rpms
/
libsndfile
20
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

merge into: rpms:c9
Branches Tags
rpms:i9c
rpms:c9
rpms:i8c
rpms:c8
rpms:i10cs
rpms:cs10
rpms:i10c-beta
rpms:c10-beta
rpms:i8c-beta
rpms:c8-beta
rpms:i9c-beta
rpms:c9-beta
...
pull from: rpms:c8
Branches Tags
rpms:i9c
rpms:c9
rpms:i8c
rpms:c8
rpms:i10cs
rpms:cs10
rpms:i10c-beta
rpms:c10-beta
rpms:i8c-beta
rpms:c8-beta
rpms:i9c-beta
rpms:c9-beta

No commits in common. 'c9' and 'c8' have entirely different histories.
c9 ... c8

15 changed files with 721 additions and 533 deletions
Show Stats

2
.gitignore vendored
Unescape View File

@ -1 +1 @@
SOURCES/libsndfile-1.0.31.tar.bz2
SOURCES/libsndfile-1.0.28.tar.gz

2
.libsndfile.metadata
Unescape View File

@ -1 +1 @@
f16a88e7223baef7c4497536dc1b55b56811debc SOURCES/libsndfile-1.0.31.tar.bz2
85aa967e19f6b9bf975601d79669025e5f8bc77d SOURCES/libsndfile-1.0.28.tar.gz

125
SOURCES/libsndfile-1.0.25-system-gsm.patch
Unescape View File

@ -1,87 +1,6 @@
diff -up libsndfile-1.0.31/CMakeLists.txt.nobundlegsm libsndfile-1.0.31/CMakeLists.txt
--- libsndfile-1.0.31/CMakeLists.txt.nobundlegsm 2021-01-24 13:22:23.000000000 +0100
+++ libsndfile-1.0.31/CMakeLists.txt 2021-01-27 12:54:51.112184824 +0100
@@ -230,7 +230,6 @@ add_library (sndfile
src/double64.c
src/ima_adpcm.c
src/ms_adpcm.c
- src/gsm610.c
src/dwvw.c
src/vox_adpcm.c
src/interleave.c
@@ -286,23 +285,6 @@ add_library (sndfile
src/ogg_opus.c
src/ogg_vcomment.c
src/nms_adpcm.c
- src/GSM610/config.h
- src/GSM610/gsm.h
- src/GSM610/gsm610_priv.h
- src/GSM610/add.c
- src/GSM610/code.c
- src/GSM610/decode.c
- src/GSM610/gsm_create.c
- src/GSM610/gsm_decode.c
- src/GSM610/gsm_destroy.c
- src/GSM610/gsm_encode.c
- src/GSM610/gsm_option.c
- src/GSM610/long_term.c
- src/GSM610/lpc.c
- src/GSM610/preprocess.c
- src/GSM610/rpe.c
- src/GSM610/short_term.c
- src/GSM610/table.c
src/G72x/g72x.h
src/G72x/g72x_priv.h
src/G72x/g721.c
@@ -349,6 +331,7 @@ target_link_libraries (sndfile
$<$<BOOL:${HAVE_EXTERNAL_XIPH_LIBS}>:FLAC::FLAC>
$<$<AND:$<BOOL:${ENABLE_EXPERIMENTAL}>,$<BOOL:${HAVE_EXTERNAL_XIPH_LIBS}>,$<BOOL:${HAVE_SPEEX}>>:Speex::Speex>
$<$<BOOL:${HAVE_EXTERNAL_XIPH_LIBS}>:Opus::opus>
+ -lgsm
)
set_target_properties (sndfile PROPERTIES
PUBLIC_HEADER "${sndfile_HDRS}"
diff -up libsndfile-1.0.31/Makefile.am.nobundlegsm libsndfile-1.0.31/Makefile.am
--- libsndfile-1.0.31/Makefile.am.nobundlegsm 2021-01-27 12:57:08.819482207 +0100
+++ libsndfile-1.0.31/Makefile.am 2021-01-27 12:57:08.847481859 +0100
@@ -46,7 +46,6 @@ SYMBOL_FILES = src/Symbols.gnu-binutils
EXTRA_DIST += include/sndfile.h.in src/config.h.in src/test_endswap.tpl src/test_endswap.def \
$(SYMBOL_FILES) src/create_symbols_file.py src/binheader_writef_check.py \
- src/GSM610/README src/GSM610/COPYRIGHT src/GSM610/ChangeLog \
src/G72x/README src/G72x/README.original src/G72x/ChangeLog \
src/make-static-lib-hidden-privates.sh \
src/config.h.cmake
@@ -71,7 +70,7 @@ src_libsndfile_la_SOURCES = src/sndfile.
src/ogg_vorbis.c src/ogg_speex.c src/ogg_pcm.c src/ogg_opus.c src/ogg_vcomment.c \
src/common.h src/sfconfig.h src/sfendian.h src/wavlike.h src/sf_unistd.h src/ogg.h src/chanmap.h src/ogg_vcomment.h
nodist_src_libsndfile_la_SOURCES = $(nodist_include_HEADERS)
-src_libsndfile_la_LIBADD = src/GSM610/libgsm.la src/G72x/libg72x.la src/ALAC/libalac.la \
+src_libsndfile_la_LIBADD = -lgsm src/G72x/libg72x.la src/ALAC/libalac.la \
src/libcommon.la $(EXTERNAL_XIPH_LIBS) -lm
EXTRA_src_libsndfile_la_DEPENDENCIES = $(SYMBOL_FILES)
@@ -90,17 +89,6 @@ src_test_main_SOURCES = src/test_main.c
src/test_binheader_writef.c src/test_nms_adpcm.c
src_test_main_LDADD = src/libcommon.la
-##############
-# src/GSM610 #
-##############
-
-noinst_LTLIBRARIES += src/GSM610/libgsm.la
-src_GSM610_libgsm_la_SOURCES = src/GSM610/config.h src/GSM610/gsm.h src/GSM610/gsm610_priv.h \
- src/GSM610/add.c src/GSM610/code.c src/GSM610/decode.c src/GSM610/gsm_create.c \
- src/GSM610/gsm_decode.c src/GSM610/gsm_destroy.c src/GSM610/gsm_encode.c \
- src/GSM610/gsm_option.c src/GSM610/long_term.c src/GSM610/lpc.c src/GSM610/preprocess.c \
- src/GSM610/rpe.c src/GSM610/short_term.c src/GSM610/table.c
-
############
# src/G72x #
############
diff -up libsndfile-1.0.31/src/gsm610.c.nobundlegsm libsndfile-1.0.31/src/gsm610.c
--- libsndfile-1.0.31/src/gsm610.c.nobundlegsm 2021-01-23 17:12:45.000000000 +0100
+++ libsndfile-1.0.31/src/gsm610.c 2021-01-27 12:54:51.112184824 +0100
diff -up libsndfile-1.0.28/src/gsm610.c.systemgsm libsndfile-1.0.28/src/gsm610.c
--- libsndfile-1.0.28/src/gsm610.c.systemgsm 2016-09-10 10:08:27.000000000 +0200
+++ libsndfile-1.0.28/src/gsm610.c 2017-04-11 10:47:40.437162489 +0200
@@ -27,7 +27,7 @@
#include "sfendian.h"
#include "common.h"
@ -96,8 +15,42 @@ diff -up libsndfile-1.0.31/src/gsm610.c.nobundlegsm libsndfile-1.0.31/src/gsm610
pgsm610->blockcount = 0 ;
- gsm_init (pgsm610->gsm_data) ;
+ gsm_destroy (pgsm610->gsm_data) ;
+ pgsm610->gsm_data = gsm_create () ;
+ gsm_destroy (pgsm610->gsm_data) ;
+ pgsm610->gsm_data = gsm_create () ;
if ((SF_CONTAINER (psf->sf.format)) == SF_FORMAT_WAV ||
(SF_CONTAINER (psf->sf.format)) == SF_FORMAT_W64)
gsm_option (pgsm610->gsm_data, GSM_OPT_WAV49, &true_flag) ;
diff -up libsndfile-1.0.28/src/Makefile.am.systemgsm libsndfile-1.0.28/src/Makefile.am
--- libsndfile-1.0.28/src/Makefile.am.systemgsm 2017-04-01 09:18:02.000000000 +0200
+++ libsndfile-1.0.28/src/Makefile.am 2017-04-11 10:48:43.855620172 +0200
@@ -8,7 +8,7 @@ lib_LTLIBRARIES = libsndfile.la
include_HEADERS = sndfile.hh
nodist_include_HEADERS = sndfile.h
-noinst_LTLIBRARIES = GSM610/libgsm.la G72x/libg72x.la ALAC/libalac.la libcommon.la
+noinst_LTLIBRARIES = G72x/libg72x.la ALAC/libalac.la libcommon.la
SYMBOL_FILES = Symbols.gnu-binutils Symbols.darwin libsndfile-1.def Symbols.os2 Symbols.static
@@ -43,7 +43,7 @@ libsndfile_la_CPPFLAGS = -DSNDFILE_EXPOR
libsndfile_la_LDFLAGS = -no-undefined -version-info $(SHARED_VERSION_INFO) $(SHLIB_VERSION_ARG)
libsndfile_la_SOURCES = $(FILESPECIFIC) $(noinst_HEADERS)
nodist_libsndfile_la_SOURCES = $(nodist_include_HEADERS)
-libsndfile_la_LIBADD = GSM610/libgsm.la G72x/libg72x.la ALAC/libalac.la \
+libsndfile_la_LIBADD = -lgsm G72x/libg72x.la ALAC/libalac.la \
libcommon.la $(EXTERNAL_XIPH_LIBS) -lm
EXTRA_libsndfile_la_DEPENDENCIES = $(SYMBOL_FILES)
@@ -58,12 +58,6 @@ libcommon_la_SOURCES = common.c file_io.
#======================================================================
# Subdir libraries.
-GSM610_libgsm_la_SOURCES = GSM610/config.h GSM610/gsm.h GSM610/gsm610_priv.h \
- GSM610/add.c GSM610/code.c GSM610/decode.c GSM610/gsm_create.c \
- GSM610/gsm_decode.c GSM610/gsm_destroy.c GSM610/gsm_encode.c \
- GSM610/gsm_option.c GSM610/long_term.c GSM610/lpc.c GSM610/preprocess.c \
- GSM610/rpe.c GSM610/short_term.c GSM610/table.c
-
G72x_libg72x_la_SOURCES = G72x/g72x.h G72x/g72x_priv.h \
G72x/g721.c G72x/g723_16.c G72x/g723_24.c G72x/g723_40.c G72x/g72x.c

31
SOURCES/libsndfile-1.0.28-CVE_2018_13139.patch
Unescape View File

@ -0,0 +1,31 @@
From df18323c622b54221ee7ace74b177cdcccc152d7 Mon Sep 17 00:00:00 2001
From: "Brett T. Warden" <brett.t.warden@intel.com>
Date: Tue, 28 Aug 2018 12:01:17 -0700
Subject: [PATCH] Check MAX_CHANNELS in sndfile-deinterleave
Allocated buffer has space for only 16 channels. Verify that input file
meets this limit.
Fixes #397
---
programs/sndfile-deinterleave.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/programs/sndfile-deinterleave.c b/programs/sndfile-deinterleave.c
index 53660310..225b4d54 100644
--- a/programs/sndfile-deinterleave.c
+++ b/programs/sndfile-deinterleave.c
@@ -89,6 +89,13 @@ main (int argc, char **argv)
exit (1) ;
} ;
+ if (sfinfo.channels > MAX_CHANNELS)
+ { printf ("\nError : Input file '%s' has too many (%d) channels. Limit is %d.\n",
+ argv [1], sfinfo.channels, MAX_CHANNELS) ;
+ exit (1) ;
+ } ;
+
+
state.channels = sfinfo.channels ;
sfinfo.channels = 1 ;

