From 660458140be35b6d66728ec50b9e7f92a2087ea3e8f08b2866054f03167546d2 Mon Sep 17 00:00:00 2001
From: Takashi Iwai <tiwai@suse.com>
Date: Tue, 13 Jun 2017 06:50:10 +0000
Subject: [PATCH] Accepting request 503301 from
 home:tiwai:branches:multimedia:libs

- Fix out-of-bounds read memory access in the aiff_read_chanmap()
  (CVE-2017-6892, bsc#1043978):
  0010-src-aiff.c-Fix-a-buffer-read-overflow.patch

OBS-URL: https://build.opensuse.org/request/show/503301
OBS-URL: https://build.opensuse.org/package/show/multimedia:libs/libsndfile?expand=0&rev=60
---
 ...rc-aiff.c-Fix-a-buffer-read-overflow.patch | 23 +++++++++++++++++++
 libsndfile.changes                            |  7 ++++++
 libsndfile.spec                               |  2 ++
 3 files changed, 32 insertions(+)
 create mode 100644 0010-src-aiff.c-Fix-a-buffer-read-overflow.patch

diff --git a/0010-src-aiff.c-Fix-a-buffer-read-overflow.patch b/0010-src-aiff.c-Fix-a-buffer-read-overflow.patch
new file mode 100644
index 0000000..2c6d83d
--- /dev/null
+++ b/0010-src-aiff.c-Fix-a-buffer-read-overflow.patch
@@ -0,0 +1,23 @@
+From f833c53cb596e9e1792949f762e0b33661822748 Mon Sep 17 00:00:00 2001
+From: Erik de Castro Lopo <erikd@mega-nerd.com>
+Date: Tue, 23 May 2017 20:15:24 +1000
+Subject: [PATCH] src/aiff.c: Fix a buffer read overflow
+
+Secunia Advisory SA76717.
+
+Found by: Laurent Delosieres, Secunia Research at Flexera Software
+---
+ src/aiff.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/src/aiff.c
++++ b/src/aiff.c
+@@ -1905,7 +1905,7 @@ aiff_read_chanmap (SF_PRIVATE * psf, uns
+ 		psf_binheader_readf (psf, "j", dword - bytesread) ;
+ 
+ 	if (map_info->channel_map != NULL)
+-	{	size_t chanmap_size = psf->sf.channels * sizeof (psf->channel_map [0]) ;
++	{	size_t chanmap_size = SF_MIN (psf->sf.channels, layout_tag & 0xffff) * sizeof (psf->channel_map [0]) ;
+ 
+ 		free (psf->channel_map) ;
+ 
diff --git a/libsndfile.changes b/libsndfile.changes
index f1158e5..770c7a9 100644
--- a/libsndfile.changes
+++ b/libsndfile.changes
@@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Tue Jun 13 08:36:52 CEST 2017 - tiwai@suse.de
+
+- Fix out-of-bounds read memory access in the aiff_read_chanmap()
+  (CVE-2017-6892, bsc#1043978):
+  0010-src-aiff.c-Fix-a-buffer-read-overflow.patch
+
 -------------------------------------------------------------------
 Tue May  2 14:06:40 CEST 2017 - tiwai@suse.de
 
diff --git a/libsndfile.spec b/libsndfile.spec
index a8a3298..cb29f88 100644
--- a/libsndfile.spec
+++ b/libsndfile.spec
@@ -31,6 +31,7 @@ Source3:        baselibs.conf
 # PATCH-FIX-UPSTREAM
 Patch1:         0001-FLAC-Fix-a-buffer-read-overrun.patch
 Patch2:         0002-src-flac.c-Fix-a-buffer-read-overflow.patch
+Patch10:        0010-src-aiff.c-Fix-a-buffer-read-overflow.patch
 # PATCH-FIX-OPENSUSE
 Patch100:       sndfile-ocloexec.patch
 BuildRequires:  alsa-devel
@@ -80,6 +81,7 @@ libsndfile library.
 %setup -q
 %patch1 -p1
 %patch2 -p1
+%patch10 -p1
 %patch100 -p1
 
 %build