Date: Saturday, August 12, 2017 @ 21:40:33
  Author: jgc
Revision: 301990

upgpkg: audiofile 0.3.6-4

Switch to HTTPS
Use SHA256
Fix https://security.archlinux.org/AVG-205 security issues using Debian 
patches. Also fixes CVE-2015-7747 which is not listed in the AVG ticket

Added:
  audiofile/trunk/01_gcc6.patch
  audiofile/trunk/03_CVE-2015-7747.patch
  audiofile/trunk/04_clamp-index-values-to-fix-index-overflow-in-IMA.cpp.patch
  audiofile/trunk/05_Always-check-the-number-of-coefficients.patch
  
audiofile/trunk/06_Check-for-multiplication-overflow-in-MSADPCM-decodeSam.patch
  audiofile/trunk/07_Check-for-multiplication-overflow-in-sfconvert.patch
  
audiofile/trunk/08_Fix-signature-of-multiplyCheckOverflow.-It-returns-a-b.patch
  audiofile/trunk/09_Actually-fail-when-error-occurs-in-parseFormat.patch
  audiofile/trunk/10_Check-for-division-by-zero-in-BlockCodec-runPull.patch
Modified:
  audiofile/trunk/PKGBUILD

-----------------------------------------------------------------+
 01_gcc6.patch                                                   |  102 ++++++
 03_CVE-2015-7747.patch                                          |  156 
++++++++++
 04_clamp-index-values-to-fix-index-overflow-in-IMA.cpp.patch    |   33 ++
 05_Always-check-the-number-of-coefficients.patch                |   30 +
 06_Check-for-multiplication-overflow-in-MSADPCM-decodeSam.patch |  116 +++++++
 07_Check-for-multiplication-overflow-in-sfconvert.patch         |   66 ++++
 08_Fix-signature-of-multiplyCheckOverflow.-It-returns-a-b.patch |   35 ++
 09_Actually-fail-when-error-occurs-in-parseFormat.patch         |   36 ++
 10_Check-for-division-by-zero-in-BlockCodec-runPull.patch       |   21 +
 PKGBUILD                                                        |   39 ++
 10 files changed, 630 insertions(+), 4 deletions(-)

