Changeset View
Changeset View
Standalone View
Standalone View
audio/libsndfile/files/patch-CVE-2017-8362
- This file was added.
| Property | Old Value | New Value |
|---|---|---|
| fbsd:nokeywords | null | yes \ No newline at end of property |
| svn:eol-style | null | native \ No newline at end of property |
| svn:mime-type | null | text/plain \ No newline at end of property |
| From ef1dbb2df1c0e741486646de40bd638a9c4cd808 Mon Sep 17 00:00:00 2001 | |||||
| From: Erik de Castro Lopo <erikd@mega-nerd.com> | |||||
| Date: Fri, 14 Apr 2017 15:19:16 +1000 | |||||
| Subject: [PATCH] src/flac.c: Fix a buffer read overflow | |||||
| A file (generated by a fuzzer) which increased the number of channels | |||||
| from one frame to the next could cause a read beyond the end of the | |||||
| buffer provided by libFLAC. Only option is to abort the read. | |||||
| Closes: https://github.com/erikd/libsndfile/issues/231 | |||||
| --- src/flac.c.orig 2017-04-01 09:40:45 UTC | |||||
| +++ src/flac.c | |||||
| @@ -169,6 +169,14 @@ flac_buffer_copy (SF_PRIVATE *psf) | |||||
| const int32_t* const *buffer = pflac->wbuffer ; | |||||
| unsigned i = 0, j, offset, channels, len ; | |||||
| + if (psf->sf.channels != (int) frame->header.channels) | |||||
| + { psf_log_printf (psf, "Error: FLAC frame changed from %d to %d channels\n" | |||||
| + "Nothing to do but to error out.\n" , | |||||
| + psf->sf.channels, frame->header.channels) ; | |||||
| + psf->error = SFE_FLAC_CHANNEL_COUNT_CHANGED ; | |||||
| + return 0 ; | |||||
| + } ; | |||||
| + | |||||
| /* | |||||
| ** frame->header.blocksize is variable and we're using a constant blocksize | |||||
| ** of FLAC__MAX_BLOCK_SIZE. | |||||
| @@ -202,7 +210,6 @@ flac_buffer_copy (SF_PRIVATE *psf) | |||||
| return 0 ; | |||||
| } ; | |||||
| - | |||||
| len = SF_MIN (pflac->len, frame->header.blocksize) ; | |||||
| if (pflac->remain % channels != 0) | |||||
| @@ -436,7 +443,7 @@ sf_flac_meta_callback (const FLAC__StreamDecoder * UNUSED (decoder), const FLAC_ | |||||
| { case FLAC__METADATA_TYPE_STREAMINFO : | |||||
| if (psf->sf.channels > 0 && psf->sf.channels != (int) metadata->data.stream_info.channels) | |||||
| { psf_log_printf (psf, "Error: FLAC stream changed from %d to %d channels\n" | |||||
| - "Nothing to be but to error out.\n" , | |||||
| + "Nothing to do but to error out.\n" , | |||||
| psf->sf.channels, metadata->data.stream_info.channels) ; | |||||
| psf->error = SFE_FLAC_CHANNEL_COUNT_CHANGED ; | |||||
| return ; | |||||