packages/fluidsynth
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!2 Fix CVE-2021-21417

Browse Source 
From: @wangxiao65
Reviewed-by: @small_leek
Signed-off-by: @small_leek
This commit is contained in:
openeuler-ci-bot 2021-05-13 22:26:19 +08:00 committed by Gitee
commit b2575f8a8f
4 changed files with 219 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

94
CVE-2021-21417-1.patch Normal file
View File

@ -0,0 +1,94 @@
From 67596a87731dc593551975ca0268a438ab7410a2 Mon Sep 17 00:00:00 2001
From: derselbst <tom.mbrt@googlemail.com>
Date: Sun, 14 Mar 2021 10:58:13 +0100
Subject: [PATCH] Invalid generator were not removed from list
fluid_list_remove() should receive the beginning of a list, so it can
adjust the predecessor of the ele
ment to be removed. Otherwise the element would remain in the list,
which in this case led to a use-aft
er-free afterwards.
---
src/sfloader/fluid_defsfont.c | 24 ++++++++++++++----------
1 file changed, 14 insertions(+), 10 deletions(-)
diff --git a/src/sfloader/fluid_defsfont.c b/src/sfloader/fluid_defsfont.c
index 0330de5..fc68d34 100644
--- a/src/sfloader/fluid_defsfont.c
+++ b/src/sfloader/fluid_defsfont.c
@@ -2706,7 +2706,7 @@ load_pmod (int size, SFData * sf, FILE * fd)
static int
load_pgen (int size, SFData * sf, FILE * fd)
{
- fluid_list_t *p, *p2, *p3, *dup, **hz = NULL;
+ fluid_list_t *p, *p2, *p3, *dup, **hz = NULL, *start_of_zone_list;
SFZone *z;
SFGen *g;
SFGenAmount genval;
@@ -2718,7 +2718,7 @@ load_pgen (int size, SFData * sf, FILE * fd)
{ /* traverse through all presets */
gzone = FALSE;
discarded = FALSE;
- p2 = ((SFPreset *) (p->data))->zone;
+ start_of_zone_list = p2 = ((SFPreset *) (p->data))->zone;
if (p2)
hz = &p2;
while (p2)
@@ -2828,12 +2828,14 @@ load_pgen (int size, SFData * sf, FILE * fd)
}
}
else
- { /* previous global zone exists, discard */
+ {
+ SFZone * pzone = fluid_list_get(p2);
+ /* previous global zone exists, discard */
FLUID_LOG (FLUID_WARN,
_("Preset \"%s\": Discarding invalid global zone"),
((SFPreset *) (p->data))->name);
- *hz = fluid_list_remove(*hz, p2->data);
- sfont_free_zone((SFZone *)fluid_list_get(p2));
+ *hz = fluid_list_remove(start_of_zone_list, pzone);
+ sfont_free_zone(pzone);
}
}
@@ -3058,7 +3060,7 @@ load_imod (int size, SFData * sf, FILE * fd)
static int
load_igen (int size, SFData * sf, FILE * fd)
{
- fluid_list_t *p, *p2, *p3, *dup, **hz = NULL;
+ fluid_list_t *p, *p2, *p3, *dup, **hz = NULL, *start_of_zone_list;
SFZone *z;
SFGen *g;
SFGenAmount genval;
@@ -3070,7 +3072,7 @@ load_igen (int size, SFData * sf, FILE * fd)
{ /* traverse through all instruments */
gzone = FALSE;
discarded = FALSE;
- p2 = ((SFInst *) (p->data))->zone;
+ start_of_zone_list = p2 = ((SFInst *) (p->data))->zone;
if (p2)
hz = &p2;
while (p2)
@@ -3179,12 +3181,14 @@ load_igen (int size, SFData * sf, FILE * fd)
}
}
else
- { /* previous global zone exists, discard */
+ {
+ SFZone * izone = fluid_list_get(p2);
+ /* previous global zone exists, discard */
FLUID_LOG (FLUID_WARN,
_("Instrument \"%s\": Discarding invalid global zone"),
((SFInst *) (p->data))->name);
- *hz = fluid_list_remove(*hz, p2->data);
- sfont_free_zone((SFZone *)fluid_list_get(p2));
+ *hz = fluid_list_remove(start_of_zone_list, izone);
+ sfont_free_zone(izone);
}
}
--
2.23.0

