packages/libsndfile
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

* Thu Dec 21 2023 xuyuchao <xu.yuchao@xfusion.com> - 1.0.28-21

Browse Source 
- Type:CVE
- CVE:CVE-2023-33065
- DESC:fix CVE-2023-33065

(cherry picked from commit 6a3adc37c11305eb29cebd7780e12578ed813a89)
This commit is contained in:
xuyuchao 2023-12-21 20:37:57 +08:00 committed by openeuler-sync-bot
parent a4b25e793e
commit 58b3297b9b
2 changed files with 49 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
backport-CVE-2022-33065.patch Normal file
View File

@ -0,0 +1,42 @@
From da1fcb0199f6a5c883fd158a20896a0e9c085e02 Mon Sep 17 00:00:00 2001
From: Alex Stewart <alex.stewart@ni.com>
Date: Wed, 22 Nov 2023 17:15:12 +0800
Subject: [PATCH] mat4/mat5: fix int overflow in dataend calculation
The clang sanitizer warns of a possible signed integer overflow when
calculating the `dataend` value in `mat4_read_header()`.
```
src/mat4.c:323:41: runtime error: signed integer overflow: 205 * -100663296 cannot be represented in type 'int'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior src/mat4.c:323:41 in
src/mat4.c:323:48: runtime error: signed integer overflow: 838860800 * 4 cannot be represented in type 'int'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior src/mat4.c:323:48 in
```
Cast the offending `rows` and `cols` ints to `sf_count_t` (the type of
`dataend` before performing the calculation, to avoid the issue.
CVE: CVE-2022-33065
Fixes: https://github.com/libsndfile/libsndfile/issues/789
Fixes: https://github.com/libsndfile/libsndfile/issues/833
Signed-off-by: Alex Stewart <alex.stewart@ni.com>
---
src/mat4.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/mat4.c b/src/mat4.c
index 3c73680..e2f98b7 100644
--- a/src/mat4.c
+++ b/src/mat4.c
@@ -320,7 +320,7 @@ mat4_read_header (SF_PRIVATE *psf)
psf->filelength - psf->dataoffset, psf->sf.channels * psf->sf.frames * psf->bytewidth) ;
}
else if ((psf->filelength - psf->dataoffset) > psf->sf.channels * psf->sf.frames * psf->bytewidth)
- psf->dataend = psf->dataoffset + rows * cols * psf->bytewidth ;
+ psf->dataend = psf->dataoffset + (sf_count_t) rows * (sf_count_t) cols * psf->bytewidth ;
psf->datalength = psf->filelength - psf->dataoffset - psf->dataend ;
--
2.27.0

8
libsndfile.spec
View File

@ -1,6 +1,6 @@
Name: libsndfile
Version: 1.0.28
Release: 20
Release: 21
Summary: Library for reading and writing sound files
License: LGPLv2+ and GPLv2+ and BSD
URL: http://www.mega-nerd.com/libsndfile/
@ -23,6 +23,7 @@ Patch6005: libsndfile-1.0.28-CVE-2017-14634.patch
Patch6006: libsndfile-1.0.28-CVE-2017-8362.patch
Patch6007: backport-CVE-2021-3246.patch
Patch6008: backport-CVE-2021-4156.patch
Patch6009: backport-CVE-2022-33065.patch
%description
Libsndfile is a C library for reading and writing files containing
@ -129,6 +130,11 @@ LD_LIBRARY_PATH=$PWD/src/.libs make check
%{_mandir}/man1/sndfile-salvage.1*
%changelog
* Thu Dec 21 2023 xuyuchao <xu.yuchao@xfusion.com> - 1.0.28-21
- Type:CVE
- CVE:CVE-2023-33065
- DESC:fix CVE-2023-33065
* Mon May 16 2022 zhouwenpei <zhouwenpei1@h-partners.com> - 1.0.28-20
- fix CVE-2021-4156