67
SOURCES/libsndfile-1.0.28-cve-2024-50612prereq.patch
Unescape View File

@ -0,0 +1,67 @@
diff -up libsndfile-1.0.28/src/ogg.c.cve-2024-50612prereq libsndfile-1.0.28/src/ogg.c
--- libsndfile-1.0.28/src/ogg.c.cve-2024-50612prereq 2017-04-01 09:18:02.000000000 +0200
+++ libsndfile-1.0.28/src/ogg.c 2024-11-26 15:06:33.595446443 +0100
@@ -45,6 +45,16 @@ static int ogg_stream_classify (SF_PRIVA
static int ogg_page_classify (SF_PRIVATE * psf, const ogg_page * og) ;
int
+ogg_write_page (SF_PRIVATE *psf, ogg_page *page)
+{ int bytes ;
+
+ bytes = psf_fwrite (page->header, 1, page->header_len, psf) ;
+ bytes += psf_fwrite (page->body, 1, page->body_len, psf) ;
+
+ return bytes == page->header_len + page->body_len ;
+} /* ogg_write_page */
+
+int
ogg_open (SF_PRIVATE *psf)
{ OGG_PRIVATE* odata = calloc (1, sizeof (OGG_PRIVATE)) ;
sf_count_t pos = psf_ftell (psf) ;
diff -up libsndfile-1.0.28/src/ogg.h.cve-2024-50612prereq libsndfile-1.0.28/src/ogg.h
--- libsndfile-1.0.28/src/ogg.h.cve-2024-50612prereq 2024-11-26 15:06:45.023560621 +0100
+++ libsndfile-1.0.28/src/ogg.h 2024-11-26 15:06:57.731687587 +0100
@@ -48,5 +48,10 @@ typedef struct
(buf [base] & 0xff))
+/*
+** Write the whole Ogg page out. Convenience function as the ogg_page struct
+** splits header and body data into separate buffers.
+*/
+int ogg_write_page (SF_PRIVATE *, ogg_page *) ;
#endif /* SF_SRC_OGG_H */
diff -up libsndfile-1.0.28/src/ogg_vorbis.c.cve-2024-50612prereq libsndfile-1.0.28/src/ogg_vorbis.c
--- libsndfile-1.0.28/src/ogg_vorbis.c.cve-2024-50612prereq 2017-04-01 09:18:02.000000000 +0200
+++ libsndfile-1.0.28/src/ogg_vorbis.c 2024-11-26 15:06:33.595446443 +0100
@@ -423,8 +423,7 @@ vorbis_write_header (SF_PRIVATE *psf, in
* audio data will start on a new page, as per spec
*/
while ((result = ogg_stream_flush (&odata->ostream, &odata->opage)) != 0)
- { psf_fwrite (odata->opage.header, 1, odata->opage.header_len, psf) ;
- psf_fwrite (odata->opage.body, 1, odata->opage.body_len, psf) ;
+ { ogg_write_page (psf, &odata->opage) ;
} ;
}
@@ -463,8 +462,7 @@ vorbis_close (SF_PRIVATE *psf)
while (!odata->eos)
{ int result = ogg_stream_pageout (&odata->ostream, &odata->opage) ;
if (result == 0) break ;
- psf_fwrite (odata->opage.header, 1, odata->opage.header_len, psf) ;
- psf_fwrite (odata->opage.body, 1, odata->opage.body_len, psf) ;
+ ogg_write_page (psf, &odata->opage) ;
/* this could be set above, but for illustrative purposes, I do
it here (to show that vorbis does know where the stream ends) */
@@ -778,8 +776,7 @@ vorbis_write_samples (SF_PRIVATE *psf, O
{ int result = ogg_stream_pageout (&odata->ostream, &odata->opage) ;
if (result == 0)
break ;
- psf_fwrite (odata->opage.header, 1, odata->opage.header_len, psf) ;
- psf_fwrite (odata->opage.body, 1, odata->opage.body_len, psf) ;
+ ogg_write_page (psf, &odata->opage) ;
/* This could be set above, but for illustrative purposes, I do
** it here (to show that vorbis does know where the stream ends) */

88
SOURCES/libsndfile-1.0.28-cve2017_12562.patch
Unescape View File

@ -0,0 +1,88 @@
From cf7a8182c2642c50f1cf90dddea9ce96a8bad2e8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rn=20Heusipp?= <osmanx@problemloesungsmaschine.de>
Date: Wed, 14 Jun 2017 12:25:40 +0200
Subject: [PATCH] src/common.c: Fix heap buffer overflows when writing strings
in binheader
Fixes the following problems:
1. Case 's' only enlarges the buffer by 16 bytes instead of size bytes.
2. psf_binheader_writef() enlarges the header buffer (if needed) prior to the
big switch statement by an amount (16 bytes) which is enough for all cases
where only a single value gets added. Cases 's', 'S', 'p' however
additionally write an arbitrary length block of data and again enlarge the
buffer to the required amount. However, the required space calculation does
not take into account the size of the length field which gets output before
the data.
3. Buffer size requirement calculation in case 'S' does not account for the
padding byte ("size += (size & 1) ;" happens after the calculation which
uses "size").
4. Case 'S' can overrun the header buffer by 1 byte when no padding is
involved
("memcpy (&(psf->header.ptr [psf->header.indx]), strptr, size + 1) ;" while
the buffer is only guaranteed to have "size" space available).
5. "psf->header.ptr [psf->header.indx] = 0 ;" in case 'S' always writes 1 byte
beyond the space which is guaranteed to be allocated in the header buffer.
6. Case 's' can overrun the provided source string by 1 byte if padding is
involved ("memcpy (&(psf->header.ptr [psf->header.indx]), strptr, size) ;"
where "size" is "strlen (strptr) + 1" (which includes the 0 terminator,
plus optionally another 1 which is padding and not guaranteed to be
readable via the source string pointer).
Closes: https://github.com/erikd/libsndfile/issues/292
---
src/common.c | 15 +++++++--------
1 file changed, 7 insertions(+), 8 deletions(-)
diff --git a/src/common.c b/src/common.c
index 1a6204ca..6b2a2ee9 100644
--- a/src/common.c
+++ b/src/common.c
@@ -681,16 +681,16 @@ psf_binheader_writef (SF_PRIVATE *psf, const char *format, ...)
/* Write a C string (guaranteed to have a zero terminator). */
strptr = va_arg (argptr, char *) ;
size = strlen (strptr) + 1 ;
- size += (size & 1) ;
- if (psf->header.indx + (sf_count_t) size >= psf->header.len && psf_bump_header_allocation (psf, 16))
+ if (psf->header.indx + 4 + (sf_count_t) size + (sf_count_t) (size & 1) > psf->header.len && psf_bump_header_allocation (psf, 4 + size + (size & 1)))
return count ;
if (psf->rwf_endian == SF_ENDIAN_BIG)
- header_put_be_int (psf, size) ;
+ header_put_be_int (psf, size + (size & 1)) ;
else
- header_put_le_int (psf, size) ;
+ header_put_le_int (psf, size + (size & 1)) ;
memcpy (&(psf->header.ptr [psf->header.indx]), strptr, size) ;
+ size += (size & 1) ;
psf->header.indx += size ;
psf->header.ptr [psf->header.indx - 1] = 0 ;
count += 4 + size ;
@@ -703,16 +703,15 @@ psf_binheader_writef (SF_PRIVATE *psf, const char *format, ...)
*/
strptr = va_arg (argptr, char *) ;
size = strlen (strptr) ;
- if (psf->header.indx + (sf_count_t) size > psf->header.len && psf_bump_header_allocation (psf, size))
+ if (psf->header.indx + 4 + (sf_count_t) size + (sf_count_t) (size & 1) > psf->header.len && psf_bump_header_allocation (psf, 4 + size + (size & 1)))
return count ;
if (psf->rwf_endian == SF_ENDIAN_BIG)
header_put_be_int (psf, size) ;
else
header_put_le_int (psf, size) ;
- memcpy (&(psf->header.ptr [psf->header.indx]), strptr, size + 1) ;
+ memcpy (&(psf->header.ptr [psf->header.indx]), strptr, size + (size & 1)) ;
size += (size & 1) ;
psf->header.indx += size ;
- psf->header.ptr [psf->header.indx] = 0 ;
count += 4 + size ;
break ;
@@ -724,7 +723,7 @@ psf_binheader_writef (SF_PRIVATE *psf, const char *format, ...)
size = (size & 1) ? size : size + 1 ;
size = (size > 254) ? 254 : size ;
- if (psf->header.indx + (sf_count_t) size > psf->header.len && psf_bump_header_allocation (psf, size))
+ if (psf->header.indx + 1 + (sf_count_t) size > psf->header.len && psf_bump_header_allocation (psf, 1 + size))
return count ;
header_put_byte (psf, size) ;

91
SOURCES/libsndfile-1.0.28-cve_2018_19662.patch
Unescape View File

@ -0,0 +1,91 @@
From 585cc28a93be27d6938f276af0011401b9f7c0ca Mon Sep 17 00:00:00 2001
From: Hugo Lefeuvre <hle@owl.eu.com>
Date: Mon, 24 Dec 2018 06:43:48 +0100
Subject: [PATCH] a/ulaw: fix multiple buffer overflows (#432)
i2ulaw_array() and i2alaw_array() fail to handle ptr [count] = INT_MIN
properly, leading to buffer underflow. INT_MIN is a special value
since - INT_MIN cannot be represented as int.
In this case round - INT_MIN to INT_MAX and proceed as usual.
f2ulaw_array() and f2alaw_array() fail to handle ptr [count] = NaN
properly, leading to null pointer dereference.
In this case, arbitrarily set the buffer value to 0.
This commit fixes #429 (CVE-2018-19661 and CVE-2018-19662) and
fixes #344 (CVE-2017-17456 and CVE-2017-17457).
---
src/alaw.c | 9 +++++++--
src/ulaw.c | 9 +++++++--
2 files changed, 14 insertions(+), 4 deletions(-)
diff --git a/src/alaw.c b/src/alaw.c
index 063fd1a2..4220224c 100644
--- a/src/alaw.c
+++ b/src/alaw.c
@@ -19,6 +19,7 @@
#include "sfconfig.h"
#include <math.h>
+#include <limits.h>
#include "sndfile.h"
#include "common.h"
@@ -326,7 +327,9 @@ s2alaw_array (const short *ptr, int count, unsigned char *buffer)
static inline void
i2alaw_array (const int *ptr, int count, unsigned char *buffer)
{ while (--count >= 0)
- { if (ptr [count] >= 0)
+ { if (ptr [count] == INT_MIN)
+ buffer [count] = alaw_encode [INT_MAX >> (16 + 4)] ;
+ else if (ptr [count] >= 0)
buffer [count] = alaw_encode [ptr [count] >> (16 + 4)] ;
else
buffer [count] = 0x7F & alaw_encode [- ptr [count] >> (16 + 4)] ;
@@ -346,7 +349,9 @@ f2alaw_array (const float *ptr, int count, unsigned char *buffer, float normfact
static inline void
d2alaw_array (const double *ptr, int count, unsigned char *buffer, double normfact)
{ while (--count >= 0)
- { if (ptr [count] >= 0)
+ { if (!isfinite (ptr [count]))
+ buffer [count] = 0 ;
+ else if (ptr [count] >= 0)
buffer [count] = alaw_encode [lrint (normfact * ptr [count])] ;
else
buffer [count] = 0x7F & alaw_encode [- lrint (normfact * ptr [count])] ;
diff --git a/src/ulaw.c b/src/ulaw.c
index e50b4cb5..b6070ade 100644
--- a/src/ulaw.c
+++ b/src/ulaw.c
@@ -19,6 +19,7 @@
#include "sfconfig.h"
#include <math.h>
+#include <limits.h>
#include "sndfile.h"
#include "common.h"
@@ -827,7 +828,9 @@ s2ulaw_array (const short *ptr, int count, unsigned char *buffer)
static inline void
i2ulaw_array (const int *ptr, int count, unsigned char *buffer)
{ while (--count >= 0)
- { if (ptr [count] >= 0)
+ { if (ptr [count] == INT_MIN)
+ buffer [count] = ulaw_encode [INT_MAX >> (16 + 2)] ;
+ else if (ptr [count] >= 0)
buffer [count] = ulaw_encode [ptr [count] >> (16 + 2)] ;
else
buffer [count] = 0x7F & ulaw_encode [-ptr [count] >> (16 + 2)] ;
@@ -847,7 +850,9 @@ f2ulaw_array (const float *ptr, int count, unsigned char *buffer, float normfact
static inline void
d2ulaw_array (const double *ptr, int count, unsigned char *buffer, double normfact)
{ while (--count >= 0)
- { if (ptr [count] >= 0)
+ { if (!isfinite (ptr [count]))
+ buffer [count] = 0 ;
+ else if (ptr [count] >= 0)
buffer [count] = ulaw_encode [lrint (normfact * ptr [count])] ;
else
buffer [count] = 0x7F & ulaw_encode [- lrint (normfact * ptr [count])] ;

