packages/libsndfile
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!49 [sync] PR-41: backport CVE-2022-33063

Browse Source 
From: @openeuler-sync-bot 
Reviewed-by: @yang_yanchao 
Signed-off-by: @yang_yanchao
This commit is contained in:
openeuler-ci-bot 2024-05-31 06:43:30 +00:00 committed by Gitee
commit 958adb4460
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
2 changed files with 48 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
0001-mat4-mat5-fix-int-overflow-in-dataend-calculation.patch Normal file
View File

@ -0,0 +1,43 @@
From 0754562e13d2e63a248a1c82f90b30bc0ffe307c Mon Sep 17 00:00:00 2001
From: Alex Stewart <alex.stewart@ni.com>
Date: Tue, 10 Oct 2023 16:10:34 -0400
Subject: [PATCH] mat4/mat5: fix int overflow in dataend calculation
The clang sanitizer warns of a possible signed integer overflow when
calculating the `dataend` value in `mat4_read_header()`.
```
src/mat4.c:323:41: runtime error: signed integer overflow: 205 * -100663296 cannot be represented in type 'int'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior src/mat4.c:323:41 in
src/mat4.c:323:48: runtime error: signed integer overflow: 838860800 * 4 cannot be represented in type 'int'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior src/mat4.c:323:48 in
```
Cast the offending `rows` and `cols` ints to `sf_count_t` (the type of
`dataend` before performing the calculation, to avoid the issue.
CVE: CVE-2022-33065
Fixes: https://github.com/libsndfile/libsndfile/issues/789
Fixes: https://github.com/libsndfile/libsndfile/issues/833
Signed-off-by: Alex Stewart <alex.stewart@ni.com>
---
src/mat4.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/mat4.c b/src/mat4.c
index 0b1b414b..575683ba 100644
--- a/src/mat4.c
+++ b/src/mat4.c
@@ -320,7 +320,7 @@ mat4_read_header (SF_PRIVATE *psf)
psf->filelength - psf->dataoffset, psf->sf.channels * psf->sf.frames * psf->bytewidth) ;
}
else if ((psf->filelength - psf->dataoffset) > psf->sf.channels * psf->sf.frames * psf->bytewidth)
- psf->dataend = psf->dataoffset + rows * cols * psf->bytewidth ;
+ psf->dataend = psf->dataoffset + (sf_count_t) rows * (sf_count_t) cols * psf->bytewidth ;
psf->datalength = psf->filelength - psf->dataoffset - psf->dataend ;
--
2.33.0

6
libsndfile.spec
View File

@ -1,6 +1,6 @@
Name: libsndfile
Version: 1.0.31
Release: 3
Release: 4
Summary: Library for reading and writing sound files
License: LGPLv2+ and GPLv2+ and BSD
URL: http://libsndfile.github.io/libsndfile
@ -13,6 +13,7 @@ BuildRequires: opus-devel
Patch1: 0001-CVE-2021-3246.patch
Patch2: 0002-CVE-2021-4156.patch
Patch3: 0001-mat4-mat5-fix-int-overflow-in-dataend-calculation.patch
%description
Libsndfile is a C library for reading and writing files containing
@ -117,6 +118,9 @@ LD_LIBRARY_PATH=$PWD/src/.libs make check
%{_mandir}/man1/sndfile-salvage.1*
%changelog
* Wed Nov 15 2023 EulerOSWander <314264452@qq.com> - 1.0.31-4
- libsndfile:fix CVE-2022-33065
* Mon Sep 11 2023 penghaitao <htpengc@isoftstone.com> - 1.0.31-3
- Add opus-devel to satisfy configure requirements check