Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package libsndfile for openSUSE:Factory checked in at 2023-10-20 23:16:05 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libsndfile (Old) and /work/SRC/openSUSE:Factory/.libsndfile.new.1945 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libsndfile" Fri Oct 20 23:16:05 2023 rev:65 rq:1119226 version:1.2.2 Changes: -------- --- /work/SRC/openSUSE:Factory/libsndfile/libsndfile-progs.changes 2023-03-08 14:52:07.694530864 +0100 +++ /work/SRC/openSUSE:Factory/.libsndfile.new.1945/libsndfile-progs.changes 2023-10-20 23:16:50.814694702 +0200 @@ -1,0 +2,12 @@ +Fri Oct 20 11:45:14 UTC 2023 - Takashi Iwai <ti...@suse.com> + +- Update to 1.2.1: + * Various bug fixes (issue #908, #907, #934, #950, #930) +- Update to 1.2.2: + * Fixed invalid regex in src/create_symbols_file.py + * Fixed passing null pointer to printf %s in tests +- Fix signed integers overflows in au_read_header() + (bsc#121345, CVE-2022-33065): + libsndfile-CVE-2022-33065.patch + +------------------------------------------------------------------- libsndfile.changes: same change Old: ---- libsndfile-1.2.0.tar.xz libsndfile-1.2.0.tar.xz.asc New: ---- libsndfile-1.2.2.tar.xz libsndfile-1.2.2.tar.xz.asc libsndfile-CVE-2022-33065.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libsndfile-progs.spec ++++++ --- /var/tmp/diff_new_pack.rJfJdj/_old 2023-10-20 23:16:51.490719368 +0200 +++ /var/tmp/diff_new_pack.rJfJdj/_new 2023-10-20 23:16:51.490719368 +0200 @@ -17,7 +17,7 @@ Name: libsndfile-progs -Version: 1.2.0 +Version: 1.2.2 Release: 0 Summary: Example Programs for libsndfile License: LGPL-2.1-or-later @@ -26,6 +26,7 @@ Source0: https://github.com/libsndfile/libsndfile/releases/download/%{version}/libsndfile-%{version}.tar.xz Source1: https://github.com/libsndfile/libsndfile/releases/download/%{version}/libsndfile-%{version}.tar.xz.asc Source2: libsndfile.keyring +Patch1: libsndfile-CVE-2022-33065.patch # PATCH-FIX-OPENSUSE Patch100: sndfile-ocloexec.patch BuildRequires: alsa-devel ++++++ libsndfile.spec ++++++ --- /var/tmp/diff_new_pack.rJfJdj/_old 2023-10-20 23:16:51.514720243 +0200 +++ /var/tmp/diff_new_pack.rJfJdj/_new 2023-10-20 23:16:51.514720243 +0200 @@ -18,7 +18,7 @@ %define lname %{name}1 Name: libsndfile -Version: 1.2.0 +Version: 1.2.2 Release: 0 Summary: Development/Libraries/C and C++ License: LGPL-2.1-or-later @@ -28,6 +28,7 @@ Source1: https://github.com/libsndfile/libsndfile/releases/download/%{version}/libsndfile-%{version}.tar.xz.asc Source2: libsndfile.keyring Source3: baselibs.conf +Patch1: libsndfile-CVE-2022-33065.patch # PATCH-FIX-OPENSUSE Patch100: sndfile-ocloexec.patch BuildRequires: cmake ++++++ libsndfile-1.2.0.tar.xz -> libsndfile-1.2.2.tar.xz ++++++ ++++ 1984 lines of diff (skipped) ++++ retrying with extended exclude list diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libsndfile-1.2.0/CHANGELOG.md new/libsndfile-1.2.2/CHANGELOG.md --- old/libsndfile-1.2.0/CHANGELOG.md 2022-12-25 12:32:44.000000000 +0100 +++ new/libsndfile-1.2.2/CHANGELOG.md 2023-08-13 11:20:17.000000000 +0200 @@ -5,6 +5,46 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). +## [1.2.2] - 2023-08-13 + +### Fixed + +* Fixed invalid regex in src/create_symbols_file.py +* Fixed passing null pointer to printf %s in tests + +## [1.2.1] - 2023-08-12 + +### Added + +* RISC OS support to `sndfile-play`, thanks @ccawley2011 +* Move semantics to `SndFileHandle` C++ class, thanks @haydaralaidrus + +### Fixed + +* Various typos, thanks @@uniontech-lilinjie +* Handling of absolute `CMAKE_INSTALL_LIBDIR`/`CMAKE_INSTALL_INCLUDEDIR`, thanks + @Staudey (issue #908) +* Add `localtime_s` support to `sndfile-metadata-set`, thanks @neheb (issue #907) +* Linking with CMake against `Ogg::ogg`, thanks @FtZPetruska +* CMake `mpg123` module handling bugs, thanks @FtZPetruska +* CMake dependencies handling, thanks @FtZPetruska +* Various `Ogg` & `Opus` format fixes, thanks @weiliang (issue #888) +* Redefining `ssize_t` when building with Autotools, thanks @ccawley2011 + (issue #934) +* Bug related to incorrect `realloc` use, thanks @Halmoni100 +* Style errors, thanks to @arthurt +* AIFF format related bugs, thanks to @arthurt +* Reading of MP3 files without Xing or INFO headers, thanks @arthurt +* Coding style of `src/mpeg_decode.c`, thanks @arthurt +* Various documentation types, thanks @luzpaz +* Intrinsics inclusion for MSVC and ARM64/ARM64EC, thanks @frysee +* `sf_open_fd`() regression, thanks @brentr (PR #950) +* WAV format related bug, thanks @magnus-nomono (issue #930) + +### Removed + +* Obsolete file `libsndfile.spec.in``, thanks @janstary + ## [1.2.0] - 2022-12-25 ### Fixed @@ -143,5 +183,8 @@ * Uninitialized variable in `psf_binheader_readf`(), thanks @shao-hua-li, credit to OSS-Fuzz ([issue 25364](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=25364)). -[Unreleased]: https://github.com/libsndfile/libsndfile/compare/1.1.0...HEAD +[Unreleased]: https://github.com/libsndfile/libsndfile/compare/1.2.2...HEAD +[1.2.2]: https://github.com/libsndfile/libsndfile/compare/1.2.1...1.2.2 +[1.2.1]: https://github.com/libsndfile/libsndfile/compare/1.2.0...1.2.1 +[1.2.0]: https://github.com/libsndfile/libsndfile/compare/1.1.0...1.2.0 [1.1.0]: https://github.com/libsndfile/libsndfile/compare/1.0.31...1.1.0 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libsndfile-1.2.0/CMakeLists.txt new/libsndfile-1.2.2/CMakeLists.txt --- old/libsndfile-1.2.0/CMakeLists.txt 2022-12-25 12:32:44.000000000 +0100 +++ new/libsndfile-1.2.2/CMakeLists.txt 2023-08-13 11:20:17.000000000 +0200 @@ -35,7 +35,7 @@ list (APPEND VCPKG_MANIFEST_FEATURES "regtest") endif () -project(libsndfile VERSION 1.2.0) +project(libsndfile VERSION 1.2.2) # # Variables @@ -180,7 +180,7 @@ DESCRIPTION "High quality MPEG Audio Layer III (MP3) encoder" PURPOSE "Enables MPEG layer III (MP3) writing support" ) -set_package_properties (MPG123 PROPERTIES +set_package_properties (mpg123 PROPERTIES TYPE RECOMMENDED URL "https://www.mpg123.de/"; DESCRIPTION "MPEG Audio Layer I/II/III decoder" @@ -224,8 +224,8 @@ set (prefix ${CMAKE_INSTALL_PREFIX}) set (exec_prefix "\$\{prefix\}") - set (libdir "\$\{prefix\}/${CMAKE_INSTALL_LIBDIR}") - set (includedir "\$\{prefix\}/${CMAKE_INSTALL_INCLUDEDIR}") + set (libdir "${CMAKE_INSTALL_FULL_LIBDIR}") + set (includedir "${CMAKE_INSTALL_FULL_INCLUDEDIR}") set (VERSION ${PROJECT_VERSION}) if (ENABLE_EXTERNAL_LIBS) set (EXTERNAL_XIPH_REQUIRE "flac ogg vorbis vorbisenc opus") @@ -391,6 +391,7 @@ target_link_libraries (sndfile PRIVATE $<$<BOOL:${LIBM_REQUIRED}>:m> + $<$<BOOL:${HAVE_EXTERNAL_XIPH_LIBS}>:Ogg::ogg> $<$<BOOL:${HAVE_EXTERNAL_XIPH_LIBS}>:Vorbis::vorbisenc> $<$<BOOL:${HAVE_EXTERNAL_XIPH_LIBS}>:FLAC::FLAC> $<$<AND:$<BOOL:${ENABLE_EXPERIMENTAL}>,$<BOOL:${HAVE_EXTERNAL_XIPH_LIBS}>,$<BOOL:${HAVE_SPEEX}>>:Speex::Speex> @@ -810,12 +811,20 @@ if (ENABLE_EXTERNAL_LIBS) set (SndFile_WITH_EXTERNAL_LIBS 1) + list (APPEND FIND_MODULES_INSTALL_LIST + ${CMAKE_CURRENT_LIST_DIR}/cmake/FindFLAC.cmake + ${CMAKE_CURRENT_LIST_DIR}/cmake/FindOgg.cmake + ${CMAKE_CURRENT_LIST_DIR}/cmake/FindOpus.cmake + ${CMAKE_CURRENT_LIST_DIR}/cmake/FindVorbis.cmake) else () set (SndFile_WITH_EXTERNAL_LIBS 0) endif () if(ENABLE_MPEG) set (SndFile_WITH_MPEG 1) + list (APPEND FIND_MODULES_INSTALL_LIST + ${CMAKE_CURRENT_LIST_DIR}/cmake/Findmpg123.cmake + ${CMAKE_CURRENT_LIST_DIR}/cmake/Findmp3lame.cmake) else () set (SndFile_WITH_MPEG 0) endif () @@ -847,6 +856,10 @@ DESTINATION ${CMAKE_INSTALL_PACKAGEDIR} ) + if (NOT BUILD_SHARED_LIBS AND FIND_MODULES_INSTALL_LIST) + file(COPY ${FIND_MODULES_INSTALL_LIST} DESTINATION ${CMAKE_CURRENT_BINARY_DIR}) + install(FILES ${FIND_MODULES_INSTALL_LIST} DESTINATION ${CMAKE_INSTALL_PACKAGEDIR}) + endif () else () install (TARGETS sndfile ${sdnfile_PROGRAMS} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libsndfile-1.2.0/Makefile.am new/libsndfile-1.2.2/Makefile.am --- old/libsndfile-1.2.0/Makefile.am 2022-11-24 15:04:49.000000000 +0100 +++ new/libsndfile-1.2.2/Makefile.am 2023-05-20 20:22:29.000000000 +0200 @@ -12,7 +12,7 @@ endif endif -EXTRA_DIST = libsndfile.spec.in sndfile.pc.in Scripts/android-configure.sh \ +EXTRA_DIST = sndfile.pc.in Scripts/android-configure.sh \ NEWS.OLD CHANGELOG.md Scripts/linux-to-win-cross-configure.sh \ CMakeLists.txt $(cmake_files) Win32 SECURITY.md @@ -24,7 +24,7 @@ cmake/TestLargeFiles.cmake cmake/TestInline.c.in \ cmake/FindOpus.cmake cmake/SndFileConfig.cmake.in \ cmake/CheckCPUArch.cmake cmake/CheckCPUArch.c.in \ - cmake/Findmp3lame.cmake cmake/FindMpg123.cmake \ + cmake/Findmp3lame.cmake cmake/Findmpg123.cmake \ cmake/SetupABIVersions.cmake pkgconfig_DATA = sndfile.pc diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libsndfile-1.2.0/NEWS.OLD new/libsndfile-1.2.2/NEWS.OLD --- old/libsndfile-1.2.0/NEWS.OLD 2021-05-17 11:12:28.000000000 +0200 +++ new/libsndfile-1.2.2/NEWS.OLD 2023-05-20 20:22:29.000000000 +0200 @@ -297,7 +297,7 @@ * Release candidate 1 for the 1.0.0 series. Version 0.0.28 (2002-04-27) - * Last offical release of 0.0.X series of the library. + * Last official release of 0.0.X series of the library. Version 0.0.8 (1999-02-16) - * First offical release. + * First official release. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libsndfile-1.2.0/README new/libsndfile-1.2.2/README --- old/libsndfile-1.2.0/README 2022-03-27 14:39:27.000000000 +0200 +++ new/libsndfile-1.2.2/README 2023-05-20 20:22:29.000000000 +0200 @@ -1,5 +1,3 @@ -This is libsndfile, 1.1.0 - libsndfile is a library of C routines for reading and writing files containing sampled audio data. @@ -26,7 +24,7 @@ LINUX ----- -Whereever possible, you should use the packages supplied by your Linux +Wherever possible, you should use the packages supplied by your Linux distribution. If you really do need to compile from source it should be as easy as: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libsndfile-1.2.0/SECURITY.md new/libsndfile-1.2.2/SECURITY.md --- old/libsndfile-1.2.0/SECURITY.md 2022-03-27 14:39:27