[libsndfile/el5] we need some dependencies for prev. patch

Michal Hlavinka mhlavink at fedoraproject.org
Thu Jul 14 13:38:57 UTC 2011 

commit beddd35e08e62c9007cec3ff39a1a81cdc02547d
Author: Michal Hlavinka <mhlavink at redhat.com>
Date:   Thu Jul 14 15:38:39 2011 +0200

    we need some dependencies for prev. patch

 libsndfile-1.0.17-r1305,1610.patch |   91 ++++++++++++++++++++++++++++++++++++
 libsndfile-1.0.17-r1610.patch      |   56 ----------------------
 libsndfile.spec                    |    2 +-
 3 files changed, 92 insertions(+), 57 deletions(-)
---
diff --git a/libsndfile-1.0.17-r1305,1610.patch b/libsndfile-1.0.17-r1305,1610.patch
new file mode 100644
index 0000000..ec7015e
--- /dev/null
+++ b/libsndfile-1.0.17-r1305,1610.patch
@@ -0,0 +1,91 @@
+diff -U0 libsndfile-1.0.17/ChangeLog.r1610 libsndfile-1.0.17/ChangeLog
+--- libsndfile-1.0.17/ChangeLog.r1610	2006-08-31 11:39:36.000000000 +0200
++++ libsndfile-1.0.17/ChangeLog	2011-07-14 15:20:10.566469047 +0200
+@@ -0,0 +1,11 @@
++2011-07-05  Erik de Castro Lopo  <erikd AT mega-nerd DOT com>
++
++    * src/paf.c src/common.h src/sndfile.c
++    Fix for Secunia Advisory SA45125, heap overflow (heap gets overwritten with
++    byte value of 0) due to integer overflow if PAF file handler.
++
++2009-03-15  Erik de Castro Lopo  <erikd AT mega-nerd DOT com>
++
++    * src/common.h src/caf.c src/sndfile.c
++    Add SF_MAX_CHANNELS (set to 256) and use it.
++
+diff -up libsndfile-1.0.17/src/caf.c.r1610 libsndfile-1.0.17/src/caf.c
+--- libsndfile-1.0.17/src/caf.c.r1610	2011-07-14 15:20:10.550468873 +0200
++++ libsndfile-1.0.17/src/caf.c	2011-07-14 15:20:10.567469058 +0200
+@@ -282,7 +282,7 @@ caf_read_header (SF_PRIVATE *psf)
+ 			"  Frames / packet  : %u\n  Channels / frame : %u\n  Bits / channel   : %u\n",
+ 			desc.fmt_id, desc.fmt_flags, desc.pkt_bytes, desc.pkt_frames, desc.channels_per_frame, desc.bits_per_chan) ;
+ 
+-	if (desc.channels_per_frame > 200)
++	if (desc.channels_per_frame > SF_MAX_CHANNELS)
+ 	{       psf_log_printf (psf, "**** Bad channels per frame value %u.\n", desc.channels_per_frame) ;
+ 		return SFE_MALFORMED_FILE ;
+ 		} ;
+diff -up libsndfile-1.0.17/src/common.h.r1610 libsndfile-1.0.17/src/common.h
+--- libsndfile-1.0.17/src/common.h.r1610	2006-08-31 11:22:07.000000000 +0200
++++ libsndfile-1.0.17/src/common.h	2011-07-14 15:20:10.568469068 +0200
+@@ -75,6 +75,8 @@
+ #define		SF_MAX(a,b)		((a) > (b) ? (a) : (b))
+ #define		SF_MIN(a,b)		((a) < (b) ? (a) : (b))
+ 
++#define		SF_MAX_CHANNELS	256
++
+ enum
+ {	/* PEAK chunk location. */
