Accepting request 503303 from multimedia:libs

1

OBS-URL: https://build.opensuse.org/request/show/503303
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libsndfile?expand=0&rev=51

0010-src-aiff.c-Fix-a-buffer-read-overflow.patch

@@ -0,0 +1,23 @@
+From f833c53cb596e9e1792949f762e0b33661822748 Mon Sep 17 00:00:00 2001
+From: Erik de Castro Lopo <erikd@mega-nerd.com>
+Date: Tue, 23 May 2017 20:15:24 +1000
+Subject: [PATCH] src/aiff.c: Fix a buffer read overflow
+
+Secunia Advisory SA76717.
+
+Found by: Laurent Delosieres, Secunia Research at Flexera Software
+---
+ src/aiff.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/src/aiff.c
++++ b/src/aiff.c
+@@ -1905,7 +1905,7 @@ aiff_read_chanmap (SF_PRIVATE * psf, uns
+ 		psf_binheader_readf (psf, "j", dword - bytesread) ;
+ 
+ 	if (map_info->channel_map != NULL)
+-	{	size_t chanmap_size = psf->sf.channels * sizeof (psf->channel_map [0]) ;
++	{	size_t chanmap_size = SF_MIN (psf->sf.channels, layout_tag & 0xffff) * sizeof (psf->channel_map [0]) ;
+ 
+ 		free (psf->channel_map) ;
+ 

libsndfile.changes

@@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Tue Jun 13 08:36:52 CEST 2017 - tiwai@suse.de
+
+- Fix out-of-bounds read memory access in the aiff_read_chanmap()
+  (CVE-2017-6892, bsc#1043978):
+  0010-src-aiff.c-Fix-a-buffer-read-overflow.patch
+
 -------------------------------------------------------------------
 Tue May  2 14:06:40 CEST 2017 - tiwai@suse.de
 

libsndfile.spec

@@ -31,6 +31,7 @@ Source3:        baselibs.conf
 # PATCH-FIX-UPSTREAM
 Patch1:         0001-FLAC-Fix-a-buffer-read-overrun.patch
 Patch2:         0002-src-flac.c-Fix-a-buffer-read-overflow.patch
+Patch10:        0010-src-aiff.c-Fix-a-buffer-read-overflow.patch
 # PATCH-FIX-OPENSUSE
 Patch100:       sndfile-ocloexec.patch
 BuildRequires:  alsa-devel
@@ -80,6 +81,7 @@ libsndfile library.
 %setup -q
 %patch1 -p1
 %patch2 -p1
+%patch10 -p1
 %patch100 -p1
 
 %build