packages/libsndfile
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!13 update verion to 1.0.31

Browse Source 
From: @zhouwenpei
Reviewed-by: @liqingqing_1229
Signed-off-by: @liqingqing_1229
This commit is contained in:
openeuler-ci-bot 2021-12-02 06:19:39 +00:00 committed by Gitee
commit f88c7d0044
15 changed files with 8 additions and 571 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

0
backport-CVE-2021-3246.patch → 0001-CVE-2021-3246.patch
View File

25
libsndfile-1.0.25-zerodivfix.patch
View File

@ -1,25 +0,0 @@
From 725c7dbb95bfaf8b4bb7b04820e3a00cceea9ce6 Mon Sep 17 00:00:00 2001
From: Erik de Castro Lopo <erikd@mega-nerd.com>
Date: Wed, 24 Dec 2014 21:02:35 +1100
Subject: [PATCH] src/file_io.c : Prevent potential divide-by-zero.
Closes: https://github.com/erikd/libsndfile/issues/92
---
src/file_io.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/src/file_io.c b/src/file_io.c
index 26d3d6d..6ccab78 100644
--- a/src/file_io.c
+++ b/src/file_io.c
@@ -1322,6 +1322,9 @@ psf_fwrite (const void *ptr, sf_count_t bytes, sf_count_t items, SF_PRIVATE *psf
{ sf_count_t total = 0 ;
ssize_t count ;
+ if (bytes == 0 || items == 0)
+ return 0 ;
+
if (psf->virtual_io)
return psf->vio.write (ptr, bytes*items, psf->vio_user_data) / bytes ;

39
libsndfile-1.0.28-CVE-2017-14634.patch
View File

@ -1,39 +0,0 @@
From 85c877d5072866aadbe8ed0c3e0590fbb5e16788 Mon Sep 17 00:00:00 2001
From: Fabian Greffrath <fabian@greffrath.com>
Date: Thu, 28 Sep 2017 12:15:04 +0200
Subject: [PATCH 1/1] double64_init: Check psf->sf.channels against upper bound
This prevents division by zero later in the code.
While the trivial case to catch this (i.e. sf.channels < 1) has already
been covered, a crafted file may report a number of channels that is
so high (i.e. > INT_MAX/sizeof(double)) that it "somehow" gets
miscalculated to zero (if this makes sense) in the determination of the
blockwidth. Since we only support a limited number of channels anyway,
make sure to check here as well.
CVE-2017-14634
Closes: https://github.com/erikd/libsndfile/issues/318
Signed-off-by: Erik de Castro Lopo <erikd@mega-nerd.com>
Signed-off-by: chenmaodong <chenmaodong@huawei.com>
---
src/double64.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/double64.c b/src/double64.c
index b318ea8..78dfef7 100644
--- a/src/double64.c
+++ b/src/double64.c
@@ -91,7 +91,7 @@ int
double64_init (SF_PRIVATE *psf)
{ static int double64_caps ;
- if (psf->sf.channels < 1)
+ if (psf->sf.channels < 1 || psf->sf.channels > SF_MAX_CHANNELS)
{ psf_log_printf (psf, "double64_init : internal error : channels = %d\n", psf->sf.channels) ;
return SFE_INTERNAL ;
} ;
--
1.8.3.1

94
libsndfile-1.0.28-CVE-2017-17456-CVE-2017-17457-CVE-2018-19661-CVE-2018-19662.patch
View File