Added: 01_gcc6.patch
===================================================================
--- 01_gcc6.patch                               (rev 0)
+++ 01_gcc6.patch       2017-08-12 21:40:33 UTC (rev 301990)
@@ -0,0 +1,102 @@
+Description: Fix FTBFS with GCC 6
+Author: Michael Schwendt <mschwe...@fedoraproject.org>
+Origin: vendor, https://github.com/mpruett/audiofile/pull/27
+Bug-Debian: https://bugs.debian.org/812055
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+
+--- a/libaudiofile/modules/SimpleModule.h
++++ b/libaudiofile/modules/SimpleModule.h
+@@ -123,7 +123,7 @@ struct signConverter
+       typedef typename IntTypes<Format>::UnsignedType UnsignedType;
+ 
+       static const int kScaleBits = (Format + 1) * CHAR_BIT - 1;
+-      static const int kMinSignedValue = -1 << kScaleBits;
++      static const int kMinSignedValue = 0-(1U<<kScaleBits);
+ 
+       struct signedToUnsigned : public std::unary_function<SignedType, 
UnsignedType>
+       {
+--- a/test/FloatToInt.cpp
++++ b/test/FloatToInt.cpp
+@@ -115,7 +115,7 @@ TEST_F(FloatToIntTest, Int16)
+               EXPECT_EQ(readData[i], expectedData[i]);
+ }
+ 
+-static const int32_t kMinInt24 = -1<<23;
++static const int32_t kMinInt24 = 0-(1U<<23);
+ static const int32_t kMaxInt24 = (1<<23) - 1;
+ 
+ TEST_F(FloatToIntTest, Int24)
+--- a/test/IntToFloat.cpp
++++ b/test/IntToFloat.cpp
+@@ -117,7 +117,7 @@ TEST_F(IntToFloatTest, Int16)
+               EXPECT_EQ(readData[i], expectedData[i]);
+ }
+ 
+-static const int32_t kMinInt24 = -1<<23;
++static const int32_t kMinInt24 = 0-(1U<<23);
+ static const int32_t kMaxInt24 = (1<<23) - 1;
+ 
+ TEST_F(IntToFloatTest, Int24)
+--- a/test/NeXT.cpp
++++ b/test/NeXT.cpp
+@@ -37,13 +37,13 @@
+ 
+ #include "TestUtilities.h"
+ 
+-const char kDataUnspecifiedLength[] =
++const signed char kDataUnspecifiedLength[] =
+ {
+       '.', 's', 'n', 'd',
+       0, 0, 0, 24, // offset of 24 bytes
+-      0xff, 0xff, 0xff, 0xff, // unspecified length
++      -1, -1, -1, -1, // unspecified length
+       0, 0, 0, 3, // 16-bit linear
+-      0, 0, 172, 68, // 44100 Hz
++      0, 0, -84, 68, // 44100 Hz (0xAC44)
+       0, 0, 0, 1, // 1 channel
+       0, 1,
+       0, 1,
+@@ -57,13 +57,13 @@ const char kDataUnspecifiedLength[] =
+       0, 55
+ };
+ 
+-const char kDataTruncated[] =
++const signed char kDataTruncated[] =
+ {
+       '.', 's', 'n', 'd',
+       0, 0, 0, 24, // offset of 24 bytes
+       0, 0, 0, 20, // length of 20 bytes
+       0, 0, 0, 3, // 16-bit linear
+-      0, 0, 172, 68, // 44100 Hz
++      0, 0, -84, 68, // 44100 Hz (0xAC44)
+       0, 0, 0, 1, // 1 channel
+       0, 1,
+       0, 1,
+@@ -152,13 +152,13 @@ TEST(NeXT, Truncated)
+       ASSERT_EQ(::unlink(testFileName.c_str()), 0);
+ }
+ 
+-const char kDataZeroChannels[] =
++const signed char kDataZeroChannels[] =
+ {
+       '.', 's', 'n', 'd',
+       0, 0, 0, 24, // offset of 24 bytes
+       0, 0, 0, 2, // 2 bytes
+       0, 0, 0, 3, // 16-bit linear
+-      0, 0, 172, 68, // 44100 Hz
++      0, 0, -84, 68, // 44100 Hz (0xAC44)
+       0, 0, 0, 0, // 0 channels
+       0, 1
+ };
+--- a/test/Sign.cpp
++++ b/test/Sign.cpp
+@@ -116,7 +116,7 @@ TEST_F(SignConversionTest, Int16)
+               EXPECT_EQ(readData[i], expectedData[i]);
+ }
+ 
+-static const int32_t kMinInt24 = -1<<23;
++static const int32_t kMinInt24 = 0-(1U<<23);
+ static const int32_t kMaxInt24 = (1<<23) - 1;
+ static const uint32_t kMaxUInt24 = (1<<24) - 1;
+ 

