packages/libsndfile
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!50 fix CVE-2023-33065

Browse Source 
From: @zhangnaichuan 
Reviewed-by: @yang_yanchao 
Signed-off-by: @yang_yanchao
This commit is contained in:
openeuler-ci-bot 2024-09-14 06:47:32 +00:00 committed by Gitee
commit 14bf03437e
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
2 changed files with 48 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
backport-CVE-2022-33065.patch Normal file
View File

@ -0,0 +1,42 @@
From da1fcb0199f6a5c883fd158a20896a0e9c085e02 Mon Sep 17 00:00:00 2001
From: Alex Stewart <alex.stewart@ni.com>
Date: Wed, 22 Nov 2023 17:15:12 +0800
Subject: [PATCH] mat4/mat5: fix int overflow in dataend calculation
The clang sanitizer warns of a possible signed integer overflow when
calculating the `dataend` value in `mat4_read_header()`.
```
src/mat4.c:323:41: runtime error: signed integer overflow: 205 * -100663296 cannot be represented in type 'int'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior src/mat4.c:323:41 in
src/mat4.c:323:48: runtime error: signed integer overflow: 838860800 * 4 cannot be represented in type 'int'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior src/mat4.c:323:48 in
```
Cast the offending `rows` and `cols` ints to `sf_count_t` (the type of
`dataend` before performing the calculation, to avoid the issue.
CVE: CVE-2022-33065
Fixes: https://github.com/libsndfile/libsndfile/issues/789
Fixes: https://github.com/libsndfile/libsndfile/issues/833
Signed-off-by: Alex Stewart <alex.stewart@ni.com>
---
src/mat4.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/mat4.c b/src/mat4.c
index 3c73680..e2f98b7 100644
--- a/src/mat4.c
+++ b/src/mat4.c
@@ -320,7 +320,7 @@ mat4_read_header (SF_PRIVATE *psf)
psf->filelength - psf->dataoffset, psf->sf.channels * psf->sf.frames * psf->bytewidth) ;
}
else if ((psf->filelength - psf->dataoffset) > psf->sf.channels * psf->sf.frames * psf->bytewidth)
- psf->dataend = psf->dataoffset + rows * cols * psf->bytewidth ;
+ psf->dataend = psf->dataoffset + (sf_count_t) rows * (sf_count_t) cols * psf->bytewidth ;
psf->datalength = psf->filelength - psf->dataoffset - psf->dataend ;
--
2.27.0

7
libsndfile.spec
View File

@ -1,11 +1,12 @@
Name: libsndfile
Version: 1.2.2
Release: 1
Release: 2
Summary: Library for reading and writing sound files
License: LGPL-2.1-or-later AND GPL-2.0-or-later AND BSD-3-Clause
URL: http://libsndfile.github.io/libsndfile
Source0: https://github.com/libsndfile/libsndfile/releases/download/%{version}/%{name}-%{version}.tar.xz
Patch0: libsndfile-1.0.25-system-gsm.patch
Patch1: backport-CVE-2022-33065.patch
BuildRequires: alsa-lib-devel gcc gcc-c++ flac-devel
BuildRequires: libogg-devel libtool libvorbis-devel pkgconfig
@ -46,6 +47,7 @@ Help files for %{name}-utils.
%setup -q
%patch -P0 -p1 -b .system-gsm
rm -r src/GSM610
%patch -P1 -p1
%build
autoreconf -I M4 -fiv # for system-gsm patch
@ -127,6 +129,9 @@ LD_LIBRARY_PATH=$PWD/src/.libs make check
%{_mandir}/man1/sndfile-salvage.1*
%changelog
* Fri Sep 13 2024 zhangnaichuan <zhangnaichuan@huawei.com> - 1.2.2-2
- fix CVE-2203-33065
* Tue Oct 31 2023 haomimi <haomimi@uniontech.com> - 1.2.2-1
- pdate to 1.2.2