@ -1,94 +0,0 @@
From 585cc28a93be27d6938f276af0011401b9f7c0ca Mon Sep 17 00:00:00 2001
From: Hugo Lefeuvre <hle@owl.eu.com>
Date: Mon, 24 Dec 2018 06:43:48 +0100
Subject: [PATCH] a/ulaw: fix multiple buffer overflows (#432)
i2ulaw_array() and i2alaw_array() fail to handle ptr [count] = INT_MIN
properly, leading to buffer underflow. INT_MIN is a special value
since - INT_MIN cannot be represented as int.
In this case round - INT_MIN to INT_MAX and proceed as usual.
f2ulaw_array() and f2alaw_array() fail to handle ptr [count] = NaN
properly, leading to null pointer dereference.
In this case, arbitrarily set the buffer value to 0.
This commit fixes #429 (CVE-2018-19661 and CVE-2018-19662) and
fixes #344 (CVE-2017-17456 and CVE-2017-17457).
---
src/alaw.c | 9 +++++++--
src/ulaw.c | 9 +++++++--
2 files changed, 14 insertions(+), 4 deletions(-)
diff --git a/src/alaw.c b/src/alaw.c
index 063fd1a..4220224 100644
--- a/src/alaw.c
+++ b/src/alaw.c
@@ -19,6 +19,7 @@
#include "sfconfig.h"
#include <math.h>
+#include <limits.h>
#include "sndfile.h"
#include "common.h"
@@ -326,7 +327,9 @@ s2alaw_array (const short *ptr, int count, unsigned char *buffer)
static inline void
i2alaw_array (const int *ptr, int count, unsigned char *buffer)
{ while (--count >= 0)
- { if (ptr [count] >= 0)
+ { if (ptr [count] == INT_MIN)
+ buffer [count] = alaw_encode [INT_MAX >> (16 + 4)] ;
+ else if (ptr [count] >= 0)
buffer [count] = alaw_encode [ptr [count] >> (16 + 4)] ;
else
buffer [count] = 0x7F & alaw_encode [- ptr [count] >> (16 + 4)] ;
@@ -346,7 +349,9 @@ f2alaw_array (const float *ptr, int count, unsigned char *buffer, float normfact
static inline void
d2alaw_array (const double *ptr, int count, unsigned char *buffer, double normfact)
{ while (--count >= 0)
- { if (ptr [count] >= 0)
+ { if (!isfinite (ptr [count]))
+ buffer [count] = 0 ;
+ else if (ptr [count] >= 0)
buffer [count] = alaw_encode [lrint (normfact * ptr [count])] ;
else
buffer [count] = 0x7F & alaw_encode [- lrint (normfact * ptr [count])] ;
diff --git a/src/ulaw.c b/src/ulaw.c
index e50b4cb..b6070ad 100644
--- a/src/ulaw.c
+++ b/src/ulaw.c
@@ -19,6 +19,7 @@
#include "sfconfig.h"
#include <math.h>
+#include <limits.h>
#include "sndfile.h"
#include "common.h"
@@ -827,7 +828,9 @@ s2ulaw_array (const short *ptr, int count, unsigned char *buffer)
static inline void
i2ulaw_array (const int *ptr, int count, unsigned char *buffer)
{ while (--count >= 0)
- { if (ptr [count] >= 0)
+ { if (ptr [count] == INT_MIN)
+ buffer [count] = ulaw_encode [INT_MAX >> (16 + 2)] ;
+ else if (ptr [count] >= 0)
buffer [count] = ulaw_encode [ptr [count] >> (16 + 2)] ;
else
buffer [count] = 0x7F & ulaw_encode [-ptr [count] >> (16 + 2)] ;
@@ -847,7 +850,9 @@ f2ulaw_array (const float *ptr, int count, unsigned char *buffer, float normfact
static inline void
d2ulaw_array (const double *ptr, int count, unsigned char *buffer, double normfact)
{ while (--count >= 0)
- { if (ptr [count] >= 0)
+ { if (!isfinite (ptr [count]))
+ buffer [count] = 0 ;
+ else if (ptr [count] >= 0)
buffer [count] = ulaw_encode [lrint (normfact * ptr [count])] ;
else
buffer [count] = 0x7F & ulaw_encode [- lrint (normfact * ptr [count])] ;
--
2.19.1

