rpms
/
libsndfile
20
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

import libsndfile-1.0.28-16.el8_10

Browse Source
c8 imports/c8/libsndfile-1.0.28-16.el8_10
MSVSphere Packaging Team 2 months ago
parent 318aa7e3bc
commit 77ad3dba90
Signed by: sys_gitsync
GPG Key ID: B2B0B9F29E528FE8
4 changed files with 783 additions and 13 deletions
Show Stats Download Patch File Download Diff File

67
SOURCES/libsndfile-1.0.28-cve-2024-50612prereq.patch
Unescape View File

@ -0,0 +1,67 @@
diff -up libsndfile-1.0.28/src/ogg.c.cve-2024-50612prereq libsndfile-1.0.28/src/ogg.c
--- libsndfile-1.0.28/src/ogg.c.cve-2024-50612prereq 2017-04-01 09:18:02.000000000 +0200
+++ libsndfile-1.0.28/src/ogg.c 2024-11-26 15:06:33.595446443 +0100
@@ -45,6 +45,16 @@ static int ogg_stream_classify (SF_PRIVA
static int ogg_page_classify (SF_PRIVATE * psf, const ogg_page * og) ;
int
+ogg_write_page (SF_PRIVATE *psf, ogg_page *page)
+{ int bytes ;
+
+ bytes = psf_fwrite (page->header, 1, page->header_len, psf) ;
+ bytes += psf_fwrite (page->body, 1, page->body_len, psf) ;
+
+ return bytes == page->header_len + page->body_len ;
+} /* ogg_write_page */
+
+int
ogg_open (SF_PRIVATE *psf)
{ OGG_PRIVATE* odata = calloc (1, sizeof (OGG_PRIVATE)) ;
sf_count_t pos = psf_ftell (psf) ;
diff -up libsndfile-1.0.28/src/ogg.h.cve-2024-50612prereq libsndfile-1.0.28/src/ogg.h
--- libsndfile-1.0.28/src/ogg.h.cve-2024-50612prereq 2024-11-26 15:06:45.023560621 +0100
+++ libsndfile-1.0.28/src/ogg.h 2024-11-26 15:06:57.731687587 +0100
@@ -48,5 +48,10 @@ typedef struct
(buf [base] & 0xff))
+/*
+** Write the whole Ogg page out. Convenience function as the ogg_page struct
+** splits header and body data into separate buffers.
+*/
+int ogg_write_page (SF_PRIVATE *, ogg_page *) ;
#endif /* SF_SRC_OGG_H */
diff -up libsndfile-1.0.28/src/ogg_vorbis.c.cve-2024-50612prereq libsndfile-1.0.28/src/ogg_vorbis.c
--- libsndfile-1.0.28/src/ogg_vorbis.c.cve-2024-50612prereq 2017-04-01 09:18:02.000000000 +0200
+++ libsndfile-1.0.28/src/ogg_vorbis.c 2024-11-26 15:06:33.595446443 +0100
@@ -423,8 +423,7 @@ vorbis_write_header (SF_PRIVATE *psf, in
* audio data will start on a new page, as per spec
*/
while ((result = ogg_stream_flush (&odata->ostream, &odata->opage)) != 0)
- { psf_fwrite (odata->opage.header, 1, odata->opage.header_len, psf) ;
- psf_fwrite (odata->opage.body, 1, odata->opage.body_len, psf) ;
+ { ogg_write_page (psf, &odata->opage) ;
} ;
}
@@ -463,8 +462,7 @@ vorbis_close (SF_PRIVATE *psf)
while (!odata->eos)
{ int result = ogg_stream_pageout (&odata->ostream, &odata->opage) ;
if (result == 0) break ;
- psf_fwrite (odata->opage.header, 1, odata->opage.header_len, psf) ;
- psf_fwrite (odata->opage.body, 1, odata->opage.body_len, psf) ;
+ ogg_write_page (psf, &odata->opage) ;
/* this could be set above, but for illustrative purposes, I do
it here (to show that vorbis does know where the stream ends) */
@@ -778,8 +776,7 @@ vorbis_write_samples (SF_PRIVATE *psf, O
{ int result = ogg_stream_pageout (&odata->ostream, &odata->opage) ;
if (result == 0)
break ;
- psf_fwrite (odata->opage.header, 1, odata->opage.header_len, psf) ;
- psf_fwrite (odata->opage.body, 1, odata->opage.body_len, psf) ;
+ ogg_write_page (psf, &odata->opage) ;
/* This could be set above, but for illustrative purposes, I do
** it here (to show that vorbis does know where the stream ends) */

362
SOURCES/libsndfile-1.0.31-pullrequest979.patch
Unescape View File

@ -0,0 +1,362 @@
diff -up libsndfile-1.0.28/src/aiff.c.pullrequest979 libsndfile-1.0.28/src/aiff.c
--- libsndfile-1.0.28/src/aiff.c.pullrequest979 2023-11-01 23:49:50.232622966 +0100
+++ libsndfile-1.0.28/src/aiff.c 2023-11-01 23:49:50.246623108 +0100
@@ -1822,7 +1822,7 @@ static int
aiff_read_basc_chunk (SF_PRIVATE * psf, int datasize)
{ const char * type_str ;
basc_CHUNK bc ;
- int count ;
+ sf_count_t count ;
count = psf_binheader_readf (psf, "E442", &bc.version, &bc.numBeats, &bc.rootNote) ;
