Accepting request 653843 from home:tiwai:branches:multimedia:libs
- Fix segfault in wav conversion due to the invalid loop count (CVE-2018-19758, bsc#1117954): libsndfile-wav-loop-count-fix.patch OBS-URL: https://build.opensuse.org/request/show/653843 OBS-URL: https://build.opensuse.org/package/show/multimedia:libs/libsndfile?expand=0&rev=74
This commit is contained in:
parent
79472c810d
commit
25c5f0aed6
14
debug.patch
Normal file
14
debug.patch
Normal file
@ -0,0 +1,14 @@
|
||||
---
|
||||
programs/common.c | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
--- a/programs/common.c
|
||||
+++ b/programs/common.c
|
||||
@@ -92,6 +92,7 @@ sfe_copy_data_int (SNDFILE *outfile, SND
|
||||
|
||||
while (readcount > 0)
|
||||
{ readcount = sf_readf_int (infile, data, frames) ;
|
||||
+ fprintf(stderr, "XXX sf_read_int frames=%d, count=%d, size=%d\n", frames, readcount, BUFFER_LEN);
|
||||
sf_writef_int (outfile, data, readcount) ;
|
||||
} ;
|
||||
|
@ -38,6 +38,7 @@ Patch31: 0031-sfe_copy_data_fp-check-value-of-max-variable.patch
|
||||
Patch32: libsndfile-CVE-2017-17456-alaw-range-check.patch
|
||||
Patch33: libsndfile-CVE-2017-17457-ulaw-range-check.patch
|
||||
Patch34: sndfile-deinterlace-channels-check.patch
|
||||
Patch99: debug.patch
|
||||
# PATCH-FIX-OPENSUSE
|
||||
Patch100: sndfile-ocloexec.patch
|
||||
BuildRequires: alsa-devel
|
||||
@ -64,6 +65,7 @@ This package includes the example programs for libsndfile.
|
||||
%patch32 -p1
|
||||
%patch33 -p1
|
||||
%patch34 -p1
|
||||
%patch99 -p1
|
||||
%patch100 -p1
|
||||
|
||||
%build
|
||||
|
27
libsndfile-wav-loop-count-fix.patch
Normal file
27
libsndfile-wav-loop-count-fix.patch
Normal file
@ -0,0 +1,27 @@
|
||||
From: Takashi Iwai <tiwai@suse.de>
|
||||
Subject: wav: Fix segfault due to invalid loop_count
|
||||
References: CVE-2018-19758, bsc#1117954
|
||||
|
||||
The psf->instrument->loop_count can be over the actual loops array size,
|
||||
and it leads to a segfault.
|
||||
|
||||
Just add the loop size fix to address it.
|
||||
|
||||
Signed-off-by: Takashi Iwai <tiwai@suse.de>
|
||||
|
||||
---
|
||||
src/wav.c | 3 +++
|
||||
1 file changed, 3 insertions(+)
|
||||
|
||||
--- a/src/wav.c
|
||||
+++ b/src/wav.c
|
||||
@@ -1097,6 +1097,9 @@ wav_write_header (SF_PRIVATE *psf, int c
|
||||
for (tmp = 0 ; tmp < psf->instrument->loop_count ; tmp++)
|
||||
{ int type ;
|
||||
|
||||
+ if (tmp >= ARRAY_LEN (psf->instrument->loops))
|
||||
+ break;
|
||||
+
|
||||
type = psf->instrument->loops [tmp].mode ;
|
||||
type = (type == SF_LOOP_FORWARD ? 0 : type == SF_LOOP_BACKWARD ? 2 : type == SF_LOOP_ALTERNATING ? 1 : 32) ;
|
||||
|
@ -1,3 +1,10 @@
|
||||
-------------------------------------------------------------------
|
||||
Tue Dec 4 13:42:05 CET 2018 - tiwai@suse.de
|
||||
|
||||
- Fix segfault in wav conversion due to the invalid loop count
|
||||
(CVE-2018-19758, bsc#1117954):
|
||||
libsndfile-wav-loop-count-fix.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Jul 6 14:11:47 CEST 2018 - tiwai@suse.de
|
||||
|
||||
|
@ -40,6 +40,8 @@ Patch31: 0031-sfe_copy_data_fp-check-value-of-max-variable.patch
|
||||
Patch32: libsndfile-CVE-2017-17456-alaw-range-check.patch
|
||||
Patch33: libsndfile-CVE-2017-17457-ulaw-range-check.patch
|
||||
Patch34: sndfile-deinterlace-channels-check.patch
|
||||
# not yet upstreamed, CVE-2018-19758, bsc#1117954
|
||||
Patch40: libsndfile-wav-loop-count-fix.patch
|
||||
# PATCH-FIX-OPENSUSE
|
||||
Patch100: sndfile-ocloexec.patch
|
||||
BuildRequires: alsa-devel
|
||||
@ -96,6 +98,7 @@ libsndfile library.
|
||||
%patch32 -p1
|
||||
%patch33 -p1
|
||||
%patch34 -p1
|
||||
%patch40 -p1
|
||||
%patch100 -p1
|
||||
|
||||
%build
|
||||
|
Loading…
Reference in New Issue
Block a user