54
libsndfile-1.0.28-CVE-2017-8362.patch
View File

@ -1,54 +0,0 @@
From ef1dbb2df1c0e741486646de40bd638a9c4cd808 Mon Sep 17 00:00:00 2001
From: Erik de Castro Lopo <erikd@mega-nerd.com>
Date: Fri, 14 Apr 2017 15:19:16 +1000
Subject: [PATCH 1/1] src/flac.c: Fix a buffer read overflow
A file (generated by a fuzzer) which increased the number of channels
from one frame to the next could cause a read beyond the end of the
buffer provided by libFLAC. Only option is to abort the read.
Closes: https://github.com/erikd/libsndfile/issues/231
Signed-off-by: chenmaodong <chenmaodong@huawei.com>
---
src/flac.c | 11 +++++++++--
1 file changed, 9 insertions(+), 2 deletions(-)
diff --git a/src/flac.c b/src/flac.c
index 5a4f8c2..e4f9aaa 100644
--- a/src/flac.c
+++ b/src/flac.c
@@ -169,6 +169,14 @@ flac_buffer_copy (SF_PRIVATE *psf)
const int32_t* const *buffer = pflac->wbuffer ;
unsigned i = 0, j, offset, channels, len ;
+ if (psf->sf.channels != (int) frame->header.channels)
+ { psf_log_printf (psf, "Error: FLAC frame changed from %d to %d channels\n"
+ "Nothing to do but to error out.\n" ,
+ psf->sf.channels, frame->header.channels) ;
+ psf->error = SFE_FLAC_CHANNEL_COUNT_CHANGED ;
+ return 0 ;
+ } ;
+
/*
** frame->header.blocksize is variable and we're using a constant blocksize
** of FLAC__MAX_BLOCK_SIZE.
@@ -202,7 +210,6 @@ flac_buffer_copy (SF_PRIVATE *psf)
return 0 ;
} ;
-
len = SF_MIN (pflac->len, frame->header.blocksize) ;
if (pflac->remain % channels != 0)
@@ -436,7 +443,7 @@ sf_flac_meta_callback (const FLAC__StreamDecoder * UNUSED (decoder), const FLAC_
{ case FLAC__METADATA_TYPE_STREAMINFO :
if (psf->sf.channels > 0 && psf->sf.channels != (int) metadata->data.stream_info.channels)
{ psf_log_printf (psf, "Error: FLAC stream changed from %d to %d channels\n"
- "Nothing to be but to error out.\n" ,
+ "Nothing to do but to error out.\n" ,
psf->sf.channels, metadata->data.stream_info.channels) ;
psf->error = SFE_FLAC_CHANNEL_COUNT_CHANGED ;
return ;
--
1.8.3.1

17
libsndfile-1.0.28-CVE-2018-13139-CVE-2018-19432.patch
View File

@ -1,17 +0,0 @@
diff --git a/programs/sndfile-deinterleave.c b/programs/sndfile-deinterleave.c
index e27593e..721bee7 100644
--- a/programs/sndfile-deinterleave.c
+++ b/programs/sndfile-deinterleave.c
@@ -89,6 +89,12 @@ main (int argc, char **argv)
exit (1) ;
} ;
+ if (sfinfo.channels > MAX_CHANNELS)
+ { printf ("\nError : Input file '%s' has too many (%d) channels. Limit is %d.\n",
+ argv [1], sfinfo.channels, MAX_CHANNELS) ;
+ exit (1) ;
+ } ;
+
state.channels = sfinfo.channels ;
sfinfo.channels = 1 ;