11
SOURCES/libsndfile-1.0.28-fixfree.patch
Unescape View File

@ -0,0 +1,11 @@
diff -up libsndfile-1.0.28/src/sndfile.c.fixfree libsndfile-1.0.28/src/sndfile.c
--- libsndfile-1.0.28/src/sndfile.c.fixfree 2018-10-15 14:24:26.521941046 +0200
+++ libsndfile-1.0.28/src/sndfile.c 2018-10-15 14:24:26.534940869 +0200
@@ -339,6 +339,7 @@ sf_open (const char *path, int mode, SF_
if (copy_filename (psf, path) != 0)
{ sf_errno = psf->error ;
+ free(psf);
return NULL ;
} ;

64
SOURCES/libsndfile-1.0.28-flacbufovfl.patch
Unescape View File

@ -0,0 +1,64 @@
From fd0484aba8e51d16af1e3a880f9b8b857b385eb3 Mon Sep 17 00:00:00 2001
From: Erik de Castro Lopo <erikd@mega-nerd.com>
Date: Wed, 12 Apr 2017 19:45:30 +1000
Subject: [PATCH] FLAC: Fix a buffer read overrun
Buffer read overrun occurs when reading a FLAC file that switches
from 2 channels to one channel mid-stream. Only option is to
abort the read.
Closes: https://github.com/erikd/libsndfile/issues/230
---
src/common.h | 1 +
src/flac.c | 13 +++++++++++++
src/sndfile.c | 1 +
3 files changed, 15 insertions(+)
diff --git a/src/common.h b/src/common.h
index 0bd810c3..e2669b6a 100644
--- a/src/common.h
+++ b/src/common.h
@@ -725,6 +725,7 @@ enum
SFE_FLAC_INIT_DECODER,
SFE_FLAC_LOST_SYNC,
SFE_FLAC_BAD_SAMPLE_RATE,
+ SFE_FLAC_CHANNEL_COUNT_CHANGED,
SFE_FLAC_UNKOWN_ERROR,
SFE_WVE_NOT_WVE,
diff --git a/src/flac.c b/src/flac.c
index 84de0e26..986a7b8f 100644
--- a/src/flac.c
+++ b/src/flac.c
@@ -434,6 +434,19 @@ sf_flac_meta_callback (const FLAC__StreamDecoder * UNUSED (decoder), const FLAC_
switch (metadata->type)
{ case FLAC__METADATA_TYPE_STREAMINFO :
+ if (psf->sf.channels > 0 && psf->sf.channels != (int) metadata->data.stream_info.channels)
+ { psf_log_printf (psf, "Error: FLAC stream changed from %d to %d channels\n"
+ "Nothing to be but to error out.\n" ,
+ psf->sf.channels, metadata->data.stream_info.channels) ;
+ psf->error = SFE_FLAC_CHANNEL_COUNT_CHANGED ;
+ return ;
+ } ;
+
+ if (psf->sf.channels > 0 && psf->sf.samplerate != (int) metadata->data.stream_info.sample_rate)
+ { psf_log_printf (psf, "Warning: FLAC stream changed sample rates from %d to %d.\n"
+ "Carrying on as if nothing happened.",
+ psf->sf.samplerate, metadata->data.stream_info.sample_rate) ;
+ } ;
psf->sf.channels = metadata->data.stream_info.channels ;
psf->sf.samplerate = metadata->data.stream_info.sample_rate ;
psf->sf.frames = metadata->data.stream_info.total_samples ;
diff --git a/src/sndfile.c b/src/sndfile.c
index 41875610..e2a87be8 100644
--- a/src/sndfile.c
+++ b/src/sndfile.c
@@ -245,6 +245,7 @@ ErrorStruct SndfileErrors [] =
{ SFE_FLAC_INIT_DECODER , "Error : problem with initialization of the flac decoder." },
{ SFE_FLAC_LOST_SYNC , "Error : flac decoder lost sync." },
{ SFE_FLAC_BAD_SAMPLE_RATE, "Error : flac does not support this sample rate." },
+ { SFE_FLAC_CHANNEL_COUNT_CHANGED, "Error : flac channel changed mid stream." },
{ SFE_FLAC_UNKOWN_ERROR , "Error : unknown error in flac decoder." },
{ SFE_WVE_NOT_WVE , "Error : not a WVE file." },

114
SOURCES/libsndfile-1.0.28-vafix.patch
Unescape View File

@ -0,0 +1,114 @@
diff -up libsndfile-1.0.28/src/common.c.vafix libsndfile-1.0.28/src/common.c
--- libsndfile-1.0.28/src/common.c.vafix 2018-10-15 14:31:59.805758665 +0200
+++ libsndfile-1.0.28/src/common.c 2018-10-15 14:34:48.978445310 +0200
@@ -561,7 +561,10 @@ psf_binheader_writef (SF_PRIVATE *psf, c
while ((c = *format++))
{
if (psf->header.indx + 16 >= psf->header.len && psf_bump_header_allocation (psf, 16))
+ {
+ va_end (argptr) ;
return count ;
+ } ;
switch (c)
{ case ' ' : /* Do nothing. Just used to space out format string. */
@@ -677,7 +680,10 @@ psf_binheader_writef (SF_PRIVATE *psf, c
size = strlen (strptr) + 1 ;
if (psf->header.indx + 4 + (sf_count_t) size + (sf_count_t) (size & 1) > psf->header.len && psf_bump_header_allocation (psf, 4 + size + (size & 1)))
+ {
+ va_end (argptr) ;
return count ;
+ } ;
if (psf->rwf_endian == SF_ENDIAN_BIG)
header_put_be_int (psf, size + (size & 1)) ;
@@ -698,7 +704,10 @@ psf_binheader_writef (SF_PRIVATE *psf, c
strptr = va_arg (argptr, char *) ;
size = strlen (strptr) ;
if (psf->header.indx + 4 + (sf_count_t) size + (sf_count_t) (size & 1) > psf->header.len && psf_bump_header_allocation (psf, 4 + size + (size & 1)))
+ {
+ va_end (argptr) ;
return count ;
+ } ;
if (psf->rwf_endian == SF_ENDIAN_BIG)
header_put_be_int (psf, size) ;
else
@@ -718,7 +727,10 @@ psf_binheader_writef (SF_PRIVATE *psf, c
size = (size > 254) ? 254 : size ;
if (psf->header.indx + 1 + (sf_count_t) size > psf->header.len && psf_bump_header_allocation (psf, 1 + size))
+ {
+ va_end (argptr) ;
return count ;
+ } ;
header_put_byte (psf, size) ;
memcpy (&(psf->header.ptr [psf->header.indx]), strptr, size) ;
@@ -731,7 +743,10 @@ psf_binheader_writef (SF_PRIVATE *psf, c
size = va_arg (argptr, size_t) ;
if (psf->header.indx + (sf_count_t) size > psf->header.len && psf_bump_header_allocation (psf, size))
+ {
+ va_end (argptr) ;
return count ;
+ } ;
memcpy (&(psf->header.ptr [psf->header.indx]), bindata, size) ;
psf->header.indx += size ;
@@ -742,7 +757,10 @@ psf_binheader_writef (SF_PRIVATE *psf, c
size = va_arg (argptr, size_t) ;
if (psf->header.indx + (sf_count_t) size > psf->header.len && psf_bump_header_allocation (psf, size))
+ {
+ va_end (argptr) ;
return count ;
+ } ;
count += size ;
while (size)
@@ -763,7 +781,10 @@ psf_binheader_writef (SF_PRIVATE *psf, c
size = va_arg (argptr, size_t) ;
if (psf->header.indx + (sf_count_t) size > psf->header.len && psf_bump_header_allocation (psf, size))
+ {
+ va_end (argptr) ;
return count ;
+ } ;
psf->header.indx += size ;
count += size ;
@@ -773,7 +794,10 @@ psf_binheader_writef (SF_PRIVATE *psf, c
size = va_arg (argptr, size_t) ;
if ((sf_count_t) size >= psf->header.len && psf_bump_header_allocation (psf, size))
+ {
+ va_end (argptr) ;
return count ;
+ } ;
psf->header.indx = size ;
break ;
@@ -960,7 +984,10 @@ psf_binheader_readf (SF_PRIVATE *psf, ch
while ((c = *format++))
{
if (psf->header.indx + 16 >= psf->header.len && psf_bump_header_allocation (psf, 16))
+ {
+ va_end (argptr) ;
return count ;
+ } ;
switch (c)
{ case 'e' : /* All conversions are now from LE to host. */
@@ -1087,7 +1114,10 @@ psf_binheader_readf (SF_PRIVATE *psf, ch
memset (charptr, 0, count) ;
if (psf->header.indx + count >= psf->header.len && psf_bump_header_allocation (psf, count))
- return 0 ;
+ {
+ va_end (argptr) ;
+ return count ;
+ } ;
byte_count += header_gets (psf, charptr, count) ;
break ;

25
SOURCES/libsndfile-1.0.29-cve2017_6892.patch
Unescape View File

@ -0,0 +1,25 @@
From f833c53cb596e9e1792949f762e0b33661822748 Mon Sep 17 00:00:00 2001
From: Erik de Castro Lopo <erikd@mega-nerd.com>
Date: Tue, 23 May 2017 20:15:24 +1000
Subject: [PATCH] src/aiff.c: Fix a buffer read overflow
Secunia Advisory SA76717.
Found by: Laurent Delosieres, Secunia Research at Flexera Software
---
src/aiff.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/aiff.c b/src/aiff.c
index 5b5f9f53..45864b76 100644
--- a/src/aiff.c
+++ b/src/aiff.c
@@ -1759,7 +1759,7 @@ aiff_read_chanmap (SF_PRIVATE * psf, unsigned dword)
psf_binheader_readf (psf, "j", dword - bytesread) ;
if (map_info->channel_map != NULL)
- { size_t chanmap_size = psf->sf.channels * sizeof (psf->channel_map [0]) ;
+ { size_t chanmap_size = SF_MIN (psf->sf.channels, layout_tag & 0xffff) * sizeof (psf->channel_map [0]) ;
free (psf->channel_map) ;

