Package: libsndfile / 1.0.28-6

CVE-2017-8362.patch Patch series | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
From: Erik de Castro Lopez <erikd@mega-nerd.com>
Date: Sun, 28 May 2017 00:00:00 +0200
Subject: fixed yet another buffer read overflow in FLAC code

Origin: upstream
Applied-Upstream: https://github.com/erikd/libsndfile/commit/ef1dbb2df1c0e741486646de40bd638a9c4cd808

CVE-2017-8362
Last-Update: 2017-05-28
---
 src/flac.c | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/src/flac.c b/src/flac.c
index 5a4f8c2..e4f9aaa 100644
--- a/src/flac.c
+++ b/src/flac.c
@@ -169,6 +169,14 @@ flac_buffer_copy (SF_PRIVATE *psf)
 	const int32_t* const *buffer = pflac->wbuffer ;
 	unsigned i = 0, j, offset, channels, len ;
 
+	if (psf->sf.channels != (int) frame->header.channels)
+	{	psf_log_printf (psf, "Error: FLAC frame changed from %d to %d channels\n"
+									"Nothing to do but to error out.\n" ,
+									psf->sf.channels, frame->header.channels) ;
+		psf->error = SFE_FLAC_CHANNEL_COUNT_CHANGED ;
+		return 0 ;
+		} ;
+
 	/*
 	**	frame->header.blocksize is variable and we're using a constant blocksize
 	**	of FLAC__MAX_BLOCK_SIZE.
@@ -202,7 +210,6 @@ flac_buffer_copy (SF_PRIVATE *psf)
 		return 0 ;
 		} ;
 
-
 	len = SF_MIN (pflac->len, frame->header.blocksize) ;
 
 	if (pflac->remain % channels != 0)
@@ -436,7 +443,7 @@ sf_flac_meta_callback (const FLAC__StreamDecoder * UNUSED (decoder), const FLAC_
 	{	case FLAC__METADATA_TYPE_STREAMINFO :
 			if (psf->sf.channels > 0 && psf->sf.channels != (int) metadata->data.stream_info.channels)
 			{	psf_log_printf (psf, "Error: FLAC stream changed from %d to %d channels\n"
-									"Nothing to be but to error out.\n" ,
+									"Nothing to do but to error out.\n" ,
 									psf->sf.channels, metadata->data.stream_info.channels) ;
 				psf->error = SFE_FLAC_CHANNEL_COUNT_CHANGED ;
 				return ;