45
libsndfile-1.0.28-CVE-2018-19758.patch
View File

@ -1,45 +0,0 @@
From 42132c543358cee9f7c3e9e9b15bb6c1063a608e Mon Sep 17 00:00:00 2001
From: Erik de Castro Lopo <erikd@mega-nerd.com>
Date: Tue, 1 Jan 2019 20:11:46 +1100
Subject: [PATCH 1/1] src/wav.c: Fix heap read overflow
This is CVE-2018-19758.
Closes: https://github.com/erikd/libsndfile/issues/435
Signed-off-by: chenmaodong <chenmaodong@huawei.com>
---
src/wav.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/src/wav.c b/src/wav.c
index 9d71aad..5c825f2 100644
--- a/src/wav.c
+++ b/src/wav.c
@@ -1,5 +1,5 @@
/*
-** Copyright (C) 1999-2016 Erik de Castro Lopo <erikd@mega-nerd.com>
+** Copyright (C) 1999-2019 Erik de Castro Lopo <erikd@mega-nerd.com>
** Copyright (C) 2004-2005 David Viens <davidv@plogue.com>
**
** This program is free software; you can redistribute it and/or modify
@@ -1146,6 +1146,8 @@ wav_write_header (SF_PRIVATE *psf, int calc_length)
psf_binheader_writef (psf, "44", 0, 0) ; /* SMTPE format */
psf_binheader_writef (psf, "44", psf->instrument->loop_count, 0) ;
+ /* Loop count is signed 16 bit number so we limit it range to something sensible. */
+ psf->instrument->loop_count &= 0x7fff ;
for (tmp = 0 ; tmp < psf->instrument->loop_count ; tmp++)
{ int type ;
@@ -1412,7 +1414,7 @@ wav_read_smpl_chunk (SF_PRIVATE *psf, uint32_t chunklen)
} ;
psf->instrument->basenote = note ;
- psf->instrument->detune = (int8_t)(pitch / (0x40000000 / 25.0) + 0.5) ;
+ psf->instrument->detune = (int8_t) (pitch / (0x40000000 / 25.0) + 0.5) ;
psf->instrument->gain = 1 ;
psf->instrument->velocity_lo = psf->instrument->key_lo = 0 ;
psf->instrument->velocity_hi = psf->instrument->key_hi = 127 ;
--
1.8.3.1

35
libsndfile-1.0.28-CVE-2019-3832.patch
View File

@ -1,35 +0,0 @@
From 6d7ce94c020cc720a6b28719d1a7879181790008 Mon Sep 17 00:00:00 2001
From: Emilio Pozuelo Monfort <pochu27@gmail.com>
Date: Tue, 5 Mar 2019 11:27:17 +0100
Subject: [PATCH 1/1] wav_write_header: don't read past the array end
If loop_count is bigger than the array, truncate it to the array
length (and not to 32k).
CVE-2019-3832
Signed-off-by: chenmaodong <chenmaodong@huawei.com>
---
src/wav.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/src/wav.c b/src/wav.c
index 5c825f2..104bd0a 100644
--- a/src/wav.c
+++ b/src/wav.c
@@ -1146,8 +1146,10 @@ wav_write_header (SF_PRIVATE *psf, int calc_length)
psf_binheader_writef (psf, "44", 0, 0) ; /* SMTPE format */
psf_binheader_writef (psf, "44", psf->instrument->loop_count, 0) ;
- /* Loop count is signed 16 bit number so we limit it range to something sensible. */
- psf->instrument->loop_count &= 0x7fff ;
+ /* Make sure we don't read past the loops array end. */
+ if (psf->instrument->loop_count > ARRAY_LEN (psf->instrument->loops))
+ psf->instrument->loop_count = ARRAY_LEN (psf->instrument->loops) ;
+
for (tmp = 0 ; tmp < psf->instrument->loop_count ; tmp++)
{ int type ;
--
1.8.3.1