Added: 03_CVE-2015-7747.patch
===================================================================
--- 03_CVE-2015-7747.patch                              (rev 0)
+++ 03_CVE-2015-7747.patch      2017-08-12 21:40:33 UTC (rev 301990)
@@ -0,0 +1,156 @@
+Description: fix buffer overflow when changing both sample format and
+ number of channels
+Origin: https://github.com/mpruett/audiofile/pull/25
+Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/audiofile/+bug/1502721
+Bug-Debian: https://bugs.debian.org/801102
+
+--- a/libaudiofile/modules/ModuleState.cpp
++++ b/libaudiofile/modules/ModuleState.cpp
+@@ -402,7 +402,7 @@ status ModuleState::arrange(AFfilehandle
+               addModule(new Transform(outfc, in.pcm, out.pcm));
+ 
+       if (in.channelCount != out.channelCount)
+-              addModule(new ApplyChannelMatrix(infc, isReading,
++              addModule(new ApplyChannelMatrix(outfc, isReading,
+                       in.channelCount, out.channelCount,
+                       in.pcm.minClip, in.pcm.maxClip,
+                       track->channelMatrix));
+--- a/test/Makefile.am
++++ b/test/Makefile.am
+@@ -26,6 +26,7 @@ TESTS = \
+       VirtualFile \
+       floatto24 \
+       query2 \
++      sixteen-stereo-to-eight-mono \
+       sixteen-to-eight \
+       testchannelmatrix \
+       testdouble \
+@@ -139,6 +140,7 @@ printmarkers_SOURCES = printmarkers.c
+ printmarkers_LDADD = $(LIBAUDIOFILE) -lm
+ 
+ sixteen_to_eight_SOURCES = sixteen-to-eight.c TestUtilities.cpp 
TestUtilities.h
++sixteen_stereo_to_eight_mono_SOURCES = sixteen-stereo-to-eight-mono.c 
TestUtilities.cpp TestUtilities.h
+ 
+ testchannelmatrix_SOURCES = testchannelmatrix.c TestUtilities.cpp 
TestUtilities.h
+ 
+--- /dev/null
++++ b/test/sixteen-stereo-to-eight-mono.c
+@@ -0,0 +1,118 @@
++/*
++      Audio File Library
++
++      Copyright 2000, Silicon Graphics, Inc.
++
++      This program is free software; you can redistribute it and/or modify
++      it under the terms of the GNU General Public License as published by
++      the Free Software Foundation; either version 2 of the License, or
++      (at your option) any later version.
++
++      This program is distributed in the hope that it will be useful,
++      but WITHOUT ANY WARRANTY; without even the implied warranty of
++      MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++      GNU General Public License for more details.
++
++      You should have received a copy of the GNU General Public License along
++      with this program; if not, write to the Free Software Foundation, Inc.,
++      51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
++*/
++
++/*
++      sixteen-stereo-to-eight-mono.c
++
++      This program tests the conversion from 2-channel 16-bit integers to
++      1-channel 8-bit integers.
++*/
++
++#ifdef HAVE_CONFIG_H
++#include <config.h>
++#endif
++
++#include <stdint.h>
++#include <stdio.h>
++#include <stdlib.h>
++#include <string.h>
++#include <unistd.h>
++#include <limits.h>
++
++#include <audiofile.h>
++
++#include "TestUtilities.h"
++
++int main (int argc, char **argv)
++{
++      AFfilehandle file;
++      AFfilesetup setup;
++      int16_t frames16[] = {14298, 392, 3923, -683, 958, -1921};
++      int8_t frames8[] = {28, 6, -2};
++      int i, frameCount = 3;
++      int8_t byte;
++      AFframecount result;
++
++      setup = afNewFileSetup();
++
++      afInitFileFormat(setup, AF_FILE_WAVE);
++
++      afInitSampleFormat(setup, AF_DEFAULT_TRACK, AF_SAMPFMT_TWOSCOMP, 16);
++      afInitChannels(setup, AF_DEFAULT_TRACK, 2);
++
++      char *testFileName;
++      if (!createTemporaryFile("sixteen-to-eight", &testFileName))
++      {
++              fprintf(stderr, "Could not create temporary file.\n");
++              exit(EXIT_FAILURE);
++      }
++
++      file = afOpenFile(testFileName, "w", setup);
++      if (file == AF_NULL_FILEHANDLE)
++      {
++              fprintf(stderr, "could not open file for writing\n");
++              exit(EXIT_FAILURE);
++      }
++
++      afFreeFileSetup(setup);
++
++      afWriteFrames(file, AF_DEFAULT_TRACK, frames16, frameCount);
++
++      afCloseFile(file);
++
++      file = afOpenFile(testFileName, "r", AF_NULL_FILESETUP);
++      if (file == AF_NULL_FILEHANDLE)
++      {
++              fprintf(stderr, "could not open file for reading\n");
++              exit(EXIT_FAILURE);
++      }
++
++      afSetVirtualSampleFormat(file, AF_DEFAULT_TRACK, AF_SAMPFMT_TWOSCOMP, 
8);
++      afSetVirtualChannels(file, AF_DEFAULT_TRACK, 1);
++
++      for (i=0; i<frameCount; i++)
++      {
++              /* Read one frame. */
++              result = afReadFrames(file, AF_DEFAULT_TRACK, &byte, 1);
++
++              if (result != 1)
++                      break;
++
++              /* Compare the byte read with its precalculated value. */
++              if (memcmp(&byte, &frames8[i], 1) != 0)
++              {
++                      printf("error\n");
++                      printf("expected %d, got %d\n", frames8[i], byte);
++                      exit(EXIT_FAILURE);
++              }
++              else
++              {
++#ifdef DEBUG
++                      printf("got what was expected: %d\n", byte);
++#endif
++              }
++      }
++
++      afCloseFile(file);
++      unlink(testFileName);
++      free(testFileName);
++
++      exit(EXIT_SUCCESS);
++}

