|
- Description: fixed yet another buffer read overflow in FLAC code
- CVE-2017-8362
- Author: Erik de Castro Lopo
- Origin: upstream
- Applied-Upstream: https://github.com/erikd/libsndfile/commit/ef1dbb2df1c0e741486646de40bd638a9c4cd808
- Last-Update: 2017-05-28
- ---
- This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
- --- libsndfile.orig/src/flac.c
- +++ libsndfile/src/flac.c
- @@ -169,6 +169,14 @@
- const int32_t* const *buffer = pflac->wbuffer ;
- unsigned i = 0, j, offset, channels, len ;
-
- + if (psf->sf.channels != (int) frame->header.channels)
- + { psf_log_printf (psf, "Error: FLAC frame changed from %d to %d channels\n"
- + "Nothing to do but to error out.\n" ,
- + psf->sf.channels, frame->header.channels) ;
- + psf->error = SFE_FLAC_CHANNEL_COUNT_CHANGED ;
- + return 0 ;
- + } ;
- +
- /*
- ** frame->header.blocksize is variable and we're using a constant blocksize
- ** of FLAC__MAX_BLOCK_SIZE.
- @@ -202,7 +210,6 @@
- return 0 ;
- } ;
-
- -
- len = SF_MIN (pflac->len, frame->header.blocksize) ;
-
- if (pflac->remain % channels != 0)
- @@ -436,7 +443,7 @@
- { case FLAC__METADATA_TYPE_STREAMINFO :
- if (psf->sf.channels > 0 && psf->sf.channels != (int) metadata->data.stream_info.channels)
- { psf_log_printf (psf, "Error: FLAC stream changed from %d to %d channels\n"
- - "Nothing to be but to error out.\n" ,
- + "Nothing to do but to error out.\n" ,
- psf->sf.channels, metadata->data.stream_info.channels) ;
- psf->error = SFE_FLAC_CHANNEL_COUNT_CHANGED ;
- return ;
|