88
libsndfile-1.0.28-cve2017_12562.patch
View File

@ -1,88 +0,0 @@
From cf7a8182c2642c50f1cf90dddea9ce96a8bad2e8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rn=20Heusipp?= <osmanx@problemloesungsmaschine.de>
Date: Wed, 14 Jun 2017 12:25:40 +0200
Subject: [PATCH] src/common.c: Fix heap buffer overflows when writing strings
in binheader
Fixes the following problems:
1. Case 's' only enlarges the buffer by 16 bytes instead of size bytes.
2. psf_binheader_writef() enlarges the header buffer (if needed) prior to the
big switch statement by an amount (16 bytes) which is enough for all cases
where only a single value gets added. Cases 's', 'S', 'p' however
additionally write an arbitrary length block of data and again enlarge the
buffer to the required amount. However, the required space calculation does
not take into account the size of the length field which gets output before
the data.
3. Buffer size requirement calculation in case 'S' does not account for the
padding byte ("size += (size & 1) ;" happens after the calculation which
uses "size").
4. Case 'S' can overrun the header buffer by 1 byte when no padding is
involved
("memcpy (&(psf->header.ptr [psf->header.indx]), strptr, size + 1) ;" while
the buffer is only guaranteed to have "size" space available).
5. "psf->header.ptr [psf->header.indx] = 0 ;" in case 'S' always writes 1 byte
beyond the space which is guaranteed to be allocated in the header buffer.
6. Case 's' can overrun the provided source string by 1 byte if padding is
involved ("memcpy (&(psf->header.ptr [psf->header.indx]), strptr, size) ;"
where "size" is "strlen (strptr) + 1" (which includes the 0 terminator,
plus optionally another 1 which is padding and not guaranteed to be
readable via the source string pointer).
Closes: https://github.com/erikd/libsndfile/issues/292
---
src/common.c | 15 +++++++--------
1 file changed, 7 insertions(+), 8 deletions(-)
diff --git a/src/common.c b/src/common.c
index 1a6204ca..6b2a2ee9 100644
--- a/src/common.c
+++ b/src/common.c
@@ -681,16 +681,16 @@ psf_binheader_writef (SF_PRIVATE *psf, const char *format, ...)
/* Write a C string (guaranteed to have a zero terminator). */
strptr = va_arg (argptr, char *) ;
size = strlen (strptr) + 1 ;
- size += (size & 1) ;
- if (psf->header.indx + (sf_count_t) size >= psf->header.len && psf_bump_header_allocation (psf, 16))
+ if (psf->header.indx + 4 + (sf_count_t) size + (sf_count_t) (size & 1) > psf->header.len && psf_bump_header_allocation (psf, 4 + size + (size & 1)))
return count ;
if (psf->rwf_endian == SF_ENDIAN_BIG)
- header_put_be_int (psf, size) ;
+ header_put_be_int (psf, size + (size & 1)) ;
else
- header_put_le_int (psf, size) ;
+ header_put_le_int (psf, size + (size & 1)) ;
memcpy (&(psf->header.ptr [psf->header.indx]), strptr, size) ;
+ size += (size & 1) ;
psf->header.indx += size ;
psf->header.ptr [psf->header.indx - 1] = 0 ;
count += 4 + size ;
@@ -703,16 +703,15 @@ psf_binheader_writef (SF_PRIVATE *psf, const char *format, ...)
*/
strptr = va_arg (argptr, char *) ;
size = strlen (strptr) ;
- if (psf->header.indx + (sf_count_t) size > psf->header.len && psf_bump_header_allocation (psf, size))
+ if (psf->header.indx + 4 + (sf_count_t) size + (sf_count_t) (size & 1) > psf->header.len && psf_bump_header_allocation (psf, 4 + size + (size & 1)))
return count ;
if (psf->rwf_endian == SF_ENDIAN_BIG)
header_put_be_int (psf, size) ;
else
header_put_le_int (psf, size) ;
- memcpy (&(psf->header.ptr [psf->header.indx]), strptr, size + 1) ;
+ memcpy (&(psf->header.ptr [psf->header.indx]), strptr, size + (size & 1)) ;
size += (size & 1) ;
psf->header.indx += size ;
- psf->header.ptr [psf->header.indx] = 0 ;
count += 4 + size ;
break ;
@@ -724,7 +723,7 @@ psf_binheader_writef (SF_PRIVATE *psf, const char *format, ...)
size = (size & 1) ? size : size + 1 ;
size = (size > 254) ? 254 : size ;
- if (psf->header.indx + (sf_count_t) size > psf->header.len && psf_bump_header_allocation (psf, size))
+ if (psf->header.indx + 1 + (sf_count_t) size > psf->header.len && psf_bump_header_allocation (psf, 1 + size))
return count ;
header_put_byte (psf, size) ;