Added: 04_clamp-index-values-to-fix-index-overflow-in-IMA.cpp.patch
===================================================================
--- 04_clamp-index-values-to-fix-index-overflow-in-IMA.cpp.patch                
                (rev 0)
+++ 04_clamp-index-values-to-fix-index-overflow-in-IMA.cpp.patch        
2017-08-12 21:40:33 UTC (rev 301990)
@@ -0,0 +1,33 @@
+From: Antonio Larrosa <larr...@kde.org>
+Date: Mon, 6 Mar 2017 18:02:31 +0100
+Subject: clamp index values to fix index overflow in IMA.cpp
+
+This fixes #33
+(also reported at https://bugzilla.opensuse.org/show_bug.cgi?id=1026981
+and 
https://blogs.gentoo.org/ago/2017/02/20/audiofile-global-buffer-overflow-in-decodesample-ima-cpp/)
+---
+ libaudiofile/modules/IMA.cpp | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/libaudiofile/modules/IMA.cpp b/libaudiofile/modules/IMA.cpp
+index 7476d44..df4aad6 100644
+--- a/libaudiofile/modules/IMA.cpp
++++ b/libaudiofile/modules/IMA.cpp
+@@ -169,7 +169,7 @@ int IMA::decodeBlockWAVE(const uint8_t *encoded, int16_t 
*decoded)
+               if (encoded[1] & 0x80)
+                       m_adpcmState[c].previousValue -= 0x10000;
+ 
+-              m_adpcmState[c].index = encoded[2];
++              m_adpcmState[c].index = clamp(encoded[2], 0, 88);
+ 
+               *decoded++ = m_adpcmState[c].previousValue;
+ 
+@@ -210,7 +210,7 @@ int IMA::decodeBlockQT(const uint8_t *encoded, int16_t 
*decoded)
+                       predictor -= 0x10000;
+ 
+               state.previousValue = clamp(predictor, MIN_INT16, MAX_INT16);
+-              state.index = encoded[1] & 0x7f;
++              state.index = clamp(encoded[1] & 0x7f, 0, 88);
+               encoded += 2;
+ 
+               for (int n=0; n<m_framesPerPacket; n+=2)

Added: 05_Always-check-the-number-of-coefficients.patch
===================================================================
--- 05_Always-check-the-number-of-coefficients.patch                            
(rev 0)
+++ 05_Always-check-the-number-of-coefficients.patch    2017-08-12 21:40:33 UTC 
(rev 301990)
@@ -0,0 +1,30 @@
+From: Antonio Larrosa <larr...@kde.org>
+Date: Mon, 6 Mar 2017 12:51:22 +0100
+Subject: Always check the number of coefficients
+
+When building the library with NDEBUG, asserts are eliminated
+so it's better to always check that the number of coefficients
+is inside the array range.
+
+This fixes the 00191-audiofile-indexoob issue in #41
+---
+ libaudiofile/WAVE.cpp | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/libaudiofile/WAVE.cpp b/libaudiofile/WAVE.cpp
+index 9dd8511..0fc48e8 100644
+--- a/libaudiofile/WAVE.cpp
++++ b/libaudiofile/WAVE.cpp
+@@ -281,6 +281,12 @@ status WAVEFile::parseFormat(const Tag &id, uint32_t size)
+ 
+                       /* numCoefficients should be at least 7. */
+                       assert(numCoefficients >= 7 && numCoefficients <= 255);
++                      if (numCoefficients < 7 || numCoefficients > 255)
++                      {
++                              _af_error(AF_BAD_HEADER,
++                                              "Bad number of coefficients");
++                              return AF_FAIL;
++                      }
+ 
+                       m_msadpcmNumCoefficients = numCoefficients;
+ 