330
SOURCES/libsndfile-1.0.31-pullrequest979.patch
Unescape View File

@ -1,7 +1,7 @@
diff -up libsndfile-1.0.31/src/aiff.c.pullrequest979 libsndfile-1.0.31/src/aiff.c
--- libsndfile-1.0.31/src/aiff.c.pullrequest979 2021-01-23 17:12:45.000000000 +0100
+++ libsndfile-1.0.31/src/aiff.c 2023-11-01 23:24:06.794851022 +0100
@@ -1685,7 +1685,7 @@ static int
diff -up libsndfile-1.0.28/src/aiff.c.pullrequest979 libsndfile-1.0.28/src/aiff.c
--- libsndfile-1.0.28/src/aiff.c.pullrequest979 2023-11-01 23:49:50.232622966 +0100
+++ libsndfile-1.0.28/src/aiff.c 2023-11-01 23:49:50.246623108 +0100
@@ -1822,7 +1822,7 @@ static int
aiff_read_basc_chunk (SF_PRIVATE * psf, int datasize)
{ const char * type_str ;
basc_CHUNK bc ;
@ -10,9 +10,9 @@ diff -up libsndfile-1.0.31/src/aiff.c.pullrequest979 libsndfile-1.0.31/src/aiff.
count = psf_binheader_readf (psf, "E442", &bc.version, &bc.numBeats, &bc.rootNote) ;
count += psf_binheader_readf (psf, "E222", &bc.scaleType, &bc.sigNumerator, &bc.sigDenominator) ;
diff -up libsndfile-1.0.31/src/au.c.pullrequest979 libsndfile-1.0.31/src/au.c
--- libsndfile-1.0.31/src/au.c.pullrequest979 2020-10-04 12:00:49.000000000 +0200
+++ libsndfile-1.0.31/src/au.c 2023-11-01 23:24:06.794851022 +0100
diff -up libsndfile-1.0.28/src/au.c.pullrequest979 libsndfile-1.0.28/src/au.c
--- libsndfile-1.0.28/src/au.c.pullrequest979 2017-04-01 09:18:02.000000000 +0200
+++ libsndfile-1.0.28/src/au.c 2023-11-01 23:49:50.246623108 +0100
@@ -291,6 +291,7 @@ static int
au_read_header (SF_PRIVATE *psf)
{ AU_FMT au_fmt ;
@ -41,9 +41,9 @@ diff -up libsndfile-1.0.31/src/au.c.pullrequest979 libsndfile-1.0.31/src/au.c
psf_log_printf (psf, " Data Size : %d\n", au_fmt.datasize) ;
}
else
diff -up libsndfile-1.0.31/src/avr.c.pullrequest979 libsndfile-1.0.31/src/avr.c
--- libsndfile-1.0.31/src/avr.c.pullrequest979 2020-10-04 12:00:49.000000000 +0200
+++ libsndfile-1.0.31/src/avr.c 2023-11-01 23:24:06.795851033 +0100
diff -up libsndfile-1.0.28/src/avr.c.pullrequest979 libsndfile-1.0.28/src/avr.c
--- libsndfile-1.0.28/src/avr.c.pullrequest979 2017-04-01 09:18:02.000000000 +0200
+++ libsndfile-1.0.28/src/avr.c 2023-11-01 23:49:50.246623108 +0100
@@ -164,7 +164,7 @@ avr_read_header (SF_PRIVATE *psf)
psf->endian = SF_ENDIAN_BIG ;
@ -53,9 +53,9 @@ diff -up libsndfile-1.0.31/src/avr.c.pullrequest979 libsndfile-1.0.31/src/avr.c
if (psf->fileoffset > 0)
psf->filelength = AVR_HDR_SIZE + psf->datalength ;
diff -up libsndfile-1.0.31/src/common.c.pullrequest979 libsndfile-1.0.31/src/common.c
--- libsndfile-1.0.31/src/common.c.pullrequest979 2021-01-23 17:12:45.000000000 +0100
+++ libsndfile-1.0.31/src/common.c 2023-11-01 23:24:06.795851033 +0100
diff -up libsndfile-1.0.28/src/common.c.pullrequest979 libsndfile-1.0.28/src/common.c
--- libsndfile-1.0.28/src/common.c.pullrequest979 2023-11-01 23:49:50.237623017 +0100
+++ libsndfile-1.0.28/src/common.c 2023-11-01 23:50:00.446727012 +0100
@@ -18,6 +18,7 @@
#include <config.h>
@ -64,7 +64,7 @@ diff -up libsndfile-1.0.31/src/common.c.pullrequest979 libsndfile-1.0.31/src/com
#include <stdarg.h>
#include <string.h>
#if HAVE_UNISTD_H
@@ -962,6 +963,7 @@ psf_binheader_readf (SF_PRIVATE *psf, ch
@@ -975,6 +976,7 @@ psf_binheader_readf (SF_PRIVATE *psf, ch
double *doubleptr ;
char c ;
int byte_count = 0, count = 0 ;
@ -72,15 +72,15 @@ diff -up libsndfile-1.0.31/src/common.c.pullrequest979 libsndfile-1.0.31/src/com
if (! format)
return psf_ftell (psf) ;
@@ -970,6 +972,7 @@ psf_binheader_readf (SF_PRIVATE *psf, ch
@@ -983,6 +985,7 @@ psf_binheader_readf (SF_PRIVATE *psf, ch
while ((c = *format++))
{
+ read_bytes = 0 ;
if (psf->header.indx + 16 >= psf->header.len && psf_bump_header_allocation (psf, 16))
return count ;
@@ -986,7 +989,7 @@ psf_binheader_readf (SF_PRIVATE *psf, ch
{
va_end (argptr) ;
@@ -1002,7 +1005,7 @@ psf_binheader_readf (SF_PRIVATE *psf, ch
intptr = va_arg (argptr, unsigned int*) ;
*intptr = 0 ;
ucptr = (unsigned char*) intptr ;
@ -89,7 +89,7 @@ diff -up libsndfile-1.0.31/src/common.c.pullrequest979 libsndfile-1.0.31/src/com
*intptr = GET_MARKER (ucptr) ;
break ;
@@ -994,7 +997,7 @@ psf_binheader_readf (SF_PRIVATE *psf, ch
@@ -1010,7 +1013,7 @@ psf_binheader_readf (SF_PRIVATE *psf, ch
intptr = va_arg (argptr, unsigned int*) ;
*intptr = 0 ;
ucptr = (unsigned char*) intptr ;
@ -98,7 +98,7 @@ diff -up libsndfile-1.0.31/src/common.c.pullrequest979 libsndfile-1.0.31/src/com
{ int k ;
intdata = 0 ;
for (k = 0 ; k < 16 ; k++)
@@ -1006,14 +1009,14 @@ psf_binheader_readf (SF_PRIVATE *psf, ch
@@ -1022,14 +1025,14 @@ psf_binheader_readf (SF_PRIVATE *psf, ch
case '1' :
charptr = va_arg (argptr, char*) ;
*charptr = 0 ;
@ -115,7 +115,7 @@ diff -up libsndfile-1.0.31/src/common.c.pullrequest979 libsndfile-1.0.31/src/com
if (psf->rwf_endian == SF_ENDIAN_BIG)
*shortptr = GET_BE_SHORT (ucptr) ;
else
@@ -1023,7 +1026,7 @@ psf_binheader_readf (SF_PRIVATE *psf, ch
@@ -1039,7 +1042,7 @@ psf_binheader_readf (SF_PRIVATE *psf, ch
case '3' : /* 3 byte value with the current endian-ness */
intptr = va_arg (argptr, unsigned int*) ;
*intptr = 0 ;
@ -124,7 +124,7 @@ diff -up libsndfile-1.0.31/src/common.c.pullrequest979 libsndfile-1.0.31/src/com
if (psf->rwf_endian == SF_ENDIAN_BIG)
*intptr = GET_BE_3BYTE (sixteen_bytes) ;
else
@@ -1034,7 +1037,7 @@ psf_binheader_readf (SF_PRIVATE *psf, ch
@@ -1050,7 +1053,7 @@ psf_binheader_readf (SF_PRIVATE *psf, ch
intptr = va_arg (argptr, unsigned int*) ;
*intptr = 0 ;
ucptr = (unsigned char*) intptr ;
@ -133,7 +133,7 @@ diff -up libsndfile-1.0.31/src/common.c.pullrequest979 libsndfile-1.0.31/src/com
if (psf->rwf_endian == SF_ENDIAN_BIG)
*intptr = psf_get_be32 (ucptr, 0) ;
else
@@ -1044,7 +1047,7 @@ psf_binheader_readf (SF_PRIVATE *psf, ch
@@ -1060,7 +1063,7 @@ psf_binheader_readf (SF_PRIVATE *psf, ch
case '8' : /* 8 byte value with the current endian-ness */
countptr = va_arg (argptr, sf_count_t *) ;
*countptr = 0 ;
@ -142,7 +142,7 @@ diff -up libsndfile-1.0.31/src/common.c.pullrequest979 libsndfile-1.0.31/src/com
if (psf->rwf_endian == SF_ENDIAN_BIG)
countdata = psf_get_be64 (sixteen_bytes, 0) ;
else
@@ -1055,7 +1058,7 @@ psf_binheader_readf (SF_PRIVATE *psf, ch
@@ -1071,7 +1074,7 @@ psf_binheader_readf (SF_PRIVATE *psf, ch
case 'f' : /* Float conversion */
floatptr = va_arg (argptr, float *) ;
*floatptr = 0.0 ;
@ -151,7 +151,7 @@ diff -up libsndfile-1.0.31/src/common.c.pullrequest979 libsndfile-1.0.31/src/com
if (psf->rwf_endian == SF_ENDIAN_BIG)
*floatptr = float32_be_read ((unsigned char*) floatptr) ;
else
@@ -1065,7 +1068,7 @@ psf_binheader_readf (SF_PRIVATE *psf, ch
@@ -1081,7 +1084,7 @@ psf_binheader_readf (SF_PRIVATE *psf, ch
case 'd' : /* double conversion */
doubleptr = va_arg (argptr, double *) ;
*doubleptr = 0.0 ;
@ -160,7 +160,7 @@ diff -up libsndfile-1.0.31/src/common.c.pullrequest979 libsndfile-1.0.31/src/com
if (psf->rwf_endian == SF_ENDIAN_BIG)
*doubleptr = double64_be_read ((unsigned char*) doubleptr) ;
else
@@ -1089,7 +1092,7 @@ psf_binheader_readf (SF_PRIVATE *psf, ch