count += psf_binheader_readf (psf, "E222", &bc.scaleType, &bc.sigNumerator, &bc.sigDenominator) ;
diff -up libsndfile-1.0.28/src/au.c.pullrequest979 libsndfile-1.0.28/src/au.c
--- libsndfile-1.0.28/src/au.c.pullrequest979 2017-04-01 09:18:02.000000000 +0200
+++ libsndfile-1.0.28/src/au.c 2023-11-01 23:49:50.246623108 +0100
@@ -291,6 +291,7 @@ static int
au_read_header (SF_PRIVATE *psf)
{ AU_FMT au_fmt ;
int marker, dword ;
+ sf_count_t data_end ;
memset (&au_fmt, 0, sizeof (au_fmt)) ;
psf_binheader_readf (psf, "pm", 0, &marker) ;
@@ -317,14 +318,15 @@ au_read_header (SF_PRIVATE *psf)
return SFE_AU_EMBED_BAD_LEN ;
} ;
+ data_end = (sf_count_t) au_fmt.dataoffset + (sf_count_t) au_fmt.datasize ;
if (psf->fileoffset > 0)
- { psf->filelength = au_fmt.dataoffset + au_fmt.datasize ;
+ { psf->filelength = data_end ;
psf_log_printf (psf, " Data Size : %d\n", au_fmt.datasize) ;
}
- else if (au_fmt.datasize == -1 || au_fmt.dataoffset + au_fmt.datasize == psf->filelength)
+ else if (au_fmt.datasize == -1 || data_end == psf->filelength)
psf_log_printf (psf, " Data Size : %d\n", au_fmt.datasize) ;
- else if (au_fmt.dataoffset + au_fmt.datasize < psf->filelength)
- { psf->filelength = au_fmt.dataoffset + au_fmt.datasize ;
+ else if (data_end < psf->filelength)
+ { psf->filelength = data_end ;
psf_log_printf (psf, " Data Size : %d\n", au_fmt.datasize) ;
}
else
diff -up libsndfile-1.0.28/src/avr.c.pullrequest979 libsndfile-1.0.28/src/avr.c
--- libsndfile-1.0.28/src/avr.c.pullrequest979 2017-04-01 09:18:02.000000000 +0200
+++ libsndfile-1.0.28/src/avr.c 2023-11-01 23:49:50.246623108 +0100
@@ -164,7 +164,7 @@ avr_read_header (SF_PRIVATE *psf)
psf->endian = SF_ENDIAN_BIG ;
psf->dataoffset = AVR_HDR_SIZE ;
- psf->datalength = hdr.frames * (hdr.rez / 8) ;
+ psf->datalength = (sf_count_t) hdr.frames * (hdr.rez / 8) ;
if (psf->fileoffset > 0)
psf->filelength = AVR_HDR_SIZE + psf->datalength ;
diff -up libsndfile-1.0.28/src/common.c.pullrequest979 libsndfile-1.0.28/src/common.c
--- libsndfile-1.0.28/src/common.c.pullrequest979 2023-11-01 23:49:50.237623017 +0100
+++ libsndfile-1.0.28/src/common.c 2023-11-01 23:50:00.446727012 +0100
@@ -18,6 +18,7 @@
#include <config.h>
+#include <limits.h>
#include <stdarg.h>
#include <string.h>
#if HAVE_UNISTD_H
@@ -975,6 +976,7 @@ psf_binheader_readf (SF_PRIVATE *psf, ch
double *doubleptr ;
char c ;
int byte_count = 0, count = 0 ;
+ int read_bytes = 0 ;
if (! format)
return psf_ftell (psf) ;
@@ -983,6 +985,7 @@ psf_binheader_readf (SF_PRIVATE *psf, ch
while ((c = *format++))
{
+ read_bytes = 0 ;
if (psf->header.indx + 16 >= psf->header.len && psf_bump_header_allocation (psf, 16))
{
va_end (argptr) ;
@@ -1002,7 +1005,7 @@ psf_binheader_readf (SF_PRIVATE *psf, ch
intptr = va_arg (argptr, unsigned int*) ;
*intptr = 0 ;
ucptr = (unsigned char*) intptr ;
- byte_count += header_read (psf, ucptr, sizeof (int)) ;
+ read_bytes = header_read (psf, ucptr, sizeof (int)) ;
*intptr = GET_MARKER (ucptr) ;
break ;
@@ -1010,7 +1013,7 @@ psf_binheader_readf (SF_PRIVATE *psf, ch
intptr = va_arg (argptr, unsigned int*) ;
*intptr = 0 ;
ucptr = (unsigned char*) intptr ;
- byte_count += header_read (psf, sixteen_bytes, sizeof (sixteen_bytes)) ;
+ read_bytes = header_read (psf, sixteen_bytes, sizeof (sixteen_bytes)) ;
{ int k ;
intdata = 0 ;
for (k = 0 ; k < 16 ; k++)
@@ -1022,14 +1025,14 @@ psf_binheader_readf (SF_PRIVATE *psf, ch
case '1' :
charptr = va_arg (argptr, char*) ;
*charptr = 0 ;
- byte_count += header_read (psf, charptr, sizeof (char)) ;
+ read_bytes = header_read (psf, charptr, sizeof (char)) ;
break ;
case '2' : /* 2 byte value with the current endian-ness */
shortptr = va_arg (argptr, unsigned short*) ;
*shortptr = 0 ;
ucptr = (unsigned char*) shortptr ;
- byte_count += header_read (psf, ucptr, sizeof (short)) ;
+ read_bytes = header_read (psf, ucptr, sizeof (short)) ;
if (psf->rwf_endian == SF_ENDIAN_BIG)
*shortptr = GET_BE_SHORT (ucptr) ;
else
