diff --git a/libsndfile-CVE-2021-4156.patch b/libsndfile-CVE-2021-4156.patch new file mode 100644 index 0000000..80b5c0f --- /dev/null +++ b/libsndfile-CVE-2021-4156.patch @@ -0,0 +1,42 @@ +From 4c30646abf7834e406f7e2429c70bc254e18beab Mon Sep 17 00:00:00 2001 +From: yuawn +Date: Wed, 14 Apr 2021 08:38:23 +0000 +Subject: [PATCH] flac: Fix improper buffer reusing + +--- + src/flac.c | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/src/flac.c b/src/flac.c +index 64d0172e6..800d81078 100644 +--- a/src/flac.c ++++ b/src/flac.c +@@ -62,6 +62,7 @@ typedef struct + FLAC__StreamMetadata *metadata ; + + const int32_t * const * wbuffer ; ++ unsigned wbuffer_size ; + int32_t * rbuffer [FLAC__MAX_CHANNELS] ; + + int32_t* encbuffer ; +@@ -188,6 +189,12 @@ flac_buffer_copy (SF_PRIVATE *psf) + return 0 ; + } ; + ++ if (frame->header.blocksize > pflac->wbuffer_size) ++ { psf_log_printf (psf, "Ooops : frame->header.blocksize (%d) > pflac->wbuffer_size (%d)\n", __func__, __LINE__, frame->header.blocksize, pflac->wbuffer_size) ; ++ psf->error = SFE_INTERNAL ; ++ return 0 ; ++ } ; ++ + if (frame->header.channels > FLAC__MAX_CHANNELS) + psf_log_printf (psf, "Ooops : frame->header.channels (%d) > FLAC__MAX_BLOCK_SIZE (%d)\n", __func__, __LINE__, frame->header.channels, FLAC__MAX_CHANNELS) ; + +@@ -393,6 +400,7 @@ sf_flac_write_callback (const FLAC__StreamDecoder * UNUSED (decoder), const FLAC + pflac->bufferpos = 0 ; + + pflac->wbuffer = buffer ; ++ pflac->wbuffer_size = pflac->frame->header.blocksize ; + + flac_buffer_copy (psf) ; + diff --git a/libsndfile-progs.spec b/libsndfile-progs.spec index 4d94a60..a2cbbcb 100644 --- a/libsndfile-progs.spec +++ b/libsndfile-progs.spec @@ -1,7 +1,7 @@ # # spec file for package libsndfile-progs # -# Copyright (c) 2021 SUSE LLC +# Copyright (c) 2022 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed diff --git a/libsndfile.changes b/libsndfile.changes index d6e3a36..7dfd574 100644 --- a/libsndfile.changes +++ b/libsndfile.changes @@ -1,3 +1,10 @@ +------------------------------------------------------------------- +Mon Jan 3 08:35:12 CET 2022 - tiwai@suse.de + +- Fix heap buffer overflow in flac_buffer_copy (CVE-2021-4156, + bsc#1194006): + libsndfile-CVE-2021-4156.patch + ------------------------------------------------------------------- Fri Jul 23 12:59:11 CEST 2021 - tiwai@suse.de diff --git a/libsndfile.spec b/libsndfile.spec index 53222c4..dc74b59 100644 --- a/libsndfile.spec +++ b/libsndfile.spec @@ -1,7 +1,7 @@ # # spec file for package libsndfile # -# Copyright (c) 2021 SUSE LLC +# Copyright (c) 2022 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -30,6 +30,7 @@ Source2: %{name}.keyring Source3: baselibs.conf Patch34: sndfile-deinterlace-channels-check.patch Patch35: ms_adpcm-Fix-and-extend-size-checks.patch +Patch40: libsndfile-CVE-2021-4156.patch # PATCH-FIX-OPENSUSE Patch100: sndfile-ocloexec.patch BuildRequires: cmake