@@ -1105,7 +1108,7 @@ psf_binheader_readf (SF_PRIVATE *psf, ch
charptr = va_arg (argptr, char*) ;
count = va_arg (argptr, size_t) ;
memset (charptr, 0, count) ;
@ -169,16 +169,16 @@ diff -up libsndfile-1.0.31/src/common.c.pullrequest979 libsndfile-1.0.31/src/com
break ;
case 'G' :
@@ -1100,7 +1103,7 @@ psf_binheader_readf (SF_PRIVATE *psf, ch
if (psf->header.indx + count >= psf->header.len && psf_bump_header_allocation (psf, count))
return 0 ;
@@ -1119,7 +1122,7 @@ psf_binheader_readf (SF_PRIVATE *psf, ch
return count ;
} ;
- byte_count += header_gets (psf, charptr, count) ;
+ read_bytes = header_gets (psf, charptr, count) ;
break ;
case 'z' :
@@ -1124,7 +1127,7 @@ psf_binheader_readf (SF_PRIVATE *psf, ch
@@ -1143,7 +1146,7 @@ psf_binheader_readf (SF_PRIVATE *psf, ch
case 'j' : /* Seek to position from current position. */
count = va_arg (argptr, size_t) ;
header_seek (psf, count, SEEK_CUR) ;
@ -187,7 +187,7 @@ diff -up libsndfile-1.0.31/src/common.c.pullrequest979 libsndfile-1.0.31/src/com
break ;
default :
@@ -1132,8 +1135,17 @@ psf_binheader_readf (SF_PRIVATE *psf, ch
@@ -1151,8 +1154,17 @@ psf_binheader_readf (SF_PRIVATE *psf, ch
psf->error = SFE_INTERNAL ;
break ;
} ;
@ -205,10 +205,10 @@ diff -up libsndfile-1.0.31/src/common.c.pullrequest979 libsndfile-1.0.31/src/com
va_end (argptr) ;
return byte_count ;
diff -up libsndfile-1.0.31/src/common.h.pullrequest979 libsndfile-1.0.31/src/common.h
--- libsndfile-1.0.31/src/common.h.pullrequest979 2021-01-23 17:12:45.000000000 +0100
+++ libsndfile-1.0.31/src/common.h 2023-11-01 23:24:06.795851033 +0100
@@ -484,7 +484,7 @@ typedef struct sf_private_tag
diff -up libsndfile-1.0.28/src/common.h.pullrequest979 libsndfile-1.0.28/src/common.h
--- libsndfile-1.0.28/src/common.h.pullrequest979 2023-11-01 23:49:50.230622945 +0100
+++ libsndfile-1.0.28/src/common.h 2023-11-01 23:49:50.246623108 +0100
@@ -467,7 +467,7 @@ typedef struct sf_private_tag
sf_count_t datalength ; /* Length in bytes of the audio data. */
sf_count_t dataend ; /* Offset to file tailer. */
@ -217,10 +217,10 @@ diff -up libsndfile-1.0.31/src/common.h.pullrequest979 libsndfile-1.0.31/src/com
int bytewidth ; /* Size in bytes of one sample (one channel). */
void *dither ;
diff -up libsndfile-1.0.31/src/ima_adpcm.c.pullrequest979 libsndfile-1.0.31/src/ima_adpcm.c
--- libsndfile-1.0.31/src/ima_adpcm.c.pullrequest979 2023-11-01 23:24:06.793851012 +0100
+++ libsndfile-1.0.31/src/ima_adpcm.c 2023-11-01 23:24:06.797851053 +0100
@@ -238,7 +238,7 @@ ima_reader_init (SF_PRIVATE *psf, int bl
diff -up libsndfile-1.0.28/src/ima_adpcm.c.pullrequest979 libsndfile-1.0.28/src/ima_adpcm.c
--- libsndfile-1.0.28/src/ima_adpcm.c.pullrequest979 2016-09-10 10:08:27.000000000 +0200
+++ libsndfile-1.0.28/src/ima_adpcm.c 2023-11-01 23:49:50.247623119 +0100
@@ -233,7 +233,7 @@ ima_reader_init (SF_PRIVATE *psf, int bl
case SF_FORMAT_AIFF :
psf_log_printf (psf, "still need to check block count\n") ;
pima->decode_block = aiff_ima_decode_block ;
@ -229,9 +229,9 @@ diff -up libsndfile-1.0.31/src/ima_adpcm.c.pullrequest979 libsndfile-1.0.31/src/
break ;
default :
diff -up libsndfile-1.0.31/src/ircam.c.pullrequest979 libsndfile-1.0.31/src/ircam.c
--- libsndfile-1.0.31/src/ircam.c.pullrequest979 2020-10-04 12:00:49.000000000 +0200
+++ libsndfile-1.0.31/src/ircam.c 2023-11-01 23:24:06.795851033 +0100
diff -up libsndfile-1.0.28/src/ircam.c.pullrequest979 libsndfile-1.0.28/src/ircam.c
--- libsndfile-1.0.28/src/ircam.c.pullrequest979 2017-04-01 09:18:02.000000000 +0200
+++ libsndfile-1.0.28/src/ircam.c 2023-11-01 23:49:50.247623119 +0100
@@ -171,35 +171,35 @@ ircam_read_header (SF_PRIVATE *psf)
switch (encoding)
{ case IRCAM_PCM_16 :
@ -273,9 +273,9 @@ diff -up libsndfile-1.0.31/src/ircam.c.pullrequest979 libsndfile-1.0.31/src/irca
psf->sf.format = SF_FORMAT_IRCAM | SF_FORMAT_ULAW ;
break ;
diff -up libsndfile-1.0.31/src/mat4.c.pullrequest979 libsndfile-1.0.31/src/mat4.c
--- libsndfile-1.0.31/src/mat4.c.pullrequest979 2021-01-23 17:12:45.000000000 +0100
+++ libsndfile-1.0.31/src/mat4.c 2023-11-01 23:24:06.795851033 +0100
diff -up libsndfile-1.0.28/src/mat4.c.pullrequest979 libsndfile-1.0.28/src/mat4.c
--- libsndfile-1.0.28/src/mat4.c.pullrequest979 2017-04-01 09:18:02.000000000 +0200
+++ libsndfile-1.0.28/src/mat4.c 2023-11-01 23:49:50.247623119 +0100
@@ -104,7 +104,7 @@ mat4_open (SF_PRIVATE *psf)
psf->container_close = mat4_close ;
@ -294,9 +294,9 @@ diff -up libsndfile-1.0.31/src/mat4.c.pullrequest979 libsndfile-1.0.31/src/mat4.
psf->datalength = psf->filelength - psf->dataoffset - psf->dataend ;
diff -up libsndfile-1.0.31/src/mat5.c.pullrequest979 libsndfile-1.0.31/src/mat5.c
--- libsndfile-1.0.31/src/mat5.c.pullrequest979 2021-01-23 17:12:45.000000000 +0100
+++ libsndfile-1.0.31/src/mat5.c 2023-11-01 23:24:06.796851043 +0100
diff -up libsndfile-1.0.28/src/mat5.c.pullrequest979 libsndfile-1.0.28/src/mat5.c
--- libsndfile-1.0.28/src/mat5.c.pullrequest979 2017-04-01 09:18:02.000000000 +0200
+++ libsndfile-1.0.28/src/mat5.c 2023-11-01 23:49:50.247623119 +0100
@@ -114,7 +114,7 @@ mat5_open (SF_PRIVATE *psf)
psf->container_close = mat5_close ;
@ -306,224 +306,10 @@ diff -up libsndfile-1.0.31/src/mat5.c.pullrequest979 libsndfile-1.0.31/src/mat5.
switch (subformat)
{ case SF_FORMAT_PCM_U8 :
diff -up libsndfile-1.0.31/src/nms_adpcm.c.pullrequest979 libsndfile-1.0.31/src/nms_adpcm.c
--- libsndfile-1.0.31/src/nms_adpcm.c.pullrequest979 2021-01-23 17:12:45.000000000 +0100
+++ libsndfile-1.0.31/src/nms_adpcm.c 2023-11-01 23:24:06.796851043 +0100
@@ -48,36 +48,36 @@
/* Variable names from ITU G.726 spec */
struct nms_adpcm_state
{ /* Log of the step size multiplier. Operated on by codewords. */
- int yl ;
+ short yl ;
/* Quantizer step size multiplier. Generated from yl. */
- int y ;
+ short y ;
/* Coefficents of the pole predictor */
- int a [2] ;
+ short a [2] ;
/* Coefficents of the zero predictor */
- int b [6] ;
+ short b [6] ;
/* Previous quantized deltas (multiplied by 2^14) */
- int d_q [7] ;
+ short d_q [7] ;
/* d_q [x] + s_ez [x], used by the pole-predictor for signs only. */
- int p [3] ;
+ short p [3] ;
/* Previous reconstructed signal values. */
- int s_r [2] ;
+ short s_r [2] ;
/* Zero predictor components of the signal estimate. */
- int s_ez ;
+ short s_ez ;
/* Signal estimate, (including s_ez). */
- int s_e ;
+ short s_e ;
/* The most recent codeword (enc:generated, dec:inputted) */
- int Ik ;
+ char Ik ;
- int parity ;
+ char parity ;
/*
** Offset into code tables for the bitrate.
@@ -109,7 +109,7 @@ typedef struct
} NMS_ADPCM_PRIVATE ;
/* Pre-computed exponential interval used in the antilog approximation. */
-static unsigned int table_expn [] =
+static unsigned short table_expn [] =
{ 0x4000, 0x4167, 0x42d5, 0x444c, 0x45cb, 0x4752, 0x48e2, 0x4a7a,
0x4c1b, 0x4dc7, 0x4f7a, 0x5138, 0x52ff, 0x54d1, 0x56ac, 0x5892,
0x5a82, 0x5c7e, 0x5e84, 0x6096, 0x62b4, 0x64dd, 0x6712, 0x6954,
@@ -117,21 +117,21 @@ static unsigned int table_expn [] =