@@ -1039,7 +1042,7 @@ psf_binheader_readf (SF_PRIVATE *psf, ch
case '3' : /* 3 byte value with the current endian-ness */
intptr = va_arg (argptr, unsigned int*) ;
*intptr = 0 ;
- byte_count += header_read (psf, sixteen_bytes, 3) ;
+ read_bytes = header_read (psf, sixteen_bytes, 3) ;
if (psf->rwf_endian == SF_ENDIAN_BIG)
*intptr = GET_BE_3BYTE (sixteen_bytes) ;
else
@@ -1050,7 +1053,7 @@ psf_binheader_readf (SF_PRIVATE *psf, ch
intptr = va_arg (argptr, unsigned int*) ;
*intptr = 0 ;
ucptr = (unsigned char*) intptr ;
- byte_count += header_read (psf, ucptr, sizeof (int)) ;
+ read_bytes = header_read (psf, ucptr, sizeof (int)) ;
if (psf->rwf_endian == SF_ENDIAN_BIG)
*intptr = psf_get_be32 (ucptr, 0) ;
else
@@ -1060,7 +1063,7 @@ psf_binheader_readf (SF_PRIVATE *psf, ch
case '8' : /* 8 byte value with the current endian-ness */
countptr = va_arg (argptr, sf_count_t *) ;
*countptr = 0 ;
- byte_count += header_read (psf, sixteen_bytes, 8) ;
+ read_bytes = header_read (psf, sixteen_bytes, 8) ;
if (psf->rwf_endian == SF_ENDIAN_BIG)
countdata = psf_get_be64 (sixteen_bytes, 0) ;
else
@@ -1071,7 +1074,7 @@ psf_binheader_readf (SF_PRIVATE *psf, ch
case 'f' : /* Float conversion */
floatptr = va_arg (argptr, float *) ;
*floatptr = 0.0 ;
- byte_count += header_read (psf, floatptr, sizeof (float)) ;
+ read_bytes = header_read (psf, floatptr, sizeof (float)) ;
if (psf->rwf_endian == SF_ENDIAN_BIG)
*floatptr = float32_be_read ((unsigned char*) floatptr) ;
else
@@ -1081,7 +1084,7 @@ psf_binheader_readf (SF_PRIVATE *psf, ch
case 'd' : /* double conversion */
doubleptr = va_arg (argptr, double *) ;
*doubleptr = 0.0 ;
- byte_count += header_read (psf, doubleptr, sizeof (double)) ;
+ read_bytes = header_read (psf, doubleptr, sizeof (double)) ;
if (psf->rwf_endian == SF_ENDIAN_BIG)
*doubleptr = double64_be_read ((unsigned char*) doubleptr) ;
else
@@ -1105,7 +1108,7 @@ psf_binheader_readf (SF_PRIVATE *psf, ch
charptr = va_arg (argptr, char*) ;
count = va_arg (argptr, size_t) ;
memset (charptr, 0, count) ;
- byte_count += header_read (psf, charptr, count) ;
+ read_bytes = header_read (psf, charptr, count) ;
break ;
case 'G' :
@@ -1119,7 +1122,7 @@ psf_binheader_readf (SF_PRIVATE *psf, ch
return count ;
} ;
- byte_count += header_gets (psf, charptr, count) ;
+ read_bytes = header_gets (psf, charptr, count) ;
break ;
case 'z' :
@@ -1143,7 +1146,7 @@ psf_binheader_readf (SF_PRIVATE *psf, ch
case 'j' : /* Seek to position from current position. */
count = va_arg (argptr, size_t) ;
header_seek (psf, count, SEEK_CUR) ;
- byte_count += count ;
+ read_bytes = count ;
break ;
default :
@@ -1151,8 +1154,17 @@ psf_binheader_readf (SF_PRIVATE *psf, ch
psf->error = SFE_INTERNAL ;
break ;
} ;
+
+ if (read_bytes > 0 && byte_count > (INT_MAX - read_bytes))
+ { psf_log_printf (psf, "Header size exceeds INT_MAX. Aborting.", c) ;
+ psf->error = SFE_INTERNAL ;
+ break ;
+ } else
+ { byte_count += read_bytes ;
} ;
+ } ; /*end while*/
+
va_end (argptr) ;
return byte_count ;
diff -up libsndfile-1.0.28/src/common.h.pullrequest979 libsndfile-1.0.28/src/common.h
--- libsndfile-1.0.28/src/common.h.pullrequest979 2023-11-01 23:49:50.230622945 +0100
+++ libsndfile-1.0.28/src/common.h 2023-11-01 23:49:50.246623108 +0100
@@ -467,7 +467,7 @@ typedef struct sf_private_tag
sf_count_t datalength ; /* Length in bytes of the audio data. */
sf_count_t dataend ; /* Offset to file tailer. */
- int blockwidth ; /* Size in bytes of one set of interleaved samples. */
+ sf_count_t blockwidth ; /* Size in bytes of one set of interleaved samples. */
int bytewidth ; /* Size in bytes of one sample (one channel). */
void *dither ;
diff -up libsndfile-1.0.28/src/ima_adpcm.c.pullrequest979 libsndfile-1.0.28/src/ima_adpcm.c
--- libsndfile-1.0.28/src/ima_adpcm.c.pullrequest979 2016-09-10 10:08:27.000000000 +0200
+++ libsndfile-1.0.28/src/ima_adpcm.c 2023-11-01 23:49:50.247623119 +0100
@@ -233,7 +233,7 @@ ima_reader_init (SF_PRIVATE *psf, int bl
