Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package libsndfile for openSUSE:Factory
checked in at 2021-07-26 17:37:56
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/libsndfile (Old)
and /work/SRC/openSUSE:Factory/.libsndfile.new.1899 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libsndfile"
Mon Jul 26 17:37:56 2021 rev:60 rq:907974 version:1.0.31
Changes:
--------
--- /work/SRC/openSUSE:Factory/libsndfile/libsndfile.changes 2021-03-21
23:19:14.664716044 +0100
+++ /work/SRC/openSUSE:Factory/.libsndfile.new.1899/libsndfile.changes
2021-07-26 17:38:05.386094594 +0200
@@ -1,0 +2,7 @@
+Fri Jul 23 12:59:11 CEST 2021 - ti...@suse.de
+
+- Fix heap buffer overflow vulnerability in msadpcm_decode_block
+ (CVE-2021-3246, bsc#1188540):
+ ms_adpcm-Fix-and-extend-size-checks.patch
+
+-------------------------------------------------------------------
New:
----
ms_adpcm-Fix-and-extend-size-checks.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ libsndfile.spec ++++++
--- /var/tmp/diff_new_pack.URHAe2/_old 2021-07-26 17:38:08.234091171 +0200
+++ /var/tmp/diff_new_pack.URHAe2/_new 2021-07-26 17:38:08.238091166 +0200
@@ -29,6 +29,7 @@
Source2: %{name}.keyring
Source3: baselibs.conf
Patch34: sndfile-deinterlace-channels-check.patch
+Patch35: ms_adpcm-Fix-and-extend-size-checks.patch
# PATCH-FIX-OPENSUSE
Patch100: sndfile-ocloexec.patch
BuildRequires: cmake
++++++ ms_adpcm-Fix-and-extend-size-checks.patch ++++++
>From deb669ee8be55a94565f6f8a6b60890c2e7c6f32 Mon Sep 17 00:00:00 2001
From: bobsayshilol <bobsayshi...@live.co.uk>
Date: Thu, 18 Feb 2021 21:52:09 +0000
Subject: [PATCH] ms_adpcm: Fix and extend size checks
'blockalign' is the size of a block, and each block contains 7 samples
per channel as part of the preamble, so check against 'samplesperblock'
rather than 'blockalign'. Also add an additional check that the block
is big enough to hold the samples it claims to hold.
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26803
---
src/ms_adpcm.c | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/src/ms_adpcm.c b/src/ms_adpcm.c
index 5e8f1a316507..a21cb994105e 100644
--- a/src/ms_adpcm.c
+++ b/src/ms_adpcm.c
@@ -128,8 +128,14 @@ wavlike_msadpcm_init (SF_PRIVATE *psf, int
blockalign, int samplesperblock)
if (psf->file.mode == SFM_WRITE)
samplesperblock = 2 + 2 * (blockalign - 7 * psf->sf.channels) /
psf->sf.channels ;
- if (blockalign < 7 * psf->sf.channels)
- { psf_log_printf (psf, "*** Error blockalign (%d) should be >
%d.\n", blockalign, 7 * psf->sf.channels) ;
+ /* There's 7 samples per channel in the preamble of each block */
+ if (samplesperblock < 7 * psf->sf.channels)
+ { psf_log_printf (psf, "*** Error samplesperblock (%d) should be
>= %d.\n", samplesperblock, 7 * psf->sf.channels) ;
+ return SFE_INTERNAL ;
+ } ;
+
+ if (2 * blockalign < samplesperblock * psf->sf.channels)
+ { psf_log_printf (psf, "*** Error blockalign (%d) should be >=
%d.\n", blockalign, samplesperblock * psf->sf.channels / 2) ;
return SFE_INTERNAL ;
} ;
--
2.26.2
