fix CVE-2021-4156

(cherry picked from commit bc6d47cdf16a986500e7409480551b818b9e353c)

0002-CVE-2021-4156.patch

@@ -0,0 +1,25 @@
+From ced91d7b971be6173b604154c39279ce90ad87cc Mon Sep 17 00:00:00 2001
+From: yuan <ssspeed00@gmail.com>
+Date: Tue, 20 Apr 2021 16:16:32 +0800
+Subject: [PATCH] flac: Fix improper buffer reusing (#732)
+
+---
+ src/flac.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/src/flac.c b/src/flac.c
+index 64d0172e6..e33204505 100644
+--- a/src/flac.c
++++ b/src/flac.c
+@@ -948,7 +948,11 @@ flac_read_loop (SF_PRIVATE *psf, unsigned len)
+ 	/* Decode some more. */
+ 	while (pflac->pos < pflac->len)
+ 	{	if (FLAC__stream_decoder_process_single (pflac->fsd) == 0)
++		{	psf_log_printf (psf, "FLAC__stream_decoder_process_single returned false\n") ;
++			/* Current frame is busted, so NULL the pointer. */
++			pflac->frame = NULL ;
+ 			break ;
++			} ;
+ 		state = FLAC__stream_decoder_get_state (pflac->fsd) ;
+ 		if (state >= FLAC__STREAM_DECODER_END_OF_STREAM)
+ 		{	psf_log_printf (psf, "FLAC__stream_decoder_get_state returned %s\n", FLAC__StreamDecoderStateString [state]) ;

libsndfile.spec

@@ -1,6 +1,6 @@
 Name: libsndfile
 Version: 1.0.31
-Release: 1
+Release: 2
 Summary: Library for reading and writing sound files
 License: LGPLv2+ and GPLv2+ and BSD
 URL: http://libsndfile.github.io/libsndfile
@@ -10,7 +10,8 @@ BuildRequires: alsa-lib-devel gcc gcc-c++ flac-devel
 BuildRequires: libogg-devel libtool libvorbis-devel pkgconfig
 BuildRequires: sqlite-devel
 
-Patch1:        0001-CVE-2021-3246.patch
+Patch1:		0001-CVE-2021-3246.patch
+Patch2:		0002-CVE-2021-4156.patch
 
 %description
 Libsndfile is a C library for reading and writing files containing
@@ -115,6 +116,9 @@ LD_LIBRARY_PATH=$PWD/src/.libs make check
 %{_mandir}/man1/sndfile-salvage.1*
 
 %changelog
+* Mon May 16 2022 zhouwenpei <zhouwenpei1@h-partners.com> - 1.0.31-2
+- fix CVE-2021-4156
+
 * Wed Dec 1 2021 zhouwenpei <zhouwenpei1@huawei.com> - 1.0.31-1
 - update to 1.0.31