case SF_FORMAT_AIFF :
psf_log_printf (psf, "still need to check block count\n") ;
pima->decode_block = aiff_ima_decode_block ;
- psf->sf.frames = pima->samplesperblock * pima->blocks / pima->channels ;
+ psf->sf.frames = (sf_count_t) pima->samplesperblock * pima->blocks / pima->channels ;
break ;
default :
diff -up libsndfile-1.0.28/src/ircam.c.pullrequest979 libsndfile-1.0.28/src/ircam.c
--- libsndfile-1.0.28/src/ircam.c.pullrequest979 2017-04-01 09:18:02.000000000 +0200
+++ libsndfile-1.0.28/src/ircam.c 2023-11-01 23:49:50.247623119 +0100
@@ -171,35 +171,35 @@ ircam_read_header (SF_PRIVATE *psf)
switch (encoding)
{ case IRCAM_PCM_16 :
psf->bytewidth = 2 ;
- psf->blockwidth = psf->sf.channels * psf->bytewidth ;
+ psf->blockwidth = (sf_count_t) psf->sf.channels * psf->bytewidth ;
psf->sf.format = SF_FORMAT_IRCAM | SF_FORMAT_PCM_16 ;
break ;
case IRCAM_PCM_32 :
psf->bytewidth = 4 ;
- psf->blockwidth = psf->sf.channels * psf->bytewidth ;
+ psf->blockwidth = (sf_count_t) psf->sf.channels * psf->bytewidth ;
psf->sf.format = SF_FORMAT_IRCAM | SF_FORMAT_PCM_32 ;
break ;
case IRCAM_FLOAT :
psf->bytewidth = 4 ;
- psf->blockwidth = psf->sf.channels * psf->bytewidth ;
+ psf->blockwidth = (sf_count_t) psf->sf.channels * psf->bytewidth ;
psf->sf.format = SF_FORMAT_IRCAM | SF_FORMAT_FLOAT ;
break ;
case IRCAM_ALAW :
psf->bytewidth = 1 ;
- psf->blockwidth = psf->sf.channels * psf->bytewidth ;
+ psf->blockwidth = (sf_count_t) psf->sf.channels * psf->bytewidth ;
psf->sf.format = SF_FORMAT_IRCAM | SF_FORMAT_ALAW ;
break ;
case IRCAM_ULAW :
psf->bytewidth = 1 ;
- psf->blockwidth = psf->sf.channels * psf->bytewidth ;
+ psf->blockwidth = (sf_count_t) psf->sf.channels * psf->bytewidth ;
psf->sf.format = SF_FORMAT_IRCAM | SF_FORMAT_ULAW ;
break ;
diff -up libsndfile-1.0.28/src/mat4.c.pullrequest979 libsndfile-1.0.28/src/mat4.c
--- libsndfile-1.0.28/src/mat4.c.pullrequest979 2017-04-01 09:18:02.000000000 +0200
+++ libsndfile-1.0.28/src/mat4.c 2023-11-01 23:49:50.247623119 +0100
@@ -104,7 +104,7 @@ mat4_open (SF_PRIVATE *psf)
psf->container_close = mat4_close ;
- psf->blockwidth = psf->bytewidth * psf->sf.channels ;
+ psf->blockwidth = (sf_count_t) psf->bytewidth * psf->sf.channels ;
switch (subformat)
{ case SF_FORMAT_PCM_16 :
@@ -320,7 +320,7 @@ mat4_read_header (SF_PRIVATE *psf)
psf->filelength - psf->dataoffset, psf->sf.channels * psf->sf.frames * psf->bytewidth) ;
}
else if ((psf->filelength - psf->dataoffset) > psf->sf.channels * psf->sf.frames * psf->bytewidth)
- psf->dataend = psf->dataoffset + rows * cols * psf->bytewidth ;
+ psf->dataend = psf->dataoffset + (sf_count_t) rows * (sf_count_t) cols * psf->bytewidth ;
psf->datalength = psf->filelength - psf->dataoffset - psf->dataend ;
diff -up libsndfile-1.0.28/src/mat5.c.pullrequest979 libsndfile-1.0.28/src/mat5.c
--- libsndfile-1.0.28/src/mat5.c.pullrequest979 2017-04-01 09:18:02.000000000 +0200
+++ libsndfile-1.0.28/src/mat5.c 2023-11-01 23:49:50.247623119 +0100
@@ -114,7 +114,7 @@ mat5_open (SF_PRIVATE *psf)
psf->container_close = mat5_close ;
- psf->blockwidth = psf->bytewidth * psf->sf.channels ;
+ psf->blockwidth = (sf_count_t) psf->bytewidth * psf->sf.channels ;
switch (subformat)
{ case SF_FORMAT_PCM_U8 :
diff -up libsndfile-1.0.28/src/pcm.c.pullrequest979 libsndfile-1.0.28/src/pcm.c
--- libsndfile-1.0.28/src/pcm.c.pullrequest979 2017-04-02 08:33:16.000000000 +0200
+++ libsndfile-1.0.28/src/pcm.c 2023-11-01 23:49:50.247623119 +0100
@@ -125,7 +125,7 @@ pcm_init (SF_PRIVATE *psf)
return SFE_INTERNAL ;
} ;
- psf->blockwidth = psf->bytewidth * psf->sf.channels ;
+ psf->blockwidth = (sf_count_t) psf->bytewidth * psf->sf.channels ;
if ((SF_CODEC (psf->sf.format)) == SF_FORMAT_PCM_S8)
chars = SF_CHARS_SIGNED ;
diff -up libsndfile-1.0.28/src/rf64.c.pullrequest979 libsndfile-1.0.28/src/rf64.c
--- libsndfile-1.0.28/src/rf64.c.pullrequest979 2023-11-01 23:49:50.229622935 +0100
+++ libsndfile-1.0.28/src/rf64.c 2023-11-01 23:49:50.248623129 +0100
