!16 fix CVE-2021-0561

From: @zhouwenpei Reviewed-by: @liqingqing_1229 Signed-off-by: @liqingqing_1229
2022-03-31 08:12:06 +00:00 · 2022-03-31 08:12:06 +00:00 · 5ef9e872d2
commit 5ef9e872d2
parent 2e895befb0 63e0027e3d
2 changed files with 31 additions and 1 deletions
--- a/CVE-2021-0561.patch
+++ b/CVE-2021-0561.patch
@ -0,0 +1,25 @@
 From bbcef0eb5b501083b197acb7ad84b3bc82fdc8f2 Mon Sep 17 00:00:00 2001
 From: Neelkamal Semwal <neelkamal.semwal@ittiam.com>
 Date: Fri, 18 Dec 2020 22:28:36 +0530
 Subject: [PATCH] libFlac: Exit at EOS in verify mode
 When verify mode is enabled, once decoder flags end of stream, encode processing is considered complete
 ---
 src/libFLAC/stream_encoder.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)
 diff --git a/src/libFLAC/stream_encoder.c b/src/libFLAC/stream_encoder.c
 index 4c91247fe8..7109802c27 100644
 --- a/src/libFLAC/stream_encoder.c
 +++ b/src/libFLAC/stream_encoder.c
@@ -2610,7 +2610,9 @@ FLAC__bool write_bitbuffer_(FLAC__StreamEncoder *encoder, uint32_t samples, FLAC
 			encoder->private_->verify.needs_magic_hack = true;
 		}
 		else {
 -			if(!FLAC__stream_decoder_process_single(encoder->private_->verify.decoder)) {
 +			if(!FLAC__stream_decoder_process_single(encoder->private_->verify.decoder)
 +			    || (!is_last_block
 +				    && (FLAC__stream_encoder_get_verify_decoder_state(encoder) == FLAC__STREAM_DECODER_END_OF_STREAM))) {
 				FLAC__bitwriter_release_buffer(encoder->private_->frame);
 				FLAC__bitwriter_clear(encoder->private_->frame);
 				if(encoder->protected_->state != FLAC__STREAM_ENCODER_VERIFY_MISMATCH_IN_AUDIO_DATA)
--- a/flac.spec
+++ b/flac.spec
@ -2,12 +2,14 @@
 Name: flac
 Version: 1.3.3
-Release: 1
+Release: 2
 Summary: encoder/decoder which support the Free Lossless Audio Codec
 License: BSD and GPLv2+ and GFDL
 Source0: http://downloads.xiph.org/releases/flac/flac-%{version}.tar.xz
 URL: http://www.xiph.org/flac/
 Patch0000:	CVE-2021-0561.patch
 Provides: %{name}-libs
 Obsoletes: %{name}-libs
@ -98,6 +100,9 @@ update-desktop-database &> /dev/null || :
 %doc flac-doc-devel/*
 %changelog
 * Thu Mar 31 2022 zhouwenpei <zhouwenpei1@huawei.com> - 1.3.3-2
 - fix CVE-2021-0561
 * Fri Apr 24 2020 lihongjiang <lihongjiang6@huawei.com> - 1.3.3-1
 - update version to 1.3.3