pool/libsndfile
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libsndfile?expand=0&rev=4

Browse Source
This commit is contained in:
OBS User unknown 2007-09-25 19:12:55 +00:00 committed by Git OBS Bridge
parent 8d8f773a4a
commit d70d0f76c3
3 changed files with 52 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
libsndfile-1.0.17-flac-buffer-overflow.patch Normal file
View File

@ -0,0 +1,38 @@
--- src/flac.c-dist 2007-09-20 15:19:03.000000000 +0200
+++ src/flac.c 2007-09-20 15:19:45.000000000 +0200
@@ -50,7 +50,7 @@ flac_open (SF_PRIVATE *psf)
** Private static functions.
*/
-#define ENC_BUFFER_SIZE 4096
+#define ENC_BUFFER_SIZE 8192
typedef enum
{ PFLAC_PCM_SHORT = 0,
@@ -172,6 +172,17 @@ flac_buffer_copy (SF_PRIVATE *psf)
const FLAC__int32* const *buffer = pflac->wbuffer ;
unsigned i = 0, j, offset ;
+ /*
+ ** frame->header.blocksize is variable and we're using a constant blocksize
+ ** of FLAC__MAX_BLOCK_SIZE.
+ ** Check our assumptions here.
+ */
+ if (frame->header.blocksize > FLAC__MAX_BLOCK_SIZE)
+ { psf_log_printf (psf, "Ooops : frame->header.blocksize (%d) > FLAC__MAX_BLOCK_SIZE (%d)\n", __func__, __LINE__, frame->header.blocksize, FLAC__MAX_BLOCK_SIZE) ;
+ psf->error = SFE_INTERNAL ;
+ return 0 ;
+ } ;
+
if (pflac->ptr == NULL)
{ /*
** Not sure why this code is here and not elsewhere.
@@ -180,7 +191,7 @@ flac_buffer_copy (SF_PRIVATE *psf)
pflac->bufferbackup = SF_TRUE ;
for (i = 0 ; i < frame->header.channels ; i++)
{ if (pflac->rbuffer [i] == NULL)
- pflac->rbuffer [i] = calloc (frame->header.blocksize, sizeof (FLAC__int32)) ;
+ pflac->rbuffer [i] = calloc (FLAC__MAX_BLOCK_SIZE, sizeof (FLAC__int32)) ;
memcpy (pflac->rbuffer [i], buffer [i], frame->header.blocksize * sizeof (FLAC__int32)) ;
} ;
pflac->wbuffer = (const FLAC__int32* const*) pflac->rbuffer ;

6
libsndfile.changes
View File

@ -1,3 +1,9 @@
-------------------------------------------------------------------
Thu Sep 20 15:22:45 CEST 2007 - tiwai@suse.de
- VUL-0: Heap-based buffer overflow in flac.c (#326070,
CVE-2007-4974)
-------------------------------------------------------------------
Mon Apr 16 13:56:20 CEST 2007 - tiwai@suse.de

12
libsndfile.spec
View File

@ -14,15 +14,16 @@ Name: libsndfile
BuildRequires: alsa-devel flac-devel gcc-c++ libstdc++-devel pkgconfig sqlite-devel
Summary: A Library to Handle Various Audio File Formats
Version: 1.0.17
Release: 36
License: GNU Library General Public License v. 2.0 and 2.1 (LGPL)
Release: 80
License: LGPL v2 or later
Group: System/Libraries
Obsoletes: libsnd
Provides: libsnd
Source: libsndfile-%{version}.tar.bz2
Patch: libsndfile-flac-1.1.4-fix.diff
Patch1: libsndfile-ac.diff
URL: http://www.mega-nerd.com/libsndfile/
Patch2: libsndfile-1.0.17-flac-buffer-overflow.patch
Url: http://www.mega-nerd.com/libsndfile/
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
@ -88,6 +89,7 @@ Authors:
%setup
%patch
%patch1
%patch2
%build
%define warn_flags -W -Wall -Wstrict-prototypes -Wpointer-arith -Wno-unused-parameter
@ -143,8 +145,10 @@ test "$RPM_BUILD_ROOT" != "/" -a -d "$RPM_BUILD_ROOT" && rm -rf $RPM_BUILD_ROOT
%{_datadir}/octave/site/m/sndfile_load.m
%{_datadir}/octave/site/m/sndfile_play.m
%{_datadir}/octave/site/m/sndfile_save.m
%changelog
* Thu Sep 20 2007 - tiwai@suse.de
- VUL-0: Heap-based buffer overflow in flac.c (#326070,
CVE-2007-4974)
* Mon Apr 16 2007 - tiwai@suse.de
- Move docs and manpages to appropriate sub-packages (#264820)
- Remove static library (#264820)