@@ -242,7 +242,7 @@ rf64_read_header (SF_PRIVATE *psf, int *
} ;
} ;
- if (psf->filelength != riff_size + 8)
+ if (psf->filelength - 8 != riff_size)
psf_log_printf (psf, " Riff size : %D (should be %D)\n", riff_size, psf->filelength - 8) ;
else
psf_log_printf (psf, " Riff size : %D\n", riff_size) ;
diff -up libsndfile-1.0.28/src/sds.c.pullrequest979 libsndfile-1.0.28/src/sds.c
--- libsndfile-1.0.28/src/sds.c.pullrequest979 2017-04-01 09:18:02.000000000 +0200
+++ libsndfile-1.0.28/src/sds.c 2023-11-01 23:49:50.248623129 +0100
@@ -454,7 +454,7 @@ sds_2byte_read (SF_PRIVATE *psf, SDS_PRI
ucptr = psds->read_data + 5 ;
for (k = 0 ; k < 120 ; k += 2)
- { sample = arith_shift_left (ucptr [k], 25) + arith_shift_left (ucptr [k + 1], 18) ;
+ { sample = arith_shift_left (ucptr [k], 25) | arith_shift_left (ucptr [k + 1], 18) ;
psds->read_samples [k / 2] = (int) (sample - 0x80000000) ;
} ;
@@ -498,7 +498,7 @@ sds_3byte_read (SF_PRIVATE *psf, SDS_PRI
ucptr = psds->read_data + 5 ;
for (k = 0 ; k < 120 ; k += 3)
- { sample = (((uint32_t) ucptr [k]) << 25) + (ucptr [k + 1] << 18) + (ucptr [k + 2] << 11) ;
+ { sample = (((uint32_t) ucptr [k]) << 25) | (ucptr [k + 1] << 18) | (ucptr [k + 2] << 11) ;
psds->read_samples [k / 3] = (int) (sample - 0x80000000) ;
} ;
@@ -542,7 +542,7 @@ sds_4byte_read (SF_PRIVATE *psf, SDS_PRI
ucptr = psds->read_data + 5 ;
for (k = 0 ; k < 120 ; k += 4)
- { sample = (((uint32_t) ucptr [k]) << 25) + (ucptr [k + 1] << 18) + (ucptr [k + 2] << 11) + (ucptr [k + 3] << 4) ;
+ { sample = (((uint32_t) ucptr [k]) << 25) | (ucptr [k + 1] << 18) | (ucptr [k + 2] << 11) | (ucptr [k + 3] << 4) ;
psds->read_samples [k / 4] = (int) (sample - 0x80000000) ;
} ;

324
SOURCES/libsndfile-1.2.2-cve-2024-50612.patch
Unescape View File

@ -0,0 +1,324 @@
diff -up libsndfile-1.0.28/src/ogg.c.cve-2024-50612 libsndfile-1.0.28/src/ogg.c
--- libsndfile-1.0.28/src/ogg.c.cve-2024-50612 2024-11-25 23:52:41.158759323 +0100
+++ libsndfile-1.0.28/src/ogg.c 2024-11-25 23:53:45.520411291 +0100
@@ -46,12 +46,16 @@ static int ogg_page_classify (SF_PRIVATE
int
ogg_write_page (SF_PRIVATE *psf, ogg_page *page)
-{ int bytes ;
+{ int n ;
- bytes = psf_fwrite (page->header, 1, page->header_len, psf) ;
- bytes += psf_fwrite (page->body, 1, page->body_len, psf) ;
+ n = psf_fwrite (page->header, 1, page->header_len, psf) ;
+ if (n == page->header_len)
+ n += psf_fwrite (page->body, 1, page->body_len, psf) ;
- return bytes == page->header_len + page->body_len ;
+ if (n != page->body_len + page->header_len)
+ return -1 ;
+
+ return n ;
} /* ogg_write_page */
int
diff -up libsndfile-1.0.28/src/ogg_vorbis.c.cve-2024-50612 libsndfile-1.0.28/src/ogg_vorbis.c
--- libsndfile-1.0.28/src/ogg_vorbis.c.cve-2024-50612 2024-11-25 23:52:41.156759303 +0100
+++ libsndfile-1.0.28/src/ogg_vorbis.c 2024-11-26 00:01:45.724339005 +0100
@@ -76,25 +76,6 @@
#include "ogg.h"
-typedef int convert_func (SF_PRIVATE *psf, int, void *, int, int, float **) ;
-
-static int vorbis_read_header (SF_PRIVATE *psf, int log_data) ;
-static int vorbis_write_header (SF_PRIVATE *psf, int calc_length) ;
-static int vorbis_close (SF_PRIVATE *psf) ;
-static int vorbis_command (SF_PRIVATE *psf, int command, void *data, int datasize) ;
-static int vorbis_byterate (SF_PRIVATE *psf) ;
-static sf_count_t vorbis_seek (SF_PRIVATE *psf, int mode, sf_count_t offset) ;
-static sf_count_t vorbis_read_s (SF_PRIVATE *psf, short *ptr, sf_count_t len) ;
-static sf_count_t vorbis_read_i (SF_PRIVATE *psf, int *ptr, sf_count_t len) ;
-static sf_count_t vorbis_read_f (SF_PRIVATE *psf, float *ptr, sf_count_t len) ;
-static sf_count_t vorbis_read_d (SF_PRIVATE *psf, double *ptr, sf_count_t len) ;
-static sf_count_t vorbis_write_s (SF_PRIVATE *psf, const short *ptr, sf_count_t len) ;
-static sf_count_t vorbis_write_i (SF_PRIVATE *psf, const int *ptr, sf_count_t len) ;
-static sf_count_t vorbis_write_f (SF_PRIVATE *psf, const float *ptr, sf_count_t len) ;
