packages/libsndfile
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!20 [sync] PR-17: fix CVE-2021-4156

Browse Source 
From: @openeuler-sync-bot 
Reviewed-by: @liqingqing_1229 
Signed-off-by: @liqingqing_1229
This commit is contained in:
openeuler-ci-bot 2022-05-16 09:16:28 +00:00 committed by Gitee
commit a4b25e793e
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
2 changed files with 30 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
backport-CVE-2021-4156.patch Normal file
View File

@ -0,0 +1,25 @@
From ced91d7b971be6173b604154c39279ce90ad87cc Mon Sep 17 00:00:00 2001
From: yuan <ssspeed00@gmail.com>
Date: Tue, 20 Apr 2021 16:16:32 +0800
Subject: [PATCH] flac: Fix improper buffer reusing (#732)
---
src/flac.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/src/flac.c b/src/flac.c
index 64d0172e6..e33204505 100644
--- a/src/flac.c
+++ b/src/flac.c
@@ -948,7 +948,11 @@ flac_read_loop (SF_PRIVATE *psf, unsigned len)
/* Decode some more. */
while (pflac->pos < pflac->len)
{ if (FLAC__stream_decoder_process_single (pflac->fsd) == 0)
+ { psf_log_printf (psf, "FLAC__stream_decoder_process_single returned false\n") ;
+ /* Current frame is busted, so NULL the pointer. */
+ pflac->frame = NULL ;
break ;
+ } ;
state = FLAC__stream_decoder_get_state (pflac->fsd) ;
if (state >= FLAC__STREAM_DECODER_END_OF_STREAM)
{ psf_log_printf (psf, "FLAC__stream_decoder_get_state returned %s\n", FLAC__StreamDecoderStateString [state]) ;

6
libsndfile.spec
View File

@ -1,6 +1,6 @@
Name: libsndfile
Version: 1.0.28
Release: 19
Release: 20
Summary: Library for reading and writing sound files
License: LGPLv2+ and GPLv2+ and BSD
URL: http://www.mega-nerd.com/libsndfile/
@ -22,6 +22,7 @@ Patch6004: libsndfile-1.0.28-CVE-2017-17456-CVE-2017-17457-CVE-2018-19661-CVE-20
Patch6005: libsndfile-1.0.28-CVE-2017-14634.patch
Patch6006: libsndfile-1.0.28-CVE-2017-8362.patch
Patch6007: backport-CVE-2021-3246.patch
Patch6008: backport-CVE-2021-4156.patch
%description
Libsndfile is a C library for reading and writing files containing
@ -128,6 +129,9 @@ LD_LIBRARY_PATH=$PWD/src/.libs make check
%{_mandir}/man1/sndfile-salvage.1*
%changelog
* Mon May 16 2022 zhouwenpei <zhouwenpei1@h-partners.com> - 1.0.28-20
- fix CVE-2021-4156
* Thu Sep 23 2021 zhouwenpei <zhouwenpei1@huawei.com> - 1.0.28-19
- fix CVE-2021-3246