} ;
/* Table mapping codewords to scale factor deltas. */
-static int table_scale_factor_step [] =
+static short table_scale_factor_step [] =
{ 0x0, 0x0, 0x0, 0x0, 0x4b0, 0x0, 0x0, 0x0, /* 2-bit */
-0x3c, 0x0, 0x90, 0x0, 0x2ee, 0x0, 0x898, 0x0, /* 3-bit */
-0x30, 0x12, 0x6b, 0xc8, 0x188, 0x2e0, 0x551, 0x1150, /* 4-bit */
} ;
/* Table mapping codewords to quantized delta interval steps. */
-static unsigned int table_step [] =
+static unsigned short table_step [] =
{ 0x73F, 0, 0, 0, 0x1829, 0, 0, 0, /* 2-bit */
0x3EB, 0, 0xC18, 0, 0x1581, 0, 0x226E, 0, /* 3-bit */
0x20C, 0x635, 0xA83, 0xF12, 0x1418, 0x19E3, 0x211A, 0x2BBA, /* 4-bit */
} ;
/* Binary search lookup table for quantizing using table_step. */
-static int table_step_search [] =
+static short table_step_search [] =
{ 0, 0x1F6D, 0, -0x1F6D, 0, 0, 0, 0, /* 2-bit */
0x1008, 0x1192, 0, -0x219A, 0x1656, -0x1656, 0, 0, /* 3-bit */
0x872, 0x1277, -0x8E6, -0x232B, 0xD06, -0x17D7, -0x11D3, 0, /* 4-bit */
@@ -179,23 +179,23 @@ static sf_count_t nms_adpcm_seek (SF_PRI
** Maps [1,20480] to [1,1024] in an exponential relationship. This is
** approximately ret = b^exp where b = e^(ln(1024)/ln(20480)) ~= 1.0003385
*/
-static inline int
-nms_adpcm_antilog (int exp)
-{ int ret ;
-
- ret = 0x1000 ;
- ret += (((exp & 0x3f) * 0x166b) >> 12) ;
- ret *= table_expn [(exp & 0x7c0) >> 6] ;
- ret >>= (26 - (exp >> 11)) ;
+static inline short
+nms_adpcm_antilog (short exp)
+{ int_fast32_t r ;
+
+ r = 0x1000 ;
+ r += (((int_fast32_t) (exp & 0x3f) * 0x166b) >> 12) ;
+ r *= table_expn [(exp & 0x7c0) >> 6] ;
+ r >>= (26 - (exp >> 11)) ;
- return ret ;
+ return (short) r ;
} /* nms_adpcm_antilog */
static void
nms_adpcm_update (struct nms_adpcm_state *s)
{ /* Variable names from ITU G.726 spec */
- int a1ul ;
- int fa1 ;
+ short a1ul, fa1 ;
+ int_fast32_t se ;
int i ;
/* Decay and Modify the scale factor in the log domain based on the codeword. */
@@ -222,7 +222,7 @@ nms_adpcm_update (struct nms_adpcm_state
else if (fa1 > 256)
fa1 = 256 ;
- s->a [0] = (0xff * s->a [0]) >> 8 ;
+ s->a [0] = (s->a [0] * 0xff) >> 8 ;
if (s->p [0] != 0 && s->p [1] != 0 && ((s->p [0] ^ s->p [1]) < 0))
s->a [0] -= 192 ;
else
@@ -230,7 +230,7 @@ nms_adpcm_update (struct nms_adpcm_state
fa1 = -fa1 ;
}
- s->a [1] = fa1 + ((0xfe * s->a [1]) >> 8) ;
+ s->a [1] = fa1 + ((s->a [1] * 0xfe) >> 8) ;
if (s->p [0] != 0 && s->p [2] != 0 && ((s->p [0] ^ s->p [2]) < 0))
s->a [1] -= 128 ;
else
@@ -250,19 +250,18 @@ nms_adpcm_update (struct nms_adpcm_state
s->a [0] = a1ul ;
} ;
- /* Compute the zero predictor estimate. Rotate past deltas too. */
- s->s_ez = 0 ;
+ /* Compute the zero predictor estimate and rotate past deltas. */
+ se = 0 ;
for (i = 5 ; i >= 0 ; i--)
- { s->s_ez += s->d_q [i] * s->b [i] ;
+ { se += (int_fast32_t) s->d_q [i] * s->b [i] ;
s->d_q [i + 1] = s->d_q [i] ;
} ;
+ s->s_ez = se >> 14 ;
- /* Compute the signal estimate. */
- s->s_e = s->a [0] * s->s_r [0] + s->a [1] * s->s_r [1] + s->s_ez ;
-
- /* Return to scale */
- s->s_ez >>= 14 ;
- s->s_e >>= 14 ;
+ /* Complete the signal estimate. */
+ se += (int_fast32_t) s->a [0] * s->s_r [0] ;
+ se += (int_fast32_t) s->a [1] * s->s_r [1] ;
+ s->s_e = se >> 14 ;
/* Rotate members to prepare for next iteration. */
s->s_r [1] = s->s_r [0] ;
@@ -274,7 +273,7 @@ nms_adpcm_update (struct nms_adpcm_state
static int16_t
nms_adpcm_reconstruct_sample (struct nms_adpcm_state *s, uint8_t I)
{ /* Variable names from ITU G.726 spec */
- int dqx ;
+ int_fast32_t dqx ;
/*
** The ordering of the 12-bit right-shift is a precision loss. It agrees
@@ -308,17 +307,17 @@ nms_adpcm_codec_init (struct nms_adpcm_s
/*
** nms_adpcm_encode_sample()
**
-** Encode a linear 16-bit pcm sample into a 2,3, or 4 bit NMS-ADPCM codeword
+** Encode a linear 16-bit pcm sample into a 2, 3, or 4 bit NMS-ADPCM codeword
** using and updating the predictor state.
*/
static uint8_t
nms_adpcm_encode_sample (struct nms_adpcm_state *s, int16_t sl)
{ /* Variable names from ITU G.726 spec */
- int d ;
+ int_fast32_t d ;
uint8_t I ;
/* Down scale the sample from 16 => ~14 bits. */
- sl = (sl * 0x1fdf) / 0x7fff ;
+ sl = ((int_fast32_t) sl * 0x1fdf) / 0x7fff ;
/* Compute estimate, and delta from actual value */
nms_adpcm_update (s) ;
@@ -407,7 +406,7 @@ nms_adpcm_encode_sample (struct nms_adpc
*/
static int16_t
nms_adpcm_decode_sample (struct nms_adpcm_state *s, uint8_t I)
-{ int sl ;
+{ int_fast32_t sl ;
nms_adpcm_update (s) ;
sl = nms_adpcm_reconstruct_sample (s, I) ;
@@ -1091,7 +1090,7 @@ nms_adpcm_init (SF_PRIVATE *psf)
else
pnms->blocks_total = psf->datalength / (pnms->shortsperblock * sizeof (short)) ;
- psf->sf.frames = pnms->blocks_total * NMS_SAMPLES_PER_BLOCK ;
+ psf->sf.frames = (sf_count_t) pnms->blocks_total * NMS_SAMPLES_PER_BLOCK ;
psf->codec_close = nms_adpcm_close ;
psf->seek = nms_adpcm_seek ;
diff -up libsndfile-1.0.31/src/pcm.c.pullrequest979 libsndfile-1.0.31/src/pcm.c
--- libsndfile-1.0.31/src/pcm.c.pullrequest979 2021-01-23 17:12:45.000000000 +0100
+++ libsndfile-1.0.31/src/pcm.c 2023-11-01 23:24:06.796851043 +0100
@@ -127,7 +127,7 @@ pcm_init (SF_PRIVATE *psf)
diff -up libsndfile-1.0.28/src/pcm.c.pullrequest979 libsndfile-1.0.28/src/pcm.c
--- libsndfile-1.0.28/src/pcm.c.pullrequest979 2017-04-02 08:33:16.000000000 +0200
+++ libsndfile-1.0.28/src/pcm.c 2023-11-01 23:49:50.247623119 +0100
@@ -125,7 +125,7 @@ pcm_init (SF_PRIVATE *psf)
return SFE_INTERNAL ;
} ;
@ -532,9 +318,9 @@ diff -up libsndfile-1.0.31/src/pcm.c.pullrequest979 libsndfile-1.0.31/src/pcm.c
if ((SF_CODEC (psf->sf.format)) == SF_FORMAT_PCM_S8)
chars = SF_CHARS_SIGNED ;
diff -up libsndfile-1.0.31/src/rf64.c.pullrequest979 libsndfile-1.0.31/src/rf64.c
--- libsndfile-1.0.31/src/rf64.c.pullrequest979 2020-10-04 12:00:49.000000000 +0200
+++ libsndfile-1.0.31/src/rf64.c 2023-11-01 23:24:06.797851053 +0100
diff -up libsndfile-1.0.28/src/rf64.c.pullrequest979 libsndfile-1.0.28/src/rf64.c
--- libsndfile-1.0.28/src/rf64.c.pullrequest979 2023-11-01 23:49:50.229622935 +0100
+++ libsndfile-1.0.28/src/rf64.c 2023-11-01 23:49:50.248623129 +0100
@@ -242,7 +242,7 @@ rf64_read_header (SF_PRIVATE *psf, int *
} ;
} ;
@ -544,9 +330,9 @@ diff -up libsndfile-1.0.31/src/rf64.c.pullrequest979 libsndfile-1.0.31/src/rf64.
psf_log_printf (psf, " Riff size : %D (should be %D)\n", riff_size, psf->filelength - 8) ;
else
psf_log_printf (psf, " Riff size : %D\n", riff_size) ;
diff -up libsndfile-1.0.31/src/sds.c.pullrequest979 libsndfile-1.0.31/src/sds.c
--- libsndfile-1.0.31/src/sds.c.pullrequest979 2020-10-04 12:00:49.000000000 +0200
+++ libsndfile-1.0.31/src/sds.c 2023-11-01 23:24:06.797851053 +0100
diff -up libsndfile-1.0.28/src/sds.c.pullrequest979 libsndfile-1.0.28/src/sds.c
--- libsndfile-1.0.28/src/sds.c.pullrequest979 2017-04-01 09:18:02.000000000 +0200
+++ libsndfile-1.0.28/src/sds.c 2023-11-01 23:49:50.248623129 +0100
@@ -454,7 +454,7 @@ sds_2byte_read (SF_PRIVATE *psf, SDS_PRI
ucptr = psds->read_data + 5 ;