-static sf_count_t vorbis_write_d (SF_PRIVATE *psf, const double *ptr, sf_count_t len) ;
-static sf_count_t vorbis_read_sample (SF_PRIVATE *psf, void *ptr, sf_count_t lens, convert_func *transfn) ;
-static sf_count_t vorbis_length (SF_PRIVATE *psf) ;
-
typedef struct
{ int id ;
const char *name ;
@@ -129,6 +110,42 @@ typedef struct
double quality ;
} VORBIS_PRIVATE ;
+typedef int convert_func (SF_PRIVATE *psf, int, void *, int, int, float **) ;
+
+static int vorbis_read_header (SF_PRIVATE *psf, int log_data) ;
+static int vorbis_write_header (SF_PRIVATE *psf, int calc_length) ;
+static int vorbis_close (SF_PRIVATE *psf) ;
+static int vorbis_command (SF_PRIVATE *psf, int command, void *data, int datasize) ;
+static int vorbis_byterate (SF_PRIVATE *psf) ;
+static sf_count_t vorbis_seek (SF_PRIVATE *psf, int mode, sf_count_t offset) ;
+static sf_count_t vorbis_read_s (SF_PRIVATE *psf, short *ptr, sf_count_t len) ;
+static sf_count_t vorbis_read_i (SF_PRIVATE *psf, int *ptr, sf_count_t len) ;
+static sf_count_t vorbis_read_f (SF_PRIVATE *psf, float *ptr, sf_count_t len) ;
+static sf_count_t vorbis_read_d (SF_PRIVATE *psf, double *ptr, sf_count_t len) ;
+static sf_count_t vorbis_write_s (SF_PRIVATE *psf, const short *ptr, sf_count_t len) ;
+static sf_count_t vorbis_write_i (SF_PRIVATE *psf, const int *ptr, sf_count_t len) ;
+static sf_count_t vorbis_write_f (SF_PRIVATE *psf, const float *ptr, sf_count_t len) ;
+static sf_count_t vorbis_write_d (SF_PRIVATE *psf, const double *ptr, sf_count_t len) ;
+static sf_count_t vorbis_read_sample (SF_PRIVATE *psf, void *ptr, sf_count_t lens, convert_func *transfn) ;
+static sf_count_t vorbis_length (SF_PRIVATE *psf) ;
+static int vorbis_write_samples (SF_PRIVATE *psf, OGG_PRIVATE *odata, VORBIS_PRIVATE *vdata, int in_frames) ;
+static void vorbis_log_error (SF_PRIVATE *psf, int error) ;
+
+
+static void
+vorbis_log_error(SF_PRIVATE *psf, int error) {
+ switch (error)
+ { case 0: return;
+ case OV_EIMPL: psf->error = SFE_UNIMPLEMENTED ; break ;
+ case OV_ENOTVORBIS: psf->error = SFE_MALFORMED_FILE ; break ;
+ case OV_EBADHEADER: psf->error = SFE_MALFORMED_FILE ; break ;
+ case OV_EVERSION: psf->error = SFE_UNSUPPORTED_ENCODING ; break ;
+ case OV_EFAULT:
+ case OV_EINVAL:
+ default: psf->error = SFE_INTERNAL ;
+ } ;
+} ;
+
static int
vorbis_read_header (SF_PRIVATE *psf, int log_data)
{
@@ -412,7 +429,6 @@ vorbis_write_header (SF_PRIVATE *psf, in
{ ogg_packet header ;
ogg_packet header_comm ;
ogg_packet header_code ;
- int result ;
vorbis_analysis_headerout (&vdata->vdsp, &vdata->vcomment, &header, &header_comm, &header_code) ;
ogg_stream_packetin (&odata->ostream, &header) ; /* automatically placed in its own page */
@@ -422,9 +438,9 @@ vorbis_write_header (SF_PRIVATE *psf, in
/* This ensures the actual
* audio data will start on a new page, as per spec
*/
- while ((result = ogg_stream_flush (&odata->ostream, &odata->opage)) != 0)
- { ogg_write_page (psf, &odata->opage) ;
- } ;
+ while (ogg_stream_flush (&odata->ostream, &odata->opage))
+ if (ogg_write_page (psf, &odata->opage) < 0)
+ return -1 ;
}
return 0 ;
@@ -434,6 +450,7 @@ static int
vorbis_close (SF_PRIVATE *psf)
{ OGG_PRIVATE* odata = psf->container_data ;
VORBIS_PRIVATE *vdata = psf->codec_data ;
+ int ret = 0 ;
if (odata == NULL || vdata == NULL)
return 0 ;
@@ -444,34 +461,14 @@ vorbis_close (SF_PRIVATE *psf)
if (psf->file.mode == SFM_WRITE)
{
if (psf->write_current <= 0)
- vorbis_write_header (psf, 0) ;
-
- vorbis_analysis_wrote (&vdata->vdsp, 0) ;
- while (vorbis_analysis_blockout (&vdata->vdsp, &vdata->vblock) == 1)
- {
+ ret = vorbis_write_header (psf, 0) ;
- /* analysis, assume we want to use bitrate management */
- vorbis_analysis (&vdata->vblock, NULL) ;
- vorbis_bitrate_addblock (&vdata->vblock) ;
-
- while (vorbis_bitrate_flushpacket (&vdata->vdsp, &odata->opacket))
- { /* weld the packet into the bitstream */
- ogg_stream_packetin (&odata->ostream, &odata->opacket) ;