+ 	SF_PEAK_START		= 42,
+@@ -454,6 +456,7 @@ enum
+ 	SFE_PAF_VERSION,
+ 	SFE_PAF_UNKNOWN_FORMAT,
+ 	SFE_PAF_SHORT_HEADER,
++	SFE_PAF_BAD_CHANNELS,
+ 
+ 	SFE_SVX_NO_FORM,
+ 	SFE_SVX_NO_BODY,
+diff -up libsndfile-1.0.17/src/paf.c.r1610 libsndfile-1.0.17/src/paf.c
+--- libsndfile-1.0.17/src/paf.c.r1610	2006-08-31 11:22:07.000000000 +0200
++++ libsndfile-1.0.17/src/paf.c	2011-07-14 15:20:10.559468971 +0200
+@@ -163,6 +163,9 @@ paf_read_header	(SF_PRIVATE *psf)
+ {	PAF_FMT		paf_fmt ;
+ 	int			marker ;
+ 
++	if (psf->filelength < PAF_HEADER_LENGTH)
++		return SFE_PAF_SHORT_HEADER ;
++
+ 	memset (&paf_fmt, 0, sizeof (paf_fmt)) ;
+ 	psf_binheader_readf (psf, "pm", 0, &marker) ;
+ 
+@@ -199,8 +202,8 @@ paf_read_header	(SF_PRIVATE *psf)
+ 		psf->endian = SF_ENDIAN_BIG ;
+ 		} ;
+ 
+-	if (psf->filelength < PAF_HEADER_LENGTH)
+-		return SFE_PAF_SHORT_HEADER ;
++	if (paf_fmt.channels > SF_MAX_CHANNELS)
++		return SFE_PAF_BAD_CHANNELS ;
+ 
+ 	psf->datalength = psf->filelength - psf->dataoffset ;
+ 
+diff -up libsndfile-1.0.17/src/sndfile.c.r1610 libsndfile-1.0.17/src/sndfile.c
+--- libsndfile-1.0.17/src/sndfile.c.r1610	2006-08-31 11:22:07.000000000 +0200
++++ libsndfile-1.0.17/src/sndfile.c	2011-07-14 15:20:10.571469100 +0200
+@@ -146,6 +146,7 @@ ErrorStruct SndfileErrors [] =
+ 	{	SFE_PAF_VERSION			, "Error in PAF file, bad version." },
+ 	{	SFE_PAF_UNKNOWN_FORMAT	, "Error in PAF file, unknown format." },
+ 	{	SFE_PAF_SHORT_HEADER	, "Error in PAF file. File shorter than minimal header." },
++	{	SFE_PAF_BAD_CHANNELS	, "Error in PAF file. Bad channel count." },
+ 
+ 	{	SFE_SVX_NO_FORM			, "Error in 8SVX / 16SV file, no 'FORM' marker." },
+ 	{	SFE_SVX_NO_BODY			, "Error in 8SVX / 16SV file, no 'BODY' marker." },
+@@ -560,7 +561,7 @@ sf_format_check	(const SF_INFO *info)
+ 	** Return 0 on failure, 1 ons success.
+ 	*/
+ 
+-	if (info->channels < 1 || info->channels > 256)
++	if (info->channels < 1 || info->channels > SF_MAX_CHANNELS)
+ 		return 0 ;
+ 
+ 	if (info->samplerate < 0)
diff --git a/libsndfile.spec b/libsndfile.spec
index 57f3093..64c1762 100644
--- a/libsndfile.spec
+++ b/libsndfile.spec
@@ -17,7 +17,7 @@ Patch2:		libsndfile-1.0.17-channels-per-frame-overflow.patch
 Patch3:		voc-aiff-patch-1.0.17.diff
 
 #from upstream, for libsndfile < 1.0.25, crash by overflow with some PAF files (#721239)
-Patch4:         libsndfile-1.0.17-r1610.patch
+Patch4:         libsndfile-1.0.17-r1305,1610.patch
 
 BuildRoot:	%{_tmppath}/%{name}-%{version}-%{release}-buildroot-%(%{__id_u} -n)

More information about the scm-commits mailing list