fix CVE-2017-8362
This commit is contained in:
chenmaodong
parent
4de3a7422e
commit
23001acbe6
54
libsndfile-1.0.28-CVE-2017-8362.patch
Normal file
54
libsndfile-1.0.28-CVE-2017-8362.patch
Normal file
@ -0,0 +1,54 @@
|
||||
From ef1dbb2df1c0e741486646de40bd638a9c4cd808 Mon Sep 17 00:00:00 2001
|
||||
From: Erik de Castro Lopo <erikd@mega-nerd.com>
|
||||
Date: Fri, 14 Apr 2017 15:19:16 +1000
|
||||
Subject: [PATCH 1/1] src/flac.c: Fix a buffer read overflow
|
||||
|
||||
A file (generated by a fuzzer) which increased the number of channels
|
||||
from one frame to the next could cause a read beyond the end of the
|
||||
buffer provided by libFLAC. Only option is to abort the read.
|
||||
|
||||
Closes: https://github.com/erikd/libsndfile/issues/231
|
||||
Signed-off-by: chenmaodong <chenmaodong@huawei.com>
|
||||
---
|
||||
src/flac.c | 11 +++++++++--
|
||||
1 file changed, 9 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/src/flac.c b/src/flac.c
|
||||
index 5a4f8c2..e4f9aaa 100644
|
||||
--- a/src/flac.c
|
||||
+++ b/src/flac.c
|
||||
@@ -169,6 +169,14 @@ flac_buffer_copy (SF_PRIVATE *psf)
|
||||
const int32_t* const *buffer = pflac->wbuffer ;
|
||||
unsigned i = 0, j, offset, channels, len ;
|
||||
|
||||
+ if (psf->sf.channels != (int) frame->header.channels)
|
||||
+ { psf_log_printf (psf, "Error: FLAC frame changed from %d to %d channels\n"
|
||||
+ "Nothing to do but to error out.\n" ,
|
||||
+ psf->sf.channels, frame->header.channels) ;
|
||||
+ psf->error = SFE_FLAC_CHANNEL_COUNT_CHANGED ;
|
||||
+ return 0 ;
|
||||
+ } ;
|
||||
+
|
||||
/*
|
||||
** frame->header.blocksize is variable and we're using a constant blocksize
|
||||
** of FLAC__MAX_BLOCK_SIZE.
|
||||
@@ -202,7 +210,6 @@ flac_buffer_copy (SF_PRIVATE *psf)
|
||||
return 0 ;
|
||||
} ;
|
||||
|
||||
-
|
||||
len = SF_MIN (pflac->len, frame->header.blocksize) ;
|
||||
|
||||
if (pflac->remain % channels != 0)
|
||||
@@ -436,7 +443,7 @@ sf_flac_meta_callback (const FLAC__StreamDecoder * UNUSED (decoder), const FLAC_
|
||||
{ case FLAC__METADATA_TYPE_STREAMINFO :
|
||||
if (psf->sf.channels > 0 && psf->sf.channels != (int) metadata->data.stream_info.channels)
|
||||
{ psf_log_printf (psf, "Error: FLAC stream changed from %d to %d channels\n"
|
||||
- "Nothing to be but to error out.\n" ,
|
||||
+ "Nothing to do but to error out.\n" ,
|
||||
psf->sf.channels, metadata->data.stream_info.channels) ;
|
||||
psf->error = SFE_FLAC_CHANNEL_COUNT_CHANGED ;
|
||||
return ;
|
||||
--
|
||||
1.8.3.1
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
Name: libsndfile
|
||||
Version: 1.0.28
|
||||
Release: 17
|
||||
Release: 18
|
||||
Summary: Library for reading and writing sound files
|
||||
License: LGPLv2+ and GPLv2+ and BSD
|
||||
URL: http://www.mega-nerd.com/libsndfile/
|
||||
@ -20,6 +20,7 @@ Patch6002: libsndfile-1.0.28-CVE-2018-19758.patch
|
||||
Patch6003: libsndfile-1.0.28-CVE-2019-3832.patch
|
||||
Patch6004: libsndfile-1.0.28-CVE-2017-17456-CVE-2017-17457-CVE-2018-19661-CVE-2018-19662.patch
|
||||
Patch6005: libsndfile-1.0.28-CVE-2017-14634.patch
|
||||
Patch6006: libsndfile-1.0.28-CVE-2017-8362.patch
|
||||
|
||||
%description
|
||||
Libsndfile is a C library for reading and writing files containing
|
||||
@ -126,6 +127,12 @@ LD_LIBRARY_PATH=$PWD/src/.libs make check
|
||||
%{_mandir}/man1/sndfile-salvage.1*
|
||||
|
||||
%changelog
|
||||
* Mon Feb 03 2020 chenmaodong<chenmaodong@huawei.com> - 1.0.28-18
|
||||
- Type:cves
|
||||
- ID:CVE-2017-8362
|
||||
- SUG:NA
|
||||
- DESC:fix CVE-2017-8362
|
||||
|
||||
* Fri Jan 10 2020 chenmaodong<chenmaodong@huawei.com> - 1.0.28-17
|
||||
- Type:enhancement
|
||||
- ID:NA
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user