Accepting request 943531 from home:tiwai:branches:multimedia:libs

- Fix heap buffer overflow in flac_buffer_copy (CVE-2021-4156, bsc#1194006): libsndfile-CVE-2021-4156.patch OBS-URL: https://build.opensuse.org/request/show/943531 OBS-URL: https://build.opensuse.org/package/show/multimedia:libs/libsndfile?expand=0&rev=83
2022-01-03 08:17:51 +00:00 · 2022-01-03 08:17:51 +00:00 · 883eb70ce8
commit 883eb70ce8
parent 06d8106a98
4 changed files with 52 additions and 2 deletions
--- a/libsndfile-CVE-2021-4156.patch
+++ b/libsndfile-CVE-2021-4156.patch
@ -0,0 +1,42 @@
+From 4c30646abf7834e406f7e2429c70bc254e18beab Mon Sep 17 00:00:00 2001
+From: yuawn <ssspeed00@gmail.com>
+Date: Wed, 14 Apr 2021 08:38:23 +0000
+Subject: [PATCH] flac: Fix improper buffer reusing
+
+---
+ src/flac.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/src/flac.c b/src/flac.c
+index 64d0172e6..800d81078 100644
+--- a/src/flac.c
+++ b/src/flac.c
+@@ -62,6 +62,7 @@ typedef struct
+ 	FLAC__StreamMetadata *metadata ;
+ 
+ 	const int32_t * const * wbuffer ;
+	unsigned wbuffer_size ;
+ 	int32_t * rbuffer [FLAC__MAX_CHANNELS] ;
+ 
+ 	int32_t* encbuffer ;
+@@ -188,6 +189,12 @@ flac_buffer_copy (SF_PRIVATE *psf)
+ 		return 0 ;
+ 		} ;
+ 
+	if (frame->header.blocksize > pflac->wbuffer_size)
+	{	psf_log_printf (psf, "Ooops : frame->header.blocksize (%d) > pflac->wbuffer_size (%d)\n", __func__, __LINE__, frame->header.blocksize, pflac->wbuffer_size) ;
+		psf->error = SFE_INTERNAL ;
+		return 0 ;
+		} ;
+
+ 	if (frame->header.channels > FLAC__MAX_CHANNELS)
+ 		psf_log_printf (psf, "Ooops : frame->header.channels (%d) > FLAC__MAX_BLOCK_SIZE (%d)\n", __func__, __LINE__, frame->header.channels, FLAC__MAX_CHANNELS) ;
+ 
+@@ -393,6 +400,7 @@ sf_flac_write_callback (const FLAC__StreamDecoder * UNUSED (decoder), const FLAC
+ 	pflac->bufferpos = 0 ;
+ 
+ 	pflac->wbuffer = buffer ;
+	pflac->wbuffer_size = pflac->frame->header.blocksize ;
+ 
+ 	flac_buffer_copy (psf) ;
+ 
--- a/libsndfile-progs.spec
+++ b/libsndfile-progs.spec
@ -1,7 +1,7 @@
 #
 # spec file for package libsndfile-progs
 #
-# Copyright (c) 2021 SUSE LLC
+# Copyright (c) 2022 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
--- a/libsndfile.changes
+++ b/libsndfile.changes
@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Mon Jan  3 08:35:12 CET 2022 - tiwai@suse.de
+
+- Fix heap buffer overflow in flac_buffer_copy (CVE-2021-4156,
+  bsc#1194006):
+  libsndfile-CVE-2021-4156.patch
+
 -------------------------------------------------------------------
 Fri Jul 23 12:59:11 CEST 2021 - tiwai@suse.de

--- a/libsndfile.spec
+++ b/libsndfile.spec
@ -1,7 +1,7 @@
 #
 # spec file for package libsndfile
 #
-# Copyright (c) 2021 SUSE LLC
+# Copyright (c) 2022 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -30,6 +30,7 @@ Source2:        %{name}.keyring
 Source3:        baselibs.conf
 Patch34:        sndfile-deinterlace-channels-check.patch
 Patch35:        ms_adpcm-Fix-and-extend-size-checks.patch
+Patch40:        libsndfile-CVE-2021-4156.patch
 # PATCH-FIX-OPENSUSE
 Patch100:       sndfile-ocloexec.patch
 BuildRequires:  cmake