From 2c538a18aae144c2c56e79fdd12eeb998982d5b7641ac4938fa12ef9c875a783 Mon Sep 17 00:00:00 2001
From: Takashi Iwai <tiwai@suse.com>
Date: Fri, 6 Jul 2018 12:28:14 +0000
Subject: [PATCH] Accepting request 621327 from
 home:tiwai:branches:multimedia:libs

- Fix buffer overflow in sndfile-deinterlace, which isn't really a
  security issue (bsc#1100167, CVE-2018-13139):
  sndfile-deinterlace-channels-check.patch

OBS-URL: https://build.opensuse.org/request/show/621327
OBS-URL: https://build.opensuse.org/package/show/multimedia:libs/libsndfile?expand=0&rev=68
---
 libsndfile.changes                       |  7 +++++++
 libsndfile.spec                          |  2 ++
 sndfile-deinterlace-channels-check.patch | 16 ++++++++++++++++
 3 files changed, 25 insertions(+)
 create mode 100644 sndfile-deinterlace-channels-check.patch

diff --git a/libsndfile.changes b/libsndfile.changes
index 2d6bbb1..f00de06 100644
--- a/libsndfile.changes
+++ b/libsndfile.changes
@@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Fri Jul  6 14:11:47 CEST 2018 - tiwai@suse.de
+
+- Fix buffer overflow in sndfile-deinterlace, which isn't really a
+  security issue (bsc#1100167, CVE-2018-13139):
+  sndfile-deinterlace-channels-check.patch
+
 -------------------------------------------------------------------
 Fri Jun  8 14:49:18 CEST 2018 - tiwai@suse.de
 
diff --git a/libsndfile.spec b/libsndfile.spec
index 421038b..dcb3a45 100644
--- a/libsndfile.spec
+++ b/libsndfile.spec
@@ -39,6 +39,7 @@ Patch31:        0031-sfe_copy_data_fp-check-value-of-max-variable.patch
 # not yet upstreamed
 Patch32:        libsndfile-CVE-2017-17456-alaw-range-check.patch
 Patch33:        libsndfile-CVE-2017-17457-ulaw-range-check.patch
+Patch34:        sndfile-deinterlace-channels-check.patch
 # PATCH-FIX-OPENSUSE
 Patch100:       sndfile-ocloexec.patch
 BuildRequires:  alsa-devel
@@ -94,6 +95,7 @@ libsndfile library.
 %patch31 -p1
 %patch32 -p1
 %patch33 -p1
+%patch34 -p1
 %patch100 -p1
 
 %build
diff --git a/sndfile-deinterlace-channels-check.patch b/sndfile-deinterlace-channels-check.patch
new file mode 100644
index 0000000..ec7a8b5
--- /dev/null
+++ b/sndfile-deinterlace-channels-check.patch
@@ -0,0 +1,16 @@
+diff --git a/programs/sndfile-deinterleave.c b/programs/sndfile-deinterleave.c
+index 5366031075ab..712cb96cda76 100644
+--- a/programs/sndfile-deinterleave.c
++++ b/programs/sndfile-deinterleave.c
+@@ -89,6 +89,11 @@ main (int argc, char **argv)
+ 		exit (1) ;
+ 		} ;
+ 
++	if (sfinfo.channels > MAX_CHANNELS)
++	{	printf ("\nError : Too many channels %d in input file '%s'.\n", sfinfo.channels, argv[1]) ;
++		exit (1) ;
++		}
++
+ 	state.channels = sfinfo.channels ;
+ 	sfinfo.channels = 1 ;
+