diff --git a/fix-memory-leak-on-opening-corrupted-files.patch b/fix-memory-leak-on-opening-corrupted-files.patch new file mode 100644 index 0000000..2f95ee2 --- /dev/null +++ b/fix-memory-leak-on-opening-corrupted-files.patch @@ -0,0 +1,21 @@ +commit cba2f967ebcc7e15d0f33e4219a1e04e2a6fc41e +Author: David Bryant +Date: Sun Dec 8 12:06:19 2019 -0800 + + fix possible memory leak on opening corrupted files + +diff --git a/src/open_utils.c b/src/open_utils.c +index 170c6eb..dfb7cf6 100644 +--- a/src/open_utils.c ++++ b/src/open_utils.c +@@ -177,6 +177,11 @@ WavpackContext *WavpackOpenFileInputEx64 (WavpackStreamReader64 *reader, void *w + return WavpackCloseFile (wpc); + } + ++ if (!wps->wphdr.block_samples) { // free blockbuff if we're going to loop again ++ free (wps->blockbuff); ++ wps->blockbuff = NULL; ++ } ++ + wps->init_done = TRUE; + } diff --git a/wavpack.spec b/wavpack.spec index 49521cc..fc285b0 100644 --- a/wavpack.spec +++ b/wavpack.spec @@ -1,6 +1,6 @@ Name: wavpack Version: 5.1.0 -Release: 11 +Release: 12 Summary: Hybrid Lossless Wavefile Compressor License: BSD Url: http://www.wavpack.com/ @@ -14,6 +14,7 @@ Patch0004: wavpack-0005-issue-30-issue-31-issue-32-no-multiple-format-chunk Patch0005: wavpack-CVE-2019-11498.patch # make sure sample rate is specified and non-zero in DFF files Patch0006: CVE-2018-19841.patch +Patch0007: fix-memory-leak-on-opening-corrupted-files.patch Patch6000: CVE-2018-19840.patch BuildRequires: autoconf automake libtool @@ -72,6 +73,12 @@ autoreconf -ivf %{_mandir}/man1/*.1* %changelog +* Sat May 14 2020 lutianxiong - 5.1.0-12 +- Type:bugfix +- ID:NA +- SUG:NA +- Fix memory leak on opening corrupted files + * Sat Mar 14 2020 wangzhishun - 5.1.0-11 - Make sure sample rate is specified and non-zero in DFF files - Fix potential out-of-bounds heap read