64
libsndfile-1.0.28-flacbufovfl.patch
View File

@ -1,64 +0,0 @@
From fd0484aba8e51d16af1e3a880f9b8b857b385eb3 Mon Sep 17 00:00:00 2001
From: Erik de Castro Lopo <erikd@mega-nerd.com>
Date: Wed, 12 Apr 2017 19:45:30 +1000
Subject: [PATCH] FLAC: Fix a buffer read overrun
Buffer read overrun occurs when reading a FLAC file that switches
from 2 channels to one channel mid-stream. Only option is to
abort the read.
Closes: https://github.com/erikd/libsndfile/issues/230
---
src/common.h | 1 +
src/flac.c | 13 +++++++++++++
src/sndfile.c | 1 +
3 files changed, 15 insertions(+)
diff --git a/src/common.h b/src/common.h
index 0bd810c3..e2669b6a 100644
--- a/src/common.h
+++ b/src/common.h
@@ -725,6 +725,7 @@ enum
SFE_FLAC_INIT_DECODER,
SFE_FLAC_LOST_SYNC,
SFE_FLAC_BAD_SAMPLE_RATE,
+ SFE_FLAC_CHANNEL_COUNT_CHANGED,
SFE_FLAC_UNKOWN_ERROR,
SFE_WVE_NOT_WVE,
diff --git a/src/flac.c b/src/flac.c
index 84de0e26..986a7b8f 100644
--- a/src/flac.c
+++ b/src/flac.c
@@ -434,6 +434,19 @@ sf_flac_meta_callback (const FLAC__StreamDecoder * UNUSED (decoder), const FLAC_
switch (metadata->type)
{ case FLAC__METADATA_TYPE_STREAMINFO :
+ if (psf->sf.channels > 0 && psf->sf.channels != (int) metadata->data.stream_info.channels)
+ { psf_log_printf (psf, "Error: FLAC stream changed from %d to %d channels\n"
+ "Nothing to be but to error out.\n" ,
+ psf->sf.channels, metadata->data.stream_info.channels) ;
+ psf->error = SFE_FLAC_CHANNEL_COUNT_CHANGED ;
+ return ;
+ } ;
+
+ if (psf->sf.channels > 0 && psf->sf.samplerate != (int) metadata->data.stream_info.sample_rate)
+ { psf_log_printf (psf, "Warning: FLAC stream changed sample rates from %d to %d.\n"
+ "Carrying on as if nothing happened.",
+ psf->sf.samplerate, metadata->data.stream_info.sample_rate) ;
+ } ;
psf->sf.channels = metadata->data.stream_info.channels ;
psf->sf.samplerate = metadata->data.stream_info.sample_rate ;
psf->sf.frames = metadata->data.stream_info.total_samples ;
diff --git a/src/sndfile.c b/src/sndfile.c
index 41875610..e2a87be8 100644
--- a/src/sndfile.c
+++ b/src/sndfile.c
@@ -245,6 +245,7 @@ ErrorStruct SndfileErrors [] =
{ SFE_FLAC_INIT_DECODER , "Error : problem with initialization of the flac decoder." },
{ SFE_FLAC_LOST_SYNC , "Error : flac decoder lost sync." },
{ SFE_FLAC_BAD_SAMPLE_RATE, "Error : flac does not support this sample rate." },
+ { SFE_FLAC_CHANNEL_COUNT_CHANGED, "Error : flac channel changed mid stream." },
{ SFE_FLAC_UNKOWN_ERROR , "Error : unknown error in flac decoder." },
{ SFE_WVE_NOT_WVE , "Error : not a WVE file." },