Added: 06_Check-for-multiplication-overflow-in-MSADPCM-decodeSam.patch
===================================================================
--- 06_Check-for-multiplication-overflow-in-MSADPCM-decodeSam.patch             
                (rev 0)
+++ 06_Check-for-multiplication-overflow-in-MSADPCM-decodeSam.patch     
2017-08-12 21:40:33 UTC (rev 301990)
@@ -0,0 +1,116 @@
+From: Antonio Larrosa <larr...@kde.org>
+Date: Mon, 6 Mar 2017 13:43:53 +0100
+Subject: Check for multiplication overflow in MSADPCM decodeSample
+
+Check for multiplication overflow (using __builtin_mul_overflow
+if available) in MSADPCM.cpp decodeSample and return an empty
+decoded block if an error occurs.
+
+This fixes the 00193-audiofile-signintoverflow-MSADPCM case of #41
+---
+ libaudiofile/modules/BlockCodec.cpp |  5 ++--
+ libaudiofile/modules/MSADPCM.cpp    | 47 +++++++++++++++++++++++++++++++++----
+ 2 files changed, 46 insertions(+), 6 deletions(-)
+
+diff --git a/libaudiofile/modules/BlockCodec.cpp 
b/libaudiofile/modules/BlockCodec.cpp
+index 45925e8..4731be1 100644
+--- a/libaudiofile/modules/BlockCodec.cpp
++++ b/libaudiofile/modules/BlockCodec.cpp
+@@ -52,8 +52,9 @@ void BlockCodec::runPull()
+       // Decompress into m_outChunk.
+       for (int i=0; i<blocksRead; i++)
+       {
+-              decodeBlock(static_cast<const uint8_t *>(m_inChunk->buffer) + i 
* m_bytesPerPacket,
+-                      static_cast<int16_t *>(m_outChunk->buffer) + i * 
m_framesPerPacket * m_track->f.channelCount);
++              if (decodeBlock(static_cast<const uint8_t *>(m_inChunk->buffer) 
+ i * m_bytesPerPacket,
++                      static_cast<int16_t *>(m_outChunk->buffer) + i * 
m_framesPerPacket * m_track->f.channelCount)==0)
++                      break;
+ 
+               framesRead += m_framesPerPacket;
+       }
+diff --git a/libaudiofile/modules/MSADPCM.cpp 
b/libaudiofile/modules/MSADPCM.cpp
+index 8ea3c85..ef9c38c 100644
+--- a/libaudiofile/modules/MSADPCM.cpp
++++ b/libaudiofile/modules/MSADPCM.cpp
+@@ -101,24 +101,60 @@ static const int16_t adaptationTable[] =
+       768, 614, 512, 409, 307, 230, 230, 230
+ };
+ 
++int firstBitSet(int x)
++{
++        int position=0;
++        while (x!=0)
++        {
++                x>>=1;
++                ++position;
++        }
++        return position;
++}
++
++#ifndef __has_builtin
++#define __has_builtin(x) 0
++#endif
++
++int multiplyCheckOverflow(int a, int b, int *result)
++{
++#if (defined __GNUC__ && __GNUC__ >= 5) || ( __clang__ && 
__has_builtin(__builtin_mul_overflow))
++      return __builtin_mul_overflow(a, b, result);
++#else
++      if (firstBitSet(a)+firstBitSet(b)>31) // int is signed, so we can't use 
32 bits
++              return true;
++      *result = a * b;
++      return false;
++#endif
++}
++
++
+ // Compute a linear PCM value from the given differential coded value.
+ static int16_t decodeSample(ms_adpcm_state &state,
+-      uint8_t code, const int16_t *coefficient)
++      uint8_t code, const int16_t *coefficient, bool *ok=NULL)
+ {
+       int linearSample = (state.sample1 * coefficient[0] +
+               state.sample2 * coefficient[1]) >> 8;
++      int delta;
+ 
+       linearSample += ((code & 0x08) ? (code - 0x10) : code) * state.delta;
+ 
+       linearSample = clamp(linearSample, MIN_INT16, MAX_INT16);
+ 
+-      int delta = (state.delta * adaptationTable[code]) >> 8;
++      if (multiplyCheckOverflow(state.delta, adaptationTable[code], &delta))
++      {
++                if (ok) *ok=false;
++              _af_error(AF_BAD_COMPRESSION, "Error decoding sample");
++              return 0;
++      }
++      delta >>= 8;
+       if (delta < 16)
+               delta = 16;
+ 
+       state.delta = delta;
+       state.sample2 = state.sample1;
+       state.sample1 = linearSample;
++      if (ok) *ok=true;
+ 
+       return static_cast<int16_t>(linearSample);
+ }
+@@ -212,13 +248,16 @@ int MSADPCM::decodeBlock(const uint8_t *encoded, int16_t 
*decoded)
+       {
+               uint8_t code;
+               int16_t newSample;
++              bool ok;
+ 
+               code = *encoded >> 4;
+-              newSample = decodeSample(*state[0], code, coefficient[0]);
++              newSample = decodeSample(*state[0], code, coefficient[0], &ok);
++              if (!ok) return 0;
+               *decoded++ = newSample;
+ 
+               code = *encoded & 0x0f;
+-              newSample = decodeSample(*state[1], code, coefficient[1]);
++              newSample = decodeSample(*state[1], code, coefficient[1], &ok);
++              if (!ok) return 0;
+               *decoded++ = newSample;
+ 
+               encoded++;