-
- /* write out pages (if any) */
- while (!odata->eos)
- { int result = ogg_stream_pageout (&odata->ostream, &odata->opage) ;
- if (result == 0) break ;
- ogg_write_page (psf, &odata->opage) ;
-
- /* this could be set above, but for illustrative purposes, I do
- it here (to show that vorbis does know where the stream ends) */
-
- if (ogg_page_eos (&odata->opage)) odata->eos = 1 ;
- }
- }
- }
- }
+ if (ret == 0)
+ { /* A write of zero samples tells Vorbis the stream is done and to
+ flush. */
+ ret = vorbis_write_samples (psf, odata, vdata, 0) ;
+ } ;
+ } ;
/* ogg_page and ogg_packet structs always point to storage in
libvorbis. They are never freed or manipulated directly */
@@ -481,7 +478,7 @@ vorbis_close (SF_PRIVATE *psf)
vorbis_comment_clear (&vdata->vcomment) ;
vorbis_info_clear (&vdata->vinfo) ;
- return 0 ;
+ return ret ;
} /* vorbis_close */
int
@@ -750,33 +747,40 @@ vorbis_read_d (SF_PRIVATE *psf, double *
/*==============================================================================
*/
-static void
+static int
vorbis_write_samples (SF_PRIVATE *psf, OGG_PRIVATE *odata, VORBIS_PRIVATE *vdata, int in_frames)
-{
- vorbis_analysis_wrote (&vdata->vdsp, in_frames) ;
+{ int ret ;
+
+ if ((ret = vorbis_analysis_wrote (&vdata->vdsp, in_frames)) != 0)
+ return ret ;
/*
** Vorbis does some data preanalysis, then divvies up blocks for
** more involved (potentially parallel) processing. Get a single
** block for encoding now.
*/
- while (vorbis_analysis_blockout (&vdata->vdsp, &vdata->vblock) == 1)
+ while ((ret = vorbis_analysis_blockout (&vdata->vdsp, &vdata->vblock)) == 1)
{
/* analysis, assume we want to use bitrate management */
- vorbis_analysis (&vdata->vblock, NULL) ;
- vorbis_bitrate_addblock (&vdata->vblock) ;
+ if ((ret = vorbis_analysis (&vdata->vblock, NULL)) != 0)
+ return ret ;
+ if ((ret = vorbis_bitrate_addblock (&vdata->vblock)) != 0)
+ return ret ;
- while (vorbis_bitrate_flushpacket (&vdata->vdsp, &odata->opacket))
+ while ((ret = vorbis_bitrate_flushpacket (&vdata->vdsp, &odata->opacket)) == 1)
{
/* weld the packet into the bitstream */
- ogg_stream_packetin (&odata->ostream, &odata->opacket) ;
+ if ((ret = ogg_stream_packetin (&odata->ostream, &odata->opacket)) != 0)
+ return ret ;
/* write out pages (if any) */
while (!odata->eos)
- { int result = ogg_stream_pageout (&odata->ostream, &odata->opage) ;
- if (result == 0)
+ { ret = ogg_stream_pageout (&odata->ostream, &odata->opage) ;
+ if (ret == 0)
break ;
- ogg_write_page (psf, &odata->opage) ;
+
+ if (ogg_write_page (psf, &odata->opage) < 0)
+ return -1 ;
/* This could be set above, but for illustrative purposes, I do
** it here (to show that vorbis does know where the stream ends) */
@@ -784,16 +788,22 @@ vorbis_write_samples (SF_PRIVATE *psf, O
odata->eos = 1 ;
} ;
} ;
+ if (ret != 0)
+ return ret ;
} ;
+ if (ret != 0)
+ return ret ;
vdata->loc += in_frames ;
+
+ return 0 ;
} /* vorbis_write_data */
static sf_count_t
vorbis_write_s (SF_PRIVATE *psf, const short *ptr, sf_count_t lens)
{
- int i, m, j = 0 ;
+ int i, m, j = 0, ret ;
OGG_PRIVATE *odata = (OGG_PRIVATE *) psf->container_data ;
VORBIS_PRIVATE *vdata = (VORBIS_PRIVATE *) psf->codec_data ;
int in_frames = lens / psf->sf.channels ;
@@ -802,14 +812,17 @@ vorbis_write_s (SF_PRIVATE *psf, const s
for (m = 0 ; m < psf->sf.channels ; m++)
buffer [m][i] = (float) (ptr [j++]) / 32767.0f ;
- vorbis_write_samples (psf, odata, vdata, in_frames) ;
+ if ((ret = vorbis_write_samples (psf, odata, vdata, in_frames)))
+ { vorbis_log_error (psf, ret) ;
+ return 0 ;
+ } ;
return lens ;
} /* vorbis_write_s */
static sf_count_t
vorbis_write_i (SF_PRIVATE *psf, const int *ptr, sf_count_t lens)
-{ int i, m, j = 0 ;
+{ int i, m, j = 0, ret ;
OGG_PRIVATE *odata = (OGG_PRIVATE *) psf->container_data ;
VORBIS_PRIVATE *vdata = (VORBIS_PRIVATE *) psf->codec_data ;
int in_frames = lens / psf->sf.channels ;
@@ -818,14 +831,17 @@ vorbis_write_i (SF_PRIVATE *psf, const i
