packages/flac
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!31 [sync] PR-29: fix CVE-2020-0499

Browse Source 
From: @openeuler-sync-bot 
Reviewed-by: @liqingqing_1229 
Signed-off-by: @liqingqing_1229
This commit is contained in:
openeuler-ci-bot 2022-05-28 12:12:14 +00:00 committed by Gitee
commit 485ff9bf2d
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
2 changed files with 30 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
CVE-2020-0499.patch Normal file
View File

@ -0,0 +1,25 @@
From 2e7931c27eb15e387da440a37f12437e35b22dd4 Mon Sep 17 00:00:00 2001
From: Erik de Castro Lopo <erikd@mega-nerd.com>
Date: Mon, 7 Oct 2019 12:55:58 +1100
Subject: [PATCH] libFLAC/bitreader.c: Fix out-of-bounds read
Credit: Oss-Fuzz
Issue: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=17069
Testcase: fuzzer_decoder-5670265022840832
---
src/libFLAC/bitreader.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/libFLAC/bitreader.c b/src/libFLAC/bitreader.c
index 5e4b59180e..3df4d02c0b 100644
--- a/src/libFLAC/bitreader.c
+++ b/src/libFLAC/bitreader.c
@@ -869,7 +869,7 @@ FLAC__bool FLAC__bitreader_read_rice_signed_block(FLAC__BitReader *br, int vals[
cwords = br->consumed_words;
words = br->words;
ucbits = FLAC__BITS_PER_WORD - br->consumed_bits;
- b = br->buffer[cwords] << br->consumed_bits;
+ b = cwords < br->capacity ? br->buffer[cwords] << br->consumed_bits : 0;
} while(cwords >= words && val < end);
}

6
flac.spec
View File

@ -2,13 +2,14 @@
Name: flac Name: flac
Version: 1.3.3 Version: 1.3.3
Release: 5 Release: 6
Summary: encoder/decoder which support the Free Lossless Audio Codec Summary: encoder/decoder which support the Free Lossless Audio Codec
License: BSD and GPLv2+ and GFDL License: BSD and GPLv2+ and GFDL
Source0: http://downloads.xiph.org/releases/flac/flac-%{version}.tar.xz Source0: http://downloads.xiph.org/releases/flac/flac-%{version}.tar.xz
URL: http://www.xiph.org/flac/ URL: http://www.xiph.org/flac/
Patch0000: CVE-2021-0561.patch Patch0000: CVE-2021-0561.patch
Patch0001: CVE-2020-0499.patch
Provides: %{name}-libs Provides: %{name}-libs
Obsoletes: %{name}-libs Obsoletes: %{name}-libs
@ -100,6 +101,9 @@ update-desktop-database &> /dev/null || :
%doc flac-doc-devel/* %doc flac-doc-devel/*
%changelog %changelog
* Sat May 28 2022 zhouwenpei <zhouwenpei1@h-partners.com> - 1.3.3-6
- fix CVE-2020-0499
* Wed Apr 27 2022 volcanodragon <linfeilong@huawei.com> - 1.3.3-5 * Wed Apr 27 2022 volcanodragon <linfeilong@huawei.com> - 1.3.3-5
- rebuild package - rebuild package