Added: 07_Check-for-multiplication-overflow-in-sfconvert.patch
===================================================================
--- 07_Check-for-multiplication-overflow-in-sfconvert.patch                     
        (rev 0)
+++ 07_Check-for-multiplication-overflow-in-sfconvert.patch     2017-08-12 
21:40:33 UTC (rev 301990)
@@ -0,0 +1,66 @@
+From: Antonio Larrosa <larr...@kde.org>
+Date: Mon, 6 Mar 2017 13:54:52 +0100
+Subject: Check for multiplication overflow in sfconvert
+
+Checks that a multiplication doesn't overflow when
+calculating the buffer size, and if it overflows,
+reduce the buffer size instead of failing.
+
+This fixes the 00192-audiofile-signintoverflow-sfconvert case
+in #41
+---
+ sfcommands/sfconvert.c | 34 ++++++++++++++++++++++++++++++++--
+ 1 file changed, 32 insertions(+), 2 deletions(-)
+
+diff --git a/sfcommands/sfconvert.c b/sfcommands/sfconvert.c
+index 80a1bc4..970a3e4 100644
+--- a/sfcommands/sfconvert.c
++++ b/sfcommands/sfconvert.c
+@@ -45,6 +45,33 @@ void printusage (void);
+ void usageerror (void);
+ bool copyaudiodata (AFfilehandle infile, AFfilehandle outfile, int trackid);
+ 
++int firstBitSet(int x)
++{
++        int position=0;
++        while (x!=0)
++        {
++                x>>=1;
++                ++position;
++        }
++        return position;
++}
++
++#ifndef __has_builtin
++#define __has_builtin(x) 0
++#endif
++
++int multiplyCheckOverflow(int a, int b, int *result)
++{
++#if (defined __GNUC__ && __GNUC__ >= 5) || ( __clang__ && 
__has_builtin(__builtin_mul_overflow))
++      return __builtin_mul_overflow(a, b, result);
++#else
++      if (firstBitSet(a)+firstBitSet(b)>31) // int is signed, so we can't use 
32 bits
++              return true;
++      *result = a * b;
++      return false;
++#endif
++}
++
+ int main (int argc, char **argv)
+ {
+       if (argc == 2)
+@@ -323,8 +350,11 @@ bool copyaudiodata (AFfilehandle infile, AFfilehandle 
outfile, int trackid)
+ {
+       int frameSize = afGetVirtualFrameSize(infile, trackid, 1);
+ 
+-      const int kBufferFrameCount = 65536;
+-      void *buffer = malloc(kBufferFrameCount * frameSize);
++      int kBufferFrameCount = 65536;
++      int bufferSize;
++      while (multiplyCheckOverflow(kBufferFrameCount, frameSize, &bufferSize))
++              kBufferFrameCount /= 2;
++      void *buffer = malloc(bufferSize);
+ 
+       AFframecount totalFrames = afGetFrameCount(infile, AF_DEFAULT_TRACK);
+       AFframecount totalFramesWritten = 0;

