitreader_read_rice_signed_block(FLAC__BitReader *br, int vals[
+ 			cwords = br->consumed_words;
+ 			words = br->words;
+ 			ucbits = FLAC__BITS_PER_WORD - br->consumed_bits;
+-			b = br->buffer[cwords] << br->consumed_bits;
+			b = cwords < br->capacity ? br->buffer[cwords] << br->consumed_bits : 0;
+ 		} while(cwords >= words && val < end);
+ 	}
+ 
--- a/flac.spec
+++ b/flac.spec
@ -2,13 +2,14 @@

 Name: flac
 Version: 1.3.3
-Release: 5
+Release: 6
 Summary: encoder/decoder which support the Free Lossless Audio Codec
 License: BSD and GPLv2+ and GFDL
 Source0: http://downloads.xiph.org/releases/flac/flac-%{version}.tar.xz
 URL: http://www.xiph.org/flac/

 Patch0000:	CVE-2021-0561.patch
+Patch0001:	CVE-2020-0499.patch

 Provides: %{name}-libs
 Obsoletes: %{name}-libs
@ -100,6 +101,9 @@ update-desktop-database &> /dev/null || :
 %doc flac-doc-devel/*

 %changelog
+* Sat May 28 2022 zhouwenpei <zhouwenpei1@h-partners.com> - 1.3.3-6
+- fix CVE-2020-0499
+
 * Wed Apr 27 2022 volcanodragon <linfeilong@huawei.com> - 1.3.3-5
 - rebuild package