133
SOURCES/libsndfile-1.2.2-cve-2024-50612.patch
Unescape View File

@ -1,19 +1,7 @@
From 4755f5bd7854611d92ad0f1295587b439f9950ba Mon Sep 17 00:00:00 2001
From: Arthur Taylor <art@ified.ca>
Date: Fri, 15 Nov 2024 19:46:53 -0800
Subject: [PATCH] src/ogg: better error checking for vorbis. Fixes #1035
---
src/ogg.c | 12 ++--
src/ogg_opus.c | 17 +++--
src/ogg_vorbis.c | 170 ++++++++++++++++++++++++++---------------------
3 files changed, 114 insertions(+), 85 deletions(-)
diff --git a/src/ogg.c b/src/ogg.c
index 529941af..e2d679d4 100644
--- a/src/ogg.c
+++ b/src/ogg.c
@@ -211,12 +211,16 @@ ogg_read_first_page (SF_PRIVATE *psf, OGG_PRIVATE *odata)
diff -up libsndfile-1.0.28/src/ogg.c.cve-2024-50612 libsndfile-1.0.28/src/ogg.c
--- libsndfile-1.0.28/src/ogg.c.cve-2024-50612 2024-11-25 23:52:41.158759323 +0100
+++ libsndfile-1.0.28/src/ogg.c 2024-11-25 23:53:45.520411291 +0100
@@ -46,12 +46,16 @@ static int ogg_page_classify (SF_PRIVATE
int
ogg_write_page (SF_PRIVATE *psf, ogg_page *page)
@ -33,77 +21,21 @@ index 529941af..e2d679d4 100644
+ return n ;
} /* ogg_write_page */
sf_count_t
diff --git a/src/ogg_opus.c b/src/ogg_opus.c
index 511653ec..e01224b9 100644
--- a/src/ogg_opus.c
+++ b/src/ogg_opus.c
@@ -827,15 +827,16 @@ ogg_opus_write_header (SF_PRIVATE *psf, int UNUSED (calc_length))
/* The first page MUST only contain the header, so flush it out now */
ogg_stream_packetin (&odata->ostream, &op) ;
- for ( ; (nn = ogg_stream_flush (&odata->ostream, &odata->opage)) ; )
- { if (! (nn = ogg_write_page (psf, &odata->opage)))
+ while (ogg_stream_flush (&odata->ostream, &odata->opage))
+ { nn = ogg_write_page (psf, &odata->opage) ;
+ if (nn < 0)
{ psf_log_printf (psf, "Opus : Failed to write header!\n") ;
if (psf->error)
return psf->error ;
return SFE_INTERNAL ;
} ;
psf->dataoffset += nn ;
- }
+ } ;
/*
** Metadata Tags (manditory)
@@ -850,15 +851,16 @@ ogg_opus_write_header (SF_PRIVATE *psf, int UNUSED (calc_length))
vorbiscomment_write_tags (psf, &op, &opustags_ident, opus_get_version_string (), - (OGG_OPUS_COMMENT_PAD)) ;
op.packetno = 2 ;
ogg_stream_packetin (&odata->ostream, &op) ;
- for ( ; (nn = ogg_stream_flush (&odata->ostream, &odata->opage)) ; )
- { if (! (nn = ogg_write_page (psf, &odata->opage)))
+ while (ogg_stream_flush (&odata->ostream, &odata->opage))
+ { nn = ogg_write_page (psf, &odata->opage) ;
+ if (nn < 0)
{ psf_log_printf (psf, "Opus : Failed to write comments!\n") ;
if (psf->error)
return psf->error ;
return SFE_INTERNAL ;
} ;
psf->dataoffset += nn ;
- }
+ } ;
return 0 ;
} /* ogg_opus_write_header */
@@ -1126,7 +1126,8 @@ ogg_opus_write_out (SF_PRIVATE *psf, OGG_PRIVATE *odata, OPUS_PRIVATE *oopus)
*/
oopus->u.encode.last_segments -= odata->opage.header [26] ;
oopus->pg_pos = oopus->pkt_pos ;
- ogg_write_page (psf, &odata->opage) ;
+ if (ogg_write_page (psf, &odata->opage) < 0)
+ return -1 ;
}
else
break ;
diff --git a/src/ogg_vorbis.c b/src/ogg_vorbis.c
index add12396..fae252ca 100644
--- a/src/ogg_vorbis.c
+++ b/src/ogg_vorbis.c
@@ -78,26 +78,6 @@ typedef struct
int
diff -up libsndfile-1.0.28/src/ogg_vorbis.c.cve-2024-50612 libsndfile-1.0.28/src/ogg_vorbis.c
--- libsndfile-1.0.28/src/ogg_vorbis.c.cve-2024-50612 2024-11-25 23:52:41.156759303 +0100
+++ libsndfile-1.0.28/src/ogg_vorbis.c 2024-11-26 00:01:45.724339005 +0100
@@ -76,25 +76,6 @@
#include "ogg.h"
-typedef int convert_func (SF_PRIVATE *psf, int, void *, int, int, float **) ;
-
-static int vorbis_read_header (SF_PRIVATE *psf) ;
-static int vorbis_read_header (SF_PRIVATE *psf, int log_data) ;
-static int vorbis_write_header (SF_PRIVATE *psf, int calc_length) ;
-static int vorbis_close (SF_PRIVATE *psf) ;
-static int vorbis_command (SF_PRIVATE *psf, int command, void *data, int datasize) ;
-static int vorbis_byterate (SF_PRIVATE *psf) ;
-static sf_count_t vorbis_calculate_page_duration (SF_PRIVATE *psf) ;
-static sf_count_t vorbis_seek (SF_PRIVATE *psf, int mode, sf_count_t offset) ;
-static sf_count_t vorbis_read_s (SF_PRIVATE *psf, short *ptr, sf_count_t len) ;
-static sf_count_t vorbis_read_i (SF_PRIVATE *psf, int *ptr, sf_count_t len) ;
@ -114,23 +46,22 @@ index add12396..fae252ca 100644
-static sf_count_t vorbis_write_f (SF_PRIVATE *psf, const float *ptr, sf_count_t len) ;
-static sf_count_t vorbis_write_d (SF_PRIVATE *psf, const double *ptr, sf_count_t len) ;
-static sf_count_t vorbis_read_sample (SF_PRIVATE *psf, void *ptr, sf_count_t lens, convert_func *transfn) ;
-static int vorbis_rnull (SF_PRIVATE *psf, int samples, void *vptr, int off , int channels, float **pcm) ;
-static sf_count_t vorbis_length (SF_PRIVATE *psf) ;
-
typedef struct
{ int id ;
const char *name ;
@@ -145,6 +123,43 @@ typedef struct
sf_count_t last_page ;
@@ -129,6 +110,42 @@ typedef struct
double quality ;
} VORBIS_PRIVATE ;
+typedef int convert_func (SF_PRIVATE *psf, int, void *, int, int, float **) ;
+
+static int vorbis_read_header (SF_PRIVATE *psf) ;
+static int vorbis_read_header (SF_PRIVATE *psf, int log_data) ;
+static int vorbis_write_header (SF_PRIVATE *psf, int calc_length) ;
+static int vorbis_close (SF_PRIVATE *psf) ;
+static int vorbis_command (SF_PRIVATE *psf, int command, void *data, int datasize) ;
+static int vorbis_byterate (SF_PRIVATE *psf) ;
+static sf_count_t vorbis_calculate_page_duration (SF_PRIVATE *psf) ;
+static sf_count_t vorbis_seek (SF_PRIVATE *psf, int mode, sf_count_t offset) ;
+static sf_count_t vorbis_read_s (SF_PRIVATE *psf, short *ptr, sf_count_t len) ;
+static sf_count_t vorbis_read_i (SF_PRIVATE *psf, int *ptr, sf_count_t len) ;
@ -141,8 +72,8 @@ index add12396..fae252ca 100644
+static sf_count_t vorbis_write_f (SF_PRIVATE *psf, const float *ptr, sf_count_t len) ;
+static sf_count_t vorbis_write_d (SF_PRIVATE *psf, const double *ptr, sf_count_t len) ;
+static sf_count_t vorbis_read_sample (SF_PRIVATE *psf, void *ptr, sf_count_t lens, convert_func *transfn) ;
+static sf_count_t vorbis_length (SF_PRIVATE *psf) ;
+static int vorbis_write_samples (SF_PRIVATE *psf, OGG_PRIVATE *odata, VORBIS_PRIVATE *vdata, int in_frames) ;
+static int vorbis_rnull (SF_PRIVATE *psf, int samples, void *vptr, int off , int channels, float **pcm) ;
+static void vorbis_log_error (SF_PRIVATE *psf, int error) ;
+
+
@ -161,9 +92,9 @@ index add12396..fae252ca 100644
+} ;
+
static int
vorbis_read_header (SF_PRIVATE *psf)
{ OGG_PRIVATE *odata = (OGG_PRIVATE *) psf->container_data ;
@@ -380,7 +397,6 @@ vorbis_write_header (SF_PRIVATE *psf, int UNUSED (calc_length))
vorbis_read_header (SF_PRIVATE *psf, int log_data)
{
@@ -412,7 +429,6 @@ vorbis_write_header (SF_PRIVATE *psf, in
{ ogg_packet header ;
ogg_packet header_comm ;
ogg_packet header_code ;
@ -171,7 +102,7 @@ index add12396..fae252ca 100644
vorbis_analysis_headerout (&vdata->vdsp, &vdata->vcomment, &header, &header_comm, &header_code) ;
ogg_stream_packetin (&odata->ostream, &header) ; /* automatically placed in its own page */
@@ -390,9 +406,9 @@ vorbis_write_header (SF_PRIVATE *psf, int UNUSED (calc_length))
@@ -422,9 +438,9 @@ vorbis_write_header (SF_PRIVATE *psf, in
/* This ensures the actual
* audio data will start on a new page, as per spec
*/
@ -184,7 +115,7 @@ index add12396..fae252ca 100644
}
return 0 ;
@@ -402,6 +418,7 @@ static int
@@ -434,6 +450,7 @@ static int
vorbis_close (SF_PRIVATE *psf)
{ OGG_PRIVATE* odata = psf->container_data ;
VORBIS_PRIVATE *vdata = psf->codec_data ;
@ -192,7 +123,7 @@ index add12396..fae252ca 100644
if (odata == NULL || vdata == NULL)
return 0 ;
@@ -412,34 +429,14 @@ vorbis_close (SF_PRIVATE *psf)
@@ -444,34 +461,14 @@ vorbis_close (SF_PRIVATE *psf)
if (psf->file.mode == SFM_WRITE)
{
if (psf->write_current <= 0)
@ -234,7 +165,7 @@ index add12396..fae252ca 100644
/* ogg_page and ogg_packet structs always point to storage in
libvorbis. They are never freed or manipulated directly */
@@ -449,7 +446,7 @@ vorbis_close (SF_PRIVATE *psf)
@@ -481,7 +478,7 @@ vorbis_close (SF_PRIVATE *psf)
vorbis_comment_clear (&vdata->vcomment) ;
vorbis_info_clear (&vdata->vinfo) ;
@ -243,7 +174,7 @@ index add12396..fae252ca 100644
} /* vorbis_close */
int
@@ -688,33 +685,40 @@ vorbis_read_d (SF_PRIVATE *psf, double *ptr, sf_count_t lens)
@@ -750,33 +747,40 @@ vorbis_read_d (SF_PRIVATE *psf, double *
/*==============================================================================
*/
@ -295,7 +226,7 @@ index add12396..fae252ca 100644
/* This could be set above, but for illustrative purposes, I do
** it here (to show that vorbis does know where the stream ends) */
@@ -726,9 +726,15 @@
@@ -784,16 +788,22 @@ vorbis_write_samples (SF_PRIVATE *psf, O
odata->eos = 1 ;
} ;
} ;
@ -309,9 +240,8 @@ index add12396..fae252ca 100644
+
+ return 0 ;
} /* vorbis_write_data */
@@ -735,7 +740,7 @@
static sf_count_t
vorbis_write_s (SF_PRIVATE *psf, const short *ptr, sf_count_t lens)
{
@ -320,7 +250,7 @@ index add12396..fae252ca 100644
OGG_PRIVATE *odata = (OGG_PRIVATE *) psf->container_data ;
VORBIS_PRIVATE *vdata = (VORBIS_PRIVATE *) psf->codec_data ;
int in_frames = lens / psf->sf.channels ;
@@ -740,14 +750,17 @@ vorbis_write_s (SF_PRIVATE *psf, const short *ptr, sf_count_t lens)
@@ -802,14 +812,17 @@ vorbis_write_s (SF_PRIVATE *psf, const s
for (m = 0 ; m < psf->sf.channels ; m++)
buffer [m][i] = (float) (ptr [j++]) / 32767.0f ;
@ -340,7 +270,7 @@ index add12396..fae252ca 100644
OGG_PRIVATE *odata = (OGG_PRIVATE *) psf->container_data ;
VORBIS_PRIVATE *vdata = (VORBIS_PRIVATE *) psf->codec_data ;
int in_frames = lens / psf->sf.channels ;
@@ -756,14 +769,17 @@ vorbis_write_i (SF_PRIVATE *psf, const int *ptr, sf_count_t lens)
@@ -818,14 +831,17 @@ vorbis_write_i (SF_PRIVATE *psf, const i
for (m = 0 ; m < psf->sf.channels ; m++)
buffer [m][i] = (float) (ptr [j++]) / 2147483647.0f ;
@ -360,7 +290,7 @@ index add12396..fae252ca 100644
OGG_PRIVATE *odata = (OGG_PRIVATE *) psf->container_data ;
VORBIS_PRIVATE *vdata = (VORBIS_PRIVATE *) psf->codec_data ;
int in_frames = lens / psf->sf.channels ;
@@ -772,14 +788,17 @@ vorbis_write_f (SF_PRIVATE *psf, const float *ptr, sf_count_t lens)
@@ -834,14 +850,17 @@ vorbis_write_f (SF_PRIVATE *psf, const f
for (m = 0 ; m < psf->sf.channels ; m++)
buffer [m][i] = ptr [j++] ;
@ -380,7 +310,7 @@ index add12396..fae252ca 100644
OGG_PRIVATE *odata = (OGG_PRIVATE *) psf->container_data ;
VORBIS_PRIVATE *vdata = (VORBIS_PRIVATE *) psf->codec_data ;
int in_frames = lens / psf->sf.channels ;
@@ -788,7 +807,10 @@ vorbis_write_d (SF_PRIVATE *psf, const double *ptr, sf_count_t lens)
@@ -850,7 +869,10 @@ vorbis_write_d (SF_PRIVATE *psf, const d
for (m = 0 ; m < psf->sf.channels ; m++)
buffer [m][i] = (float) ptr [j++] ;
@ -392,6 +322,3 @@ index add12396..fae252ca 100644
return lens ;
} /* vorbis_write_d */
--
2.47.0