52
CVE-2021-21417-2.patch Normal file
View File

@ -0,0 +1,52 @@
From 6673a5f73c0484f8462b4b33860d2b1c68c24684 Mon Sep 17 00:00:00 2001
From: Tom M <tom.mbrt@googlemail.com>
Date: Sun, 14 Mar 2021 20:23:38 +0100
Subject: [PATCH] Update fluid_sffile.c
---
src/sfloader/fluid_defsfont.c | 14 ++++++++------
1 file changed, 8 insertions(+), 6 deletions(-)
diff --git a/src/sfloader/fluid_defsfont.c b/src/sfloader/fluid_defsfont.c
index fc68d34..9663a40 100644
--- a/src/sfloader/fluid_defsfont.c
+++ b/src/sfloader/fluid_defsfont.c
@@ -2829,13 +2829,14 @@ load_pgen (int size, SFData * sf, FILE * fd)
}
else
{
- SFZone * pzone = fluid_list_get(p2);
+ p2 = fluid_list_next(p2); /* advance to next zone before deleting the current list element */
/* previous global zone exists, discard */
FLUID_LOG (FLUID_WARN,
_("Preset \"%s\": Discarding invalid global zone"),
((SFPreset *) (p->data))->name);
- *hz = fluid_list_remove(start_of_zone_list, pzone);
- sfont_free_zone(pzone);
+ fluid_list_remove(start_of_zone_list, z);
+ sfont_free_zone(z);
+ continue;
}
}
@@ -3182,13 +3183,14 @@ load_igen (int size, SFData * sf, FILE * fd)
}
else
{
- SFZone * izone = fluid_list_get(p2);
+ p2 = fluid_list_next(p2); /* advance to next zone before deleting the current list element */
/* previous global zone exists, discard */
FLUID_LOG (FLUID_WARN,
_("Instrument \"%s\": Discarding invalid global zone"),
((SFInst *) (p->data))->name);
- *hz = fluid_list_remove(start_of_zone_list, izone);
- sfont_free_zone(izone);
+ fluid_list_remove(start_of_zone_list, z);
+ sfont_free_zone(z);
+ continue;
}
}
--
2.23.0

66
CVE-2021-21417-pre.patch Normal file
View File

@ -0,0 +1,66 @@
From f83c49d6fa7f1ec4818cb9e920e30adc827d28bf Mon Sep 17 00:00:00 2001
From: Marcus Weseloh <marcus@weseloh.cc>
Date: Wed, 4 Apr 2018 11:03:47 +0200
Subject: [PATCH] Remove sfont_zone_delete, replace with direct
invocations instead
---
src/sfloader/fluid_defsfont.c | 14 ++++----------
src/sfloader/fluid_defsfont.h | 2 --
2 files changed, 4 insertions(+), 12 deletions(-)
diff --git a/src/sfloader/fluid_defsfont.c b/src/sfloader/fluid_defsfont.c
index 231d248..0330de5 100644
--- a/src/sfloader/fluid_defsfont.c
+++ b/src/sfloader/fluid_defsfont.c
@@ -2832,7 +2832,8 @@ load_pgen (int size, SFData * sf, FILE * fd)
FLUID_LOG (FLUID_WARN,
_("Preset \"%s\": Discarding invalid global zone"),
((SFPreset *) (p->data))->name);
- sfont_zone_delete (sf, hz, (SFZone *) (p2->data));
+ *hz = fluid_list_remove(*hz, p2->data);
+ sfont_free_zone((SFZone *)fluid_list_get(p2));
}
}
@@ -3182,7 +3183,8 @@ load_igen (int size, SFData * sf, FILE * fd)
FLUID_LOG (FLUID_WARN,
_("Instrument \"%s\": Discarding invalid global zone"),
((SFInst *) (p->data))->name);
- sfont_zone_delete (sf, hz, (SFZone *) (p2->data));
+ *hz = fluid_list_remove(*hz, p2->data);
+ sfont_free_zone((SFZone *)fluid_list_get(p2));
}
}
@@ -3566,14 +3568,6 @@ sfont_preset_compare_func (void* a, void* b)
return (aval - bval);
}
-/* delete zone from zone list */
-void
-sfont_zone_delete (SFData * sf, fluid_list_t ** zlist, SFZone * zone)
-{
- *zlist = fluid_list_remove (*zlist, (void*) zone);
- sfont_free_zone (zone);
-}
-
/* Find generator in gen list */
fluid_list_t *
gen_inlist (int gen, fluid_list_t * genlist)
diff --git a/src/sfloader/fluid_defsfont.h b/src/sfloader/fluid_defsfont.h
index 0d5c6c0..d1ceac1 100644
--- a/src/sfloader/fluid_defsfont.h
+++ b/src/sfloader/fluid_defsfont.h
@@ -222,8 +222,6 @@ void sfont_close (SFData * sf);
void sfont_free_zone (SFZone * zone);
int sfont_preset_compare_func (void* a, void* b);
-void sfont_zone_delete (SFData * sf, fluid_list_t ** zlist, SFZone * zone);
-
fluid_list_t *gen_inlist (int gen, fluid_list_t * genlist);
int gen_valid (int gen);
int gen_validp (int gen);
--
2.23.0

8
fluidsynth.spec
View File

@ -1,12 +1,15 @@
Name: fluidsynth
Version: 1.1.11
Release: 3
Release: 4
Summary: Real-time software synthesizer
License: LGPLv2+
URL: http://www.fluidsynth.org/
Source0: https://github.com/Fluidsynth/fluidsynth/archive/v%{version}/fluidsynth-%{version}.tar.gz
Patch0000: fluidsynth-no_date_footer.patch
Patch0001: CVE-2021-21417-pre.patch
Patch0002: CVE-2021-21417-1.patch
Patch0003: CVE-2021-21417-2.patch
BuildRequires: alsa-lib-devel cmake dbus-devel gcc jack-audio-connection-kit-devel readline-devel
BuildRequires: ladspa-devel ncurses-devel libsndfile-devel pkgconfig pulseaudio-libs-devel doxygen
@ -63,5 +66,8 @@ make doxygen -C %{_target_platform}/doc
%doc NEWS README.md THANKS TODO doc/FluidSynth-LADSPA.pdf
%changelog
* Thu May 13 2021 wangxiao <wangxiao65@huawei.com> - 1.1.11-4
- Fix CVE-2021-21417
* Fri Nov 22 2019 sunguoshuai <sunguoshuai@huawei.com> - 1.1.11-3
- Package init.