!16 fix CVE-2021-0561

From: @zhouwenpei Reviewed-by: @liqingqing_1229 Signed-off-by: @liqingqing_1229
2022-03-31 08:12:06 +00:00 · 2022-03-31 08:12:06 +00:00 · 5ef9e872d2
commit 5ef9e872d2
parent 2e895befb0 63e0027e3d
2 changed files with 31 additions and 1 deletions
--- a/CVE-2021-0561.patch
+++ b/CVE-2021-0561.patch
@ -0,0 +1,25 @@
+From bbcef0eb5b501083b197acb7ad84b3bc82fdc8f2 Mon Sep 17 00:00:00 2001
+From: Neelkamal Semwal <neelkamal.semwal@ittiam.com>
+Date: Fri, 18 Dec 2020 22:28:36 +0530
+Subject: [PATCH] libFlac: Exit at EOS in verify mode
+
+When verify mode is enabled, once decoder flags end of stream, encode processing is considered complete
+---
+ src/libFLAC/stream_encoder.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/src/libFLAC/stream_encoder.c b/src/libFLAC/stream_encoder.c
+index 4c91247fe8..7109802c27 100644
+--- a/src/libFLAC/stream_encoder.c
+++ b/src/libFLAC/stream_encoder.c
+@@ -2610,7 +2610,9 @@ FLAC__bool write_bitbuffer_(FLAC__StreamEncoder *encoder, uint32_t samples, FLAC
+ 			encoder->private_->verify.needs_magic_hack = true;
+ 		}
+ 		else {
+-			if(!FLAC__stream_decoder_process_single(encoder->private_->verify.decoder)) {
+			if(!FLAC__stream_decoder_process_single(encoder->private_->verify.decoder)
+			    || (!is_last_block
+				    && (FLAC__stream_encoder_get_verify_decoder_state(encoder) == FLAC__STREAM_DECODER_END_OF_STREAM))) {
+ 				FLAC__bitwriter_release_buffer(encoder->private_->frame);
+ 				FLAC__bitwriter_clear(encoder->private_->frame);
+ 				if(encoder->protected_->state != FLAC__STREAM_ENCODER_VERIFY_MISMATCH_IN_AUDIO_DATA)
--- a/flac.spec
+++ b/flac.spec
@ -2,12 +2,14 @@

 Name: flac
 Version: 1.3.3
-Release: 1
+Release: 2
 Summary: encoder/decoder which support the Free Lossless Audio Codec
 License: BSD and GPLv2+ and GFDL
 Source0: http://downloads.xiph.org/releases/flac/flac-%{version}.tar.xz
 URL: http://www.xiph.org/flac/

+Patch0000:	CVE-2021-0561.patch
+
 Provides: %{name}-libs
 Obsoletes: %{name}-libs

@ -98,6 +100,9 @@ update-desktop-database &> /dev/null || :
 %doc flac-doc-devel/*

 %changelog
+* Thu Mar 31 2022 zhouwenpei <zhouwenpei1@huawei.com> - 1.3.3-2
+- fix CVE-2021-0561
+
 * Fri Apr 24 2020 lihongjiang <lihongjiang6@huawei.com> - 1.3.3-1
 - update version to 1.3.3