Added: 08_Fix-signature-of-multiplyCheckOverflow.-It-returns-a-b.patch
===================================================================
--- 08_Fix-signature-of-multiplyCheckOverflow.-It-returns-a-b.patch             
                (rev 0)
+++ 08_Fix-signature-of-multiplyCheckOverflow.-It-returns-a-b.patch     
2017-08-12 21:40:33 UTC (rev 301990)
@@ -0,0 +1,35 @@
+From: Antonio Larrosa <larr...@kde.org>
+Date: Fri, 10 Mar 2017 15:40:02 +0100
+Subject: Fix signature of multiplyCheckOverflow. It returns a bool, not an int
+
+---
+ libaudiofile/modules/MSADPCM.cpp | 2 +-
+ sfcommands/sfconvert.c           | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/libaudiofile/modules/MSADPCM.cpp 
b/libaudiofile/modules/MSADPCM.cpp
+index ef9c38c..d8c9553 100644
+--- a/libaudiofile/modules/MSADPCM.cpp
++++ b/libaudiofile/modules/MSADPCM.cpp
+@@ -116,7 +116,7 @@ int firstBitSet(int x)
+ #define __has_builtin(x) 0
+ #endif
+ 
+-int multiplyCheckOverflow(int a, int b, int *result)
++bool multiplyCheckOverflow(int a, int b, int *result)
+ {
+ #if (defined __GNUC__ && __GNUC__ >= 5) || ( __clang__ && 
__has_builtin(__builtin_mul_overflow))
+       return __builtin_mul_overflow(a, b, result);
+diff --git a/sfcommands/sfconvert.c b/sfcommands/sfconvert.c
+index 970a3e4..367f7a5 100644
+--- a/sfcommands/sfconvert.c
++++ b/sfcommands/sfconvert.c
+@@ -60,7 +60,7 @@ int firstBitSet(int x)
+ #define __has_builtin(x) 0
+ #endif
+ 
+-int multiplyCheckOverflow(int a, int b, int *result)
++bool multiplyCheckOverflow(int a, int b, int *result)
+ {
+ #if (defined __GNUC__ && __GNUC__ >= 5) || ( __clang__ && 
__has_builtin(__builtin_mul_overflow))
+       return __builtin_mul_overflow(a, b, result);

Added: 09_Actually-fail-when-error-occurs-in-parseFormat.patch
===================================================================
--- 09_Actually-fail-when-error-occurs-in-parseFormat.patch                     
        (rev 0)
+++ 09_Actually-fail-when-error-occurs-in-parseFormat.patch     2017-08-12 
21:40:33 UTC (rev 301990)
@@ -0,0 +1,36 @@
+From: Antonio Larrosa <larr...@kde.org>
+Date: Mon, 6 Mar 2017 18:59:26 +0100
+Subject: Actually fail when error occurs in parseFormat
+
+When there's an unsupported number of bits per sample or an invalid
+number of samples per block, don't only print an error message using
+the error handler, but actually stop parsing the file.
+
+This fixes #35 (also reported at
+https://bugzilla.opensuse.org/show_bug.cgi?id=1026983 and
+https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-imadecodeblockwave-ima-cpp/
+)
+---
+ libaudiofile/WAVE.cpp | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/libaudiofile/WAVE.cpp b/libaudiofile/WAVE.cpp
+index 0fc48e8..d04b796 100644
+--- a/libaudiofile/WAVE.cpp
++++ b/libaudiofile/WAVE.cpp
+@@ -332,6 +332,7 @@ status WAVEFile::parseFormat(const Tag &id, uint32_t size)
+                       {
+                               _af_error(AF_BAD_NOT_IMPLEMENTED,
+                                       "IMA ADPCM compression supports only 4 
bits per sample");
++                              return AF_FAIL;
+                       }
+ 
+                       int bytesPerBlock = (samplesPerBlock + 14) / 8 * 4 * 
channelCount;
+@@ -339,6 +340,7 @@ status WAVEFile::parseFormat(const Tag &id, uint32_t size)
+                       {
+                               _af_error(AF_BAD_CODEC_CONFIG,
+                                       "Invalid samples per block for IMA 
ADPCM compression");
++                              return AF_FAIL;
+                       }
+ 
+                       track->f.sampleWidth = 16;

Added: 10_Check-for-division-by-zero-in-BlockCodec-runPull.patch
===================================================================
--- 10_Check-for-division-by-zero-in-BlockCodec-runPull.patch                   
        (rev 0)
+++ 10_Check-for-division-by-zero-in-BlockCodec-runPull.patch   2017-08-12 
21:40:33 UTC (rev 301990)
@@ -0,0 +1,21 @@
+From: Antonio Larrosa <larr...@kde.org>
+Date: Thu, 9 Mar 2017 10:21:18 +0100
+Subject: Check for division by zero in BlockCodec::runPull
+
+---
+ libaudiofile/modules/BlockCodec.cpp | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/libaudiofile/modules/BlockCodec.cpp 
b/libaudiofile/modules/BlockCodec.cpp
+index 4731be1..eb2fb4d 100644
+--- a/libaudiofile/modules/BlockCodec.cpp
++++ b/libaudiofile/modules/BlockCodec.cpp
+@@ -47,7 +47,7 @@ void BlockCodec::runPull()
+ 
+       // Read the compressed data.
+       ssize_t bytesRead = read(m_inChunk->buffer, m_bytesPerPacket * 
blockCount);
+-      int blocksRead = bytesRead >= 0 ? bytesRead / m_bytesPerPacket : 0;
++      int blocksRead = (bytesRead >= 0 && m_bytesPerPacket > 0) ? bytesRead / 
m_bytesPerPacket : 0;
+ 
+       // Decompress into m_outChunk.
+       for (int i=0; i<blocksRead; i++)

