Accepting request 621331 from multimedia:libs

OBS-URL: https://build.opensuse.org/request/show/621331
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libsndfile?expand=0&rev=55

libsndfile.changes

@@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Fri Jul  6 14:11:47 CEST 2018 - tiwai@suse.de
+
+- Fix buffer overflow in sndfile-deinterlace, which isn't really a
+  security issue (bsc#1100167, CVE-2018-13139):
+  sndfile-deinterlace-channels-check.patch
+
 -------------------------------------------------------------------
 Fri Jun  8 14:49:18 CEST 2018 - tiwai@suse.de
 

libsndfile.spec

@@ -39,6 +39,7 @@ Patch31:        0031-sfe_copy_data_fp-check-value-of-max-variable.patch
 # not yet upstreamed
 Patch32:        libsndfile-CVE-2017-17456-alaw-range-check.patch
 Patch33:        libsndfile-CVE-2017-17457-ulaw-range-check.patch
+Patch34:        sndfile-deinterlace-channels-check.patch
 # PATCH-FIX-OPENSUSE
 Patch100:       sndfile-ocloexec.patch
 BuildRequires:  alsa-devel
@@ -94,6 +95,7 @@ libsndfile library.
 %patch31 -p1
 %patch32 -p1
 %patch33 -p1
+%patch34 -p1
 %patch100 -p1
 
 %build

sndfile-deinterlace-channels-check.patch

@@ -0,0 +1,16 @@
+diff --git a/programs/sndfile-deinterleave.c b/programs/sndfile-deinterleave.c
+index 5366031075ab..712cb96cda76 100644
+--- a/programs/sndfile-deinterleave.c
++++ b/programs/sndfile-deinterleave.c
+@@ -89,6 +89,11 @@ main (int argc, char **argv)
+ 		exit (1) ;
+ 		} ;
+ 
++	if (sfinfo.channels > MAX_CHANNELS)
++	{	printf ("\nError : Too many channels %d in input file '%s'.\n", sfinfo.channels, argv[1]) ;
++		exit (1) ;
++		}
++
+ 	state.channels = sfinfo.channels ;
+ 	sfinfo.channels = 1 ;
+