packages/libsndfile
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!3 libsndfile CVE修复合入

Browse Source 
Merge pull request !3 from chenmaodong/master
This commit is contained in:
openeuler-ci-bot 2020-02-03 20:42:12 +08:00 committed by Gitee
commit 501334f8a0
2 changed files with 62 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

54
libsndfile-1.0.28-CVE-2017-8362.patch Normal file
View File

@ -0,0 +1,54 @@
From ef1dbb2df1c0e741486646de40bd638a9c4cd808 Mon Sep 17 00:00:00 2001
From: Erik de Castro Lopo <erikd@mega-nerd.com>
Date: Fri, 14 Apr 2017 15:19:16 +1000
Subject: [PATCH 1/1] src/flac.c: Fix a buffer read overflow
A file (generated by a fuzzer) which increased the number of channels
from one frame to the next could cause a read beyond the end of the
buffer provided by libFLAC. Only option is to abort the read.
Closes: https://github.com/erikd/libsndfile/issues/231
Signed-off-by: chenmaodong <chenmaodong@huawei.com>
---
src/flac.c | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)
diff --git a/src/flac.c b/src/flac.c
index 5a4f8c2..e4f9aaa 100644
--- a/src/flac.c
+++ b/src/flac.c
@@ -169,6 +169,14 @@ flac_buffer_copy (SF_PRIVATE *psf)
const int32_t* const *buffer = pflac->wbuffer ;
unsigned i = 0, j, offset, channels, len ;
+ if (psf->sf.channels != (int) frame->header.channels)
+ { psf_log_printf (psf, "Error: FLAC frame changed from %d to %d channels\n"
+ "Nothing to do but to error out.\n" ,
+ psf->sf.channels, frame->header.channels) ;
+ psf->error = SFE_FLAC_CHANNEL_COUNT_CHANGED ;
+ return 0 ;
+ } ;
+
/*
** frame->header.blocksize is variable and we're using a constant blocksize
** of FLAC__MAX_BLOCK_SIZE.
@@ -202,7 +210,6 @@ flac_buffer_copy (SF_PRIVATE *psf)
return 0 ;
} ;
-
len = SF_MIN (pflac->len, frame->header.blocksize) ;
if (pflac->remain % channels != 0)
@@ -436,7 +443,7 @@ sf_flac_meta_callback (const FLAC__StreamDecoder * UNUSED (decoder), const FLAC_
{ case FLAC__METADATA_TYPE_STREAMINFO :
if (psf->sf.channels > 0 && psf->sf.channels != (int) metadata->data.stream_info.channels)
{ psf_log_printf (psf, "Error: FLAC stream changed from %d to %d channels\n"
- "Nothing to be but to error out.\n" ,
+ "Nothing to do but to error out.\n" ,
psf->sf.channels, metadata->data.stream_info.channels) ;
psf->error = SFE_FLAC_CHANNEL_COUNT_CHANGED ;
return ;
--
1.8.3.1

9
libsndfile.spec
View File

@ -1,6 +1,6 @@
Name: libsndfile Name: libsndfile
Version: 1.0.28 Version: 1.0.28
Release: 17 Release: 18
Summary: Library for reading and writing sound files Summary: Library for reading and writing sound files
License: LGPLv2+ and GPLv2+ and BSD License: LGPLv2+ and GPLv2+ and BSD
URL: http://www.mega-nerd.com/libsndfile/ URL: http://www.mega-nerd.com/libsndfile/
@ -20,6 +20,7 @@ Patch6002: libsndfile-1.0.28-CVE-2018-19758.patch
Patch6003: libsndfile-1.0.28-CVE-2019-3832.patch Patch6003: libsndfile-1.0.28-CVE-2019-3832.patch
Patch6004: libsndfile-1.0.28-CVE-2017-17456-CVE-2017-17457-CVE-2018-19661-CVE-2018-19662.patch Patch6004: libsndfile-1.0.28-CVE-2017-17456-CVE-2017-17457-CVE-2018-19661-CVE-2018-19662.patch
Patch6005: libsndfile-1.0.28-CVE-2017-14634.patch Patch6005: libsndfile-1.0.28-CVE-2017-14634.patch
Patch6006: libsndfile-1.0.28-CVE-2017-8362.patch
%description %description
Libsndfile is a C library for reading and writing files containing Libsndfile is a C library for reading and writing files containing
@ -126,6 +127,12 @@ LD_LIBRARY_PATH=$PWD/src/.libs make check
%{_mandir}/man1/sndfile-salvage.1* %{_mandir}/man1/sndfile-salvage.1*
%changelog %changelog
* Mon Feb 03 2020 chenmaodong<chenmaodong@huawei.com> - 1.0.28-18
- Type:cves
- ID:CVE-2017-8362
- SUG:NA
- DESC:fix CVE-2017-8362
* Fri Jan 10 2020 chenmaodong<chenmaodong@huawei.com> - 1.0.28-17 * Fri Jan 10 2020 chenmaodong<chenmaodong@huawei.com> - 1.0.28-17
- Type:enhancement - Type:enhancement
- ID:NA - ID:NA