67
libsndfile-1.0.28-src-wav.c-Fix-WAV-Sampler-Chunk-tune-parsing.patch
View File

@ -1,67 +0,0 @@
From 7ea3f9d8746000cc82c016d0b5d48452bb80e9fe Mon Sep 17 00:00:00 2001
From: Michael Panzlaff <michael.panzlaff@fau.de>
Date: Sat, 28 Apr 2018 23:21:34 +0200
Subject: [PATCH 1/1] src/wav.c: Fix WAV Sampler Chunk tune parsing
Fix parsing of instrument fine tuning instrument field. There is still
a possible rounding error involved which might require further
investigation at some stage.
Update the test as well.
Signed-off-by: chenmaodong <chenmaodong@huawei.com>
---
src/wav.c | 9 +++++----
tests/command_test.c | 1 -
2 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/src/wav.c b/src/wav.c
index dc97545..04bf844 100644
--- a/src/wav.c
+++ b/src/wav.c
@@ -1282,7 +1282,7 @@ static int
wav_read_smpl_chunk (SF_PRIVATE *psf, uint32_t chunklen)
{ char buffer [512] ;
uint32_t thisread, bytesread = 0, dword, sampler_data, loop_count ;
- uint32_t note, start, end, type = -1, count ;
+ uint32_t note, pitch, start, end, type = -1, count ;
int j, k ;
chunklen += (chunklen & 1) ;
@@ -1299,10 +1299,10 @@ wav_read_smpl_chunk (SF_PRIVATE *psf, uint32_t chunklen)
bytesread += psf_binheader_readf (psf, "4", &note) ;
psf_log_printf (psf, " Midi Note : %u\n", note) ;
- bytesread += psf_binheader_readf (psf, "4", &dword) ;
- if (dword != 0)
+ bytesread += psf_binheader_readf (psf, "4", &pitch) ;
+ if (pitch != 0)
{ snprintf (buffer, sizeof (buffer), "%f",
- (1.0 * 0x80000000) / ((uint32_t) dword)) ;
+ (1.0 * 0x80000000) / ((uint32_t) pitch)) ;
psf_log_printf (psf, " Pitch Fract. : %s\n", buffer) ;
}
else
@@ -1408,6 +1408,7 @@ wav_read_smpl_chunk (SF_PRIVATE *psf, uint32_t chunklen)
} ;
psf->instrument->basenote = note ;
+ psf->instrument->detune = (int8_t)(pitch / (0x40000000 / 25.0) + 0.5) ;
psf->instrument->gain = 1 ;
psf->instrument->velocity_lo = psf->instrument->key_lo = 0 ;
psf->instrument->velocity_hi = psf->instrument->key_hi = 127 ;
diff --git a/tests/command_test.c b/tests/command_test.c
index f879659..c3e7c86 100644
--- a/tests/command_test.c
+++ b/tests/command_test.c
@@ -768,7 +768,6 @@ instrument_test (const char *filename, int filetype)
** write_inst struct to hold the default value that the WAV
** module should hold.
*/
- write_inst.detune = 0 ;
write_inst.key_lo = write_inst.velocity_lo = 0 ;
write_inst.key_hi = write_inst.velocity_hi = 127 ;
write_inst.gain = 1 ;
--
1.8.3.1

BIN
libsndfile-1.0.28.tar.gz
View File

Binary file not shown.