37
SOURCES/revert.patch
Unescape View File

@ -0,0 +1,37 @@
--- libsndfile-1.0.28/src/rf64.c 2017-04-02 09:43:22.000000000 +0200
+++ libsndfile-1.0.27/src/rf64.c 2016-04-01 23:08:53.000000000 +0200
@@ -735,25 +734,27 @@ rf64_write_header (SF_PRIVATE *psf, int
#endif
- pad_size = psf->dataoffset - 16 - psf->header.indx ;
- if (pad_size >= 0)
- psf_binheader_writef (psf, "m4z", PAD_MARKER, pad_size, make_size_t (pad_size)) ;
+ if (psf->header.indx + 8 < psf->dataoffset)
+ { /* Add PAD data if necessary. */
+ int k = psf->dataoffset - 16 - psf->header.indx ;
+ psf_binheader_writef (psf, "m4z", PAD_MARKER, k, make_size_t (k)) ;
+ } ;
if (wpriv->rf64_downgrade && (psf->filelength < RIFF_DOWNGRADE_BYTES))
psf_binheader_writef (psf, "tm8", data_MARKER, psf->datalength) ;
else
psf_binheader_writef (psf, "m4", data_MARKER, 0xffffffff) ;
- psf_fwrite (psf->header.ptr, psf->header.indx, 1, psf) ;
+ psf_fwrite (psf->header.ptr, psf->header.indx, 1, psf) ;
if (psf->error)
return psf->error ;
- if (has_data && psf->dataoffset != psf->header.indx)
- { psf_log_printf (psf, "Oooops : has_data && psf->dataoffset != psf->header.indx\n") ;
+ if (has_data && psf->dataoffset != psf->header.indx)
+ { psf_log_printf (psf, "Oooops : has_data && psf->dataoffset != psf->header.indx\n") ;
return psf->error = SFE_INTERNAL ;
} ;
- psf->dataoffset = psf->header.indx ;
+ psf->dataoffset = psf->header.indx ;
if (NOT (has_data))
psf_fseek (psf, psf->dataoffset, SEEK_SET) ;

134
SPECS/libsndfile.spec
Unescape View File

@ -1,33 +1,39 @@
Summary: Library for reading and writing sound files
Name: libsndfile
Version: 1.0.31
Release: 8%{?dist}.2
Version: 1.0.28
Release: 16%{?dist}
License: LGPLv2+ and GPLv2+ and BSD
URL: http://libsndfile.github.io/libsndfile/
Source0: https://github.com/libsndfile/libsndfile/releases/download/%{version}/libsndfile-%{version}.tar.bz2
Group: System Environment/Libraries
URL: http://www.mega-nerd.com/libsndfile/
Source0: http://www.mega-nerd.com/libsndfile/files/libsndfile-%{version}.tar.gz
Patch0: libsndfile-1.0.25-system-gsm.patch
Patch1: libsndfile-1.0.25-zerodivfix.patch
# from upstream, for <= 1.0.31, rhbz#1985029
Patch2: libsndfile-1.0.31-deb669ee.patch
# from upstream, fix #2030508, for <= 1.0.31
Patch3: libsndfile-1.0.31-ced91d7b.patch
# from upstream, fix #RHEL-3751, for <= 1.2.2
Patch4: libsndfile-1.0.31-pullrequest979.patch
Patch2: revert.patch
Patch3: libsndfile-1.0.28-flacbufovfl.patch
Patch4: libsndfile-1.0.29-cve2017_6892.patch
#libsndfile-1.0.29-cve2017_6892.patch
# from upstream, for <= 1.0.28, rhbz#1483140
Patch5: libsndfile-1.0.28-cve2017_12562.patch
Patch6: libsndfile-1.0.28-fixfree.patch
Patch7: libsndfile-1.0.28-vafix.patch
Patch8: libsndfile-1.0.28-CVE_2018_13139.patch
Patch9: libsndfile-1.0.28-cve_2018_19662.patch
# from upstream, for <= 1.0.31, rhbz#1985028
Patch10: libsndfile-1.0.31-deb669ee.patch
Patch11: libsndfile-1.0.31-ced91d7b.patch
# from upstream, fix #RHEL-3750, for <= 1.2.2
Patch12: libsndfile-1.0.31-pullrequest979.patch
# from upstream, for <= 1.2.2, #RHEL-65095
Patch5: libsndfile-1.2.2-cve-2024-50612.patch
BuildRequires: gcc-c++
Patch13: libsndfile-1.0.28-cve-2024-50612prereq.patch
Patch14: libsndfile-1.2.2-cve-2024-50612.patch
BuildRequires: alsa-lib-devel
BuildRequires: flac-devel
BuildRequires: gcc
BuildRequires: libogg-devel
BuildRequires: libvorbis-devel
BuildRequires: pkgconfig
BuildRequires: sqlite-devel
BuildRequires: gsm-devel
BuildRequires: libtool
BuildRequires: make
BuildRequires: python3
BuildRequires: opus-devel
%description
@ -40,6 +46,7 @@ compiles and runs on *nix, MacOS, and Win32.
%package devel
Summary: Development files for libsndfile
Group: Development/Libraries
Requires: %{name}%{?_isa} = %{version}-%{release} pkgconfig
@ -51,6 +58,7 @@ This package contains files needed to develop with libsndfile.
%package utils
Summary: Command Line Utilities for libsndfile
Group: Applications/Multimedia
Requires: %{name} = %{version}-%{release}
@ -62,14 +70,22 @@ This package contains command line utilities for libsndfile.
%prep
%setup -q
%patch -P 0 -p1 -b .system-gsm
rm -r src/GSM610
# TODO: check if this patch is still needed
%patch -P 0 -p1 -b .systemgsm
%patch -P 1 -p1 -b .zerodivfix
%patch -P 2 -p1 -b .deb669ee
%patch -P 3 -p1 -b .ced91d7b
%patch -P 4 -p1 -b .pullrequest979
%patch -P 5 -p1 -b .cve-2024-50612
%patch -P 2 -p1 -b .revert
%patch -P 3 -p1 -b .flacbufovfl
%patch -P 4 -p1 -b .cve2017_6892
%patch -P 5 -p1 -b .cve2017_12562
%patch -P 6 -p1 -b .fixfree
%patch -P 7 -p1 -b .vafix
%patch -P 8 -p1 -b .CVE_2018_13139
%patch -P 9 -p1 -b .cve_2018_19662
%patch -P 10 -p1 -b .deb669ee
%patch -P 11 -p1 -b .ced91d7b
%patch -P 12 -p1 -b .pullrequest979
%patch -P 13 -p1 -b .cve-2024-50612prereq
%patch -P 14 -p1 -b .cve-2024-50612
rm -r src/GSM610
%build
autoreconf -I M4 -fiv # for system-gsm patch
@ -84,11 +100,11 @@ autoreconf -I M4 -fiv # for system-gsm patch
sed -i 's|^hardcode_libdir_flag_spec=.*|hardcode_libdir_flag_spec=""|g' libtool
sed -i 's|^runpath_var=LD_RUN_PATH|runpath_var=DIE_RPATH_DIE|g' libtool
%make_build
make %{?_smp_mflags}
%install
%make_install
make install DESTDIR=$RPM_BUILD_ROOT
rm -rf __docs
mkdir __docs
cp -pR $RPM_BUILD_ROOT%{_docdir}/%{name}/* __docs
@ -120,7 +136,9 @@ rm -f %{buildroot}%{_bindir}/sndfile-jackplay
LD_LIBRARY_PATH=$PWD/src/.libs make check
%ldconfig_scriptlets
%post -p /sbin/ldconfig
%postun -p /sbin/ldconfig
%files
@ -139,6 +157,7 @@ LD_LIBRARY_PATH=$PWD/src/.libs make check
%{_bindir}/sndfile-metadata-get
%{_bindir}/sndfile-metadata-set
%{_bindir}/sndfile-play
%{_bindir}/sndfile-regtest
%{_bindir}/sndfile-salvage
%{_mandir}/man1/sndfile-cmp.1*
%{_mandir}/man1/sndfile-concat.1*
@ -161,58 +180,33 @@ LD_LIBRARY_PATH=$PWD/src/.libs make check
%changelog
* Wed Nov 20 2024 Michal Hlavinka <mhlavink@redhat.com> - 1.0.31-8.2
- add missing patch (#RHEL-65095)
* Tue Nov 19 2024 Michal Hlavinka <mhlavink@redhat.com> - 1.0.31-8.1
- fix crash in ogg vorbis (#RHEL-65096) (CVE-2024-50612)
* Wed Nov 01 2023 Michal Hlavinka <mhlavink@redhat.com> - 1.0.31-8
- fix integer overflows causing CVE-2022-33065 (#RHEL-3751)
* Wed Jan 12 2022 Michal Hlavinka <mhlavink@redhat.com> - 1.0.31-7
- fix heap buffer overflow in flac (#2030508)
* Wed Aug 11 2021 Michal Hlavinka <mhlavink@redhat.com> - 1.0.31-6
- a crafted wav file could cause heap buffer overflow that allowed an arbitrary code execution(#1985029)
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com>
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com>
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
* Mon Feb 22 2021 Michal Hlavinka <mhlavink@redhat.com> - 1.0.31-3
- add opus-devel BR to satisfy configure requirements check (#1931251)
* Mon Jul 13 2020 Tom Stellard <tstellar@redhat.com> - 1.0.31-2
- Use make macros
- https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro
* Tue Nov 26 2024 Michal Hlavinka <mhlavink@redhat.com> - 1.0.28-16
- fix prerequisit patch (#RHEL-65093)
* Wed Jan 27 2021 Michal Hlavinka <mhlavink@redhat.com> - 1.0.31-1
- updated to 1.0.31
* Wed Nov 20 2024 Michal Hlavinka <mhlavink@redhat.com> - 1.0.28-15
- fix crash in ogg vorbis (#RHEL-65093) (CVE-2024-50612)
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.28-14
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Wed Nov 01 2023 Michal Hlavinka <mhlavink@redhat.com> - 1.0.28-14
- fix integer overflows causing CVE-2022-33065 (#RHEL-3750)
* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.28-13
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Fri Oct 14 2022 Michal Hlavinka <mhlavink@redhat.com> - 1.0.28-13
- rebuild (#2118285)
* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.28-12
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Wed Jan 12 2022 Michal Hlavinka <mhlavink@redhat.com> - 1.0.28-12
- fix heap buffer overflow in flac (#2030507)
* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.28-11
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Mon Jul 26 2021 Michal Hlavinka <mhlavink@redhat.com> - 1.0.28-11
- a crafted wav file could cause heap buffer overflow that allowed an arbitrary code execution(#1985028)
* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.28-10
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Wed Nov 20 2019 Michal Hlavinka <mhlavink@redhat.com> - 1.0.28-10
- fix CVE-2018-19661 and CVE-2018-19662 - buffer over-read in the function
i2alaw_array in alaw (#1673085)
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.28-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Wed Oct 30 2019 Michal Hlavinka <mhlavink@redhat.com> - 1.0.28-9
- fix CVE-2018-13139 - stack-based buffer overflow in sndfile-deinterleave utility (#1598482)
* Wed Mar 07 2018 Michal Hlavinka <mhlavink@redhat.com> - 1.0.28-8
- add gcc buildrequire
* Mon Oct 15 2018 Michal Hlavinka <mhlavink@redhat.com> - 1.0.28-8
- fix coverity scan found issues (#1602592)
* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.0.28-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild

Write Preview
Loading…
Cancel
Save