Modified: PKGBUILD
===================================================================
--- PKGBUILD    2017-08-12 21:22:45 UTC (rev 301989)
+++ PKGBUILD    2017-08-12 21:40:33 UTC (rev 301990)
@@ -4,15 +4,46 @@
 
 pkgname=audiofile
 pkgver=0.3.6
-pkgrel=3
+pkgrel=4
 pkgdesc="Silicon Graphics Audio File Library"
 arch=('i686' 'x86_64')
-url="http://www.68k.org/~michael/audiofile/";
+url="https://audiofile.68k.org/";
 license=('LGPL')
 depends=('gcc-libs' 'alsa-lib' 'flac')
-source=("http://audiofile.68k.org/$pkgname-$pkgver.tar.gz";)
-md5sums=('2731d79bec0acef3d30d2fc86b0b72fd')
+source=("https://audiofile.68k.org/$pkgname-$pkgver.tar.gz";
+        01_gcc6.patch
+        03_CVE-2015-7747.patch
+        04_clamp-index-values-to-fix-index-overflow-in-IMA.cpp.patch
+        05_Always-check-the-number-of-coefficients.patch
+        06_Check-for-multiplication-overflow-in-MSADPCM-decodeSam.patch
+        07_Check-for-multiplication-overflow-in-sfconvert.patch
+        08_Fix-signature-of-multiplyCheckOverflow.-It-returns-a-b.patch
+        09_Actually-fail-when-error-occurs-in-parseFormat.patch
+        10_Check-for-division-by-zero-in-BlockCodec-runPull.patch)
+sha256sums=('cdc60df19ab08bfe55344395739bb08f50fc15c92da3962fac334d3bff116965'
+            'a1904603c0292e76530f635dfc1828fb4e0d9d13555581cad33c0200640f7a27'
+            'bcfc180708d089b5abe0ae1439809b5a4306a08917b0212c3d135e5ec56711f2'
+            '540c517828d5573ba7bc3fd9b3811f39f4ea0132011d348d22bdfc545e865a8e'
+            '1b55abeb867d66b7d3b7c34585e77e6d3656c6317b582c99f3280d37523c7718'
+            '7a464eb7521ae8deb67516309bb396caa93135dc62fbad7351e67923b1766423'
+            '2ed5cc3b57394ea33ad466ca9844b766e4cb91dd7b1e2b71deaf15cf881dbf51'
+            '257f157cf2cc8947e0f5be4bff2c4afddbe73643e9e39a83171dbea02f5d52f4'
+            '48deaaa07bfade35208edb9e22b4fe78f91470012414ddb26cd68f684c95e33d'
+            'f31d51ebd8f8e0bd076cd1bce34b210c4dbbd959ca9b87693ad86a6399c492a3')
 
+prepare() {
+  cd $pkgname-$pkgver
+  patch -Np1 -i ../01_gcc6.patch
+  patch -Np1 -i ../03_CVE-2015-7747.patch
+  patch -Np1 -i ../04_clamp-index-values-to-fix-index-overflow-in-IMA.cpp.patch
+  patch -Np1 -i ../05_Always-check-the-number-of-coefficients.patch
+  patch -Np1 -i 
../06_Check-for-multiplication-overflow-in-MSADPCM-decodeSam.patch
+  patch -Np1 -i ../07_Check-for-multiplication-overflow-in-sfconvert.patch
+  patch -Np1 -i 
../08_Fix-signature-of-multiplyCheckOverflow.-It-returns-a-b.patch
+  patch -Np1 -i ../09_Actually-fail-when-error-occurs-in-parseFormat.patch
+  patch -Np1 -i ../10_Check-for-division-by-zero-in-BlockCodec-runPull.patch
+}
+
 build() {
   cd "$srcdir/$pkgname-$pkgver"
 

Reply via email to