25
libsndfile-1.0.29-cve2017_6892.patch
View File

@ -1,25 +0,0 @@
From f833c53cb596e9e1792949f762e0b33661822748 Mon Sep 17 00:00:00 2001
From: Erik de Castro Lopo <erikd@mega-nerd.com>
Date: Tue, 23 May 2017 20:15:24 +1000
Subject: [PATCH] src/aiff.c: Fix a buffer read overflow
Secunia Advisory SA76717.
Found by: Laurent Delosieres, Secunia Research at Flexera Software
---
src/aiff.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/aiff.c b/src/aiff.c
index 5b5f9f53..45864b76 100644
--- a/src/aiff.c
+++ b/src/aiff.c
@@ -1759,7 +1759,7 @@ aiff_read_chanmap (SF_PRIVATE * psf, unsigned dword)
psf_binheader_readf (psf, "j", dword - bytesread) ;
if (map_info->channel_map != NULL)
- { size_t chanmap_size = psf->sf.channels * sizeof (psf->channel_map [0]) ;
+ { size_t chanmap_size = SF_MIN (psf->sf.channels, layout_tag & 0xffff) * sizeof (psf->channel_map [0]) ;
free (psf->channel_map) ;

BIN
libsndfile-1.0.31.tar.bz2 Normal file
View File

Binary file not shown.

26
libsndfile.spec
View File

@ -1,27 +1,16 @@
Name: libsndfile
Version: 1.0.28
Release: 19
Version: 1.0.31
Release: 1
Summary: Library for reading and writing sound files
License: LGPLv2+ and GPLv2+ and BSD
URL: http://www.mega-nerd.com/libsndfile/
Source0: http://www.mega-nerd.com/libsndfile/files/libsndfile-%{version}.tar.gz
URL: http://libsndfile.github.io/libsndfile
Source0: https://github.com/libsndfile/libsndfile/releases/download/%{version}/%{name}-%{version}.tar.bz2
BuildRequires: alsa-lib-devel gcc gcc-c++ flac-devel
BuildRequires: libogg-devel libtool libvorbis-devel pkgconfig
BuildRequires: sqlite-devel
Patch0: libsndfile-1.0.25-zerodivfix.patch
Patch1: libsndfile-1.0.28-flacbufovfl.patch
Patch2: libsndfile-1.0.29-cve2017_6892.patch
Patch3: libsndfile-1.0.28-cve2017_12562.patch
Patch6000: libsndfile-1.0.28-CVE-2018-13139-CVE-2018-19432.patch
Patch6001: libsndfile-1.0.28-src-wav.c-Fix-WAV-Sampler-Chunk-tune-parsing.patch
Patch6002: libsndfile-1.0.28-CVE-2018-19758.patch
Patch6003: libsndfile-1.0.28-CVE-2019-3832.patch
Patch6004: libsndfile-1.0.28-CVE-2017-17456-CVE-2017-17457-CVE-2018-19661-CVE-2018-19662.patch
Patch6005: libsndfile-1.0.28-CVE-2017-14634.patch
Patch6006: libsndfile-1.0.28-CVE-2017-8362.patch
Patch6007: backport-CVE-2021-3246.patch
Patch1: 0001-CVE-2021-3246.patch
%description
Libsndfile is a C library for reading and writing files containing
@ -102,9 +91,7 @@ LD_LIBRARY_PATH=$PWD/src/.libs make check
%{_bindir}/sndfile-metadata-get
%{_bindir}/sndfile-metadata-set
%{_bindir}/sndfile-play
%{_bindir}/sndfile-regtest
%{_bindir}/sndfile-salvage
%exclude %{_bindir}/sndfile-jackplay
%files devel
%{_includedir}/sndfile.h
@ -128,6 +115,9 @@ LD_LIBRARY_PATH=$PWD/src/.libs make check
%{_mandir}/man1/sndfile-salvage.1*
%changelog
* Wed Dec 1 2021 zhouwenpei <zhouwenpei1@huawei.com> - 1.0.31-1
- update to 1.0.31
* Thu Sep 23 2021 zhouwenpei <zhouwenpei1@huawei.com> - 1.0.28-19
- fix CVE-2021-3246