!4 Fix fuzz undefined behavior runtime error of package lame

From: @wang--ge Reviewed-by: @small_leek Signed-off-by: @small_leek
2020-12-07 11:55:42 +08:00 · 2020-12-07 11:55:42 +08:00 · 8bd744c747
commit 8bd744c747
parent 511554fd2e fc2985a73d
2 changed files with 83 additions and 2 deletions
--- a/0001-fix-fuzz-undefined-behavior-error.patch
+++ b/0001-fix-fuzz-undefined-behavior-error.patch
@ -0,0 +1,77 @@
+Date: Sat, 5 Dec 2020 06:33:28 +0000
+Subject: [PATCH] fix fuzz undefined behavior error
+
+---
+ libmp3lame/VbrTag.c    | 2 +-
+ libmp3lame/bitstream.c | 6 +++---
+ libmp3lame/id3tag.c    | 3 ++-
+ libmp3lame/quantize.c  | 2 +-
+ 4 files changed, 7 insertions(+), 6 deletions(-)
+
+diff --git a/libmp3lame/VbrTag.c b/libmp3lame/VbrTag.c
+index 5800a44..880010a 100644
+--- a/libmp3lame/VbrTag.c
+++ b/libmp3lame/VbrTag.c
+@@ -251,7 +251,7 @@ IsVbrTag(const unsigned char *buf)
+     return (isTag0 || isTag1);
+ }
+ 
+-#define SHIFT_IN_BITS_VALUE(x,n,v) ( x = (x << (n)) | ( (v) & ~(-1 << (n)) ) )
+#define SHIFT_IN_BITS_VALUE(x,n,v) ( x = (x << (n)) | ( (v) & ~(0xffffffffu << (n)) ) )
+ 
+ static void
+ setLameTagFrameHeader(lame_internal_flags const *gfc, unsigned char *buffer)
+diff --git a/libmp3lame/bitstream.c b/libmp3lame/bitstream.c
+index aa35915..25ee88a 100644
+--- a/libmp3lame/bitstream.c
+++ b/libmp3lame/bitstream.c
+@@ -178,7 +178,7 @@ putbits2(lame_internal_flags * gfc, int val, int j)
+         assert(j < MAX_LENGTH); /* 32 too large on 32 bit machines */
+         assert(bs->buf_bit_idx < MAX_LENGTH);
+ 
+-        bs->buf[bs->buf_byte_idx] |= ((val >> j) << bs->buf_bit_idx);
+        bs->buf[bs->buf_byte_idx] |= (((unsigned int)val >> j) << bs->buf_bit_idx);
+         bs->totbit += k;
+     }
+ }
+@@ -290,8 +290,8 @@ CRC_update(int value, int crc)
+     int     i;
+     value <<= 8;
+     for (i = 0; i < 8; i++) {
+-        value <<= 1;
+-        crc <<= 1;
+        value = (unsigned int)value * 2;
+        crc = (unsigned int)crc * 2;
+ 
+         if (((crc ^ value) & 0x10000))
+             crc ^= CRC16_POLYNOMIAL;
+diff --git a/libmp3lame/id3tag.c b/libmp3lame/id3tag.c
+index ac48510..f2888c3 100644
+--- a/libmp3lame/id3tag.c
+++ b/libmp3lame/id3tag.c
+@@ -157,7 +157,8 @@ typedef enum MiscIDs { ID_TXXX = FRAME_ID('T', 'X', 'X', 'X')
+ static int
+ frame_id_matches(int id, int mask)
+ {
+-    int     result = 0, i, window = 0xff;
+    int     result = 0, i;
+    unsigned int window = 0xff;
+     for (i = 0; i < 4; ++i, window <<= 8) {
+         int const mw = (mask & window);
+         int const iw = (id & window);
+diff --git a/libmp3lame/quantize.c b/libmp3lame/quantize.c
+index 9ba9c16..1417763 100644
+--- a/libmp3lame/quantize.c
+++ b/libmp3lame/quantize.c
+@@ -895,7 +895,7 @@ inc_subblock_gain(const lame_internal_flags * const gfc, gr_info * const cod_inf
+ 
+             scalefac[sfb] = 0;
+             {
+-                int const gain = 210 + (s << (cod_info->scalefac_scale + 1));
+                int const gain = 210 + (int)((unsigned int)s << (cod_info->scalefac_scale + 1));
+                 amp = IPOW20(gain);
+             }
+             j += width * (window + 1);
+-- 
+2.23.0
+
--- a/lame.spec
+++ b/lame.spec
@ -1,12 +1,13 @@
 Name:           lame
 Version:        3.100
-Release:        7
+Release:        8
 Summary:        Free MP3 audio compressor
-License:        GPLv2+
+License:        GPL-2.0+ and GPL-2.0 and LGPL-2.0
 URL:            http://lame.sourceforge.net/
 Source0:        http://downloads.sourceforge.net/sourceforge/lame/%{name}-%{version}.tar.gz
 Patch0001:      lame-noexecstack.patch
 Patch0002:      libmp3lame-symbols.patch
+Patch0003:      0001-fix-fuzz-undefined-behavior-error.patch

 BuildRequires:  ncurses-devel gtk+-devel

@ -83,5 +84,8 @@ make test
 %{_bindir}/mp3x

 %changelog
+* Sat Dec 05 2020 Ge Wang<wangge20@huawei.com> - 3.100-8
+- fix fuzz undefined bebavior error
+
 * Thu Dec 12 2019 zoushuangshuang<zoushuangshuang@huawei.com> - 3.100-7
 - Package init