pool/libsndfile
SHA256
11
0
Fork 1
Code Issues Pull Requests Activity

Accepting request 342399 from home:tiwai:branches:multimedia:libs

Browse Source 
- VUL-1: libsndfile DoS/divide-by-zero (CVE-2014-9756, bsc#953521):
  libsndfile-src-file_io.c-Prevent-potential-divide-by-zero.patch

OBS-URL: https://build.opensuse.org/request/show/342399
OBS-URL: https://build.opensuse.org/package/show/multimedia:libs/libsndfile?expand=0&rev=47
This commit is contained in:
Takashi Iwai
2015-11-04 11:46:08 +00:00
committed by Git OBS Bridge
parent 71391ae307
commit df7aaec981
3 changed files with 31 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
libsndfile-src-file_io.c-Prevent-potential-divide-by-zero.patch Normal file
View File

@@ -0,0 +1,22 @@
From 725c7dbb95bfaf8b4bb7b04820e3a00cceea9ce6 Mon Sep 17 00:00:00 2001
From: Erik de Castro Lopo <erikd@mega-nerd.com>
Date: Wed, 24 Dec 2014 21:02:35 +1100
Subject: [PATCH] src/file_io.c : Prevent potential divide-by-zero.
Closes: https://github.com/erikd/libsndfile/issues/92
---
src/file_io.c | 3 +++
1 file changed, 3 insertions(+)
--- a/src/file_io.c
+++ b/src/file_io.c
@@ -358,6 +358,9 @@ psf_fwrite (const void *ptr, sf_count_t
{ sf_count_t total = 0 ;
ssize_t count ;
+ if (bytes == 0 || items == 0)
+ return 0 ;
+
if (psf->virtual_io)
return psf->vio.write (ptr, bytes*items, psf->vio_user_data) / bytes ;

6
libsndfile.changes
View File

@@ -1,3 +1,9 @@
-------------------------------------------------------------------
Wed Nov 4 11:38:16 CET 2015 - tiwai@suse.de
- VUL-1: libsndfile DoS/divide-by-zero (CVE-2014-9756, bsc#953521):
libsndfile-src-file_io.c-Prevent-potential-divide-by-zero.patch
-------------------------------------------------------------------
Sat Mar 21 08:12:34 UTC 2015 - mpluskal@suse.com

3
libsndfile.spec
View File

@@ -37,6 +37,8 @@ Patch2: sndfile-ocloexec.patch
Patch3: sndfile-src-sd2.c-Fix-segfault-in-SD2-RSRC-parser.patch
# PATCH-FIX-UPSTREAM CVE-2014-9496 bnc#911796
Patch4: sndfile-src-sd2.c-Fix-two-potential-buffer-read-overflows.patch
# PATCH-FIX-UPSTREAM CVE-2014-9756 bsc#953521
Patch5: libsndfile-src-file_io.c-Prevent-potential-divide-by-zero.patch
BuildRequires: alsa-devel
BuildRequires: flac-devel
BuildRequires: gcc-c++
@@ -87,6 +89,7 @@ libsndfile library.
%patch2
%patch3 -p1
%patch4 -p1
%patch5 -p1
%build
%define warn_flags -W -Wall -Wstrict-prototypes -Wpointer-arith -Wno-unused-parameter