for (m = 0 ; m < psf->sf.channels ; m++)
buffer [m][i] = (float) (ptr [j++]) / 2147483647.0f ;
- vorbis_write_samples (psf, odata, vdata, in_frames) ;
+ if ((ret = vorbis_write_samples (psf, odata, vdata, in_frames)))
+ { vorbis_log_error (psf, ret) ;
+ return 0 ;
+ } ;
return lens ;
} /* vorbis_write_i */
static sf_count_t
vorbis_write_f (SF_PRIVATE *psf, const float *ptr, sf_count_t lens)
-{ int i, m, j = 0 ;
+{ int i, m, j = 0, ret ;
OGG_PRIVATE *odata = (OGG_PRIVATE *) psf->container_data ;
VORBIS_PRIVATE *vdata = (VORBIS_PRIVATE *) psf->codec_data ;
int in_frames = lens / psf->sf.channels ;
@@ -834,14 +850,17 @@ vorbis_write_f (SF_PRIVATE *psf, const f
for (m = 0 ; m < psf->sf.channels ; m++)
buffer [m][i] = ptr [j++] ;
- vorbis_write_samples (psf, odata, vdata, in_frames) ;
+ if ((ret = vorbis_write_samples (psf, odata, vdata, in_frames)) != 0)
+ { vorbis_log_error (psf, ret) ;
+ return 0 ;
+ } ;
return lens ;
} /* vorbis_write_f */
static sf_count_t
vorbis_write_d (SF_PRIVATE *psf, const double *ptr, sf_count_t lens)
-{ int i, m, j = 0 ;
+{ int i, m, j = 0, ret ;
OGG_PRIVATE *odata = (OGG_PRIVATE *) psf->container_data ;
VORBIS_PRIVATE *vdata = (VORBIS_PRIVATE *) psf->codec_data ;
int in_frames = lens / psf->sf.channels ;
@@ -850,7 +869,10 @@ vorbis_write_d (SF_PRIVATE *psf, const d
for (m = 0 ; m < psf->sf.channels ; m++)
buffer [m][i] = (float) ptr [j++] ;
- vorbis_write_samples (psf, odata, vdata, in_frames) ;
+ if ((ret = vorbis_write_samples (psf, odata, vdata, in_frames)) != 0)
+ { vorbis_log_error (psf, ret) ;
+ return 0 ;
+ } ;
return lens ;
} /* vorbis_write_d */

43
SPECS/libsndfile.spec
Unescape View File

@ -1,7 +1,7 @@
Summary: Library for reading and writing sound files
Name: libsndfile
Version: 1.0.28
Release: 13%{?dist}
Release: 16%{?dist}
License: LGPLv2+ and GPLv2+ and BSD
Group: System Environment/Libraries
URL: http://www.mega-nerd.com/libsndfile/
@ -21,6 +21,11 @@ Patch9: libsndfile-1.0.28-cve_2018_19662.patch
# from upstream, for <= 1.0.31, rhbz#1985028
Patch10: libsndfile-1.0.31-deb669ee.patch
Patch11: libsndfile-1.0.31-ced91d7b.patch
# from upstream, fix #RHEL-3750, for <= 1.2.2
Patch12: libsndfile-1.0.31-pullrequest979.patch
# from upstream, for <= 1.2.2, #RHEL-65095
Patch13: libsndfile-1.0.28-cve-2024-50612prereq.patch
Patch14: libsndfile-1.2.2-cve-2024-50612.patch
BuildRequires: alsa-lib-devel
BuildRequires: flac-devel
BuildRequires: libogg-devel
@ -65,18 +70,21 @@ This package contains command line utilities for libsndfile.
%prep
%setup -q
%patch0 -p1 -b .systemgsm
%patch1 -p1 -b .zerodivfix
%patch2 -p1 -b .revert
%patch3 -p1 -b .flacbufovfl
%patch4 -p1 -b .cve2017_6892
%patch5 -p1 -b .cve2017_12562
%patch6 -p1 -b .fixfree
%patch7 -p1 -b .vafix
%patch8 -p1 -b .CVE_2018_13139
%patch9 -p1 -b .cve_2018_19662
%patch10 -p1 -b .deb669ee
%patch11 -p1 -b .ced91d7b
%patch -P 0 -p1 -b .systemgsm
%patch -P 1 -p1 -b .zerodivfix
%patch -P 2 -p1 -b .revert
%patch -P 3 -p1 -b .flacbufovfl
%patch -P 4 -p1 -b .cve2017_6892
%patch -P 5 -p1 -b .cve2017_12562
%patch -P 6 -p1 -b .fixfree
%patch -P 7 -p1 -b .vafix
%patch -P 8 -p1 -b .CVE_2018_13139
%patch -P 9 -p1 -b .cve_2018_19662
%patch -P 10 -p1 -b .deb669ee
%patch -P 11 -p1 -b .ced91d7b
%patch -P 12 -p1 -b .pullrequest979
%patch -P 13 -p1 -b .cve-2024-50612prereq
%patch -P 14 -p1 -b .cve-2024-50612
rm -r src/GSM610
%build
@ -172,6 +180,15 @@ LD_LIBRARY_PATH=$PWD/src/.libs make check
%changelog
* Tue Nov 26 2024 Michal Hlavinka <mhlavink@redhat.com> - 1.0.28-16
- fix prerequisit patch (#RHEL-65093)
* Wed Nov 20 2024 Michal Hlavinka <mhlavink@redhat.com> - 1.0.28-15
- fix crash in ogg vorbis (#RHEL-65093) (CVE-2024-50612)
* Wed Nov 01 2023 Michal Hlavinka <mhlavink@redhat.com> - 1.0.28-14
- fix integer overflows causing CVE-2022-33065 (#RHEL-3750)
* Fri Oct 14 2022 Michal Hlavinka <mhlavink@redhat.com> - 1.0.28-13
- rebuild (#2118285)

Write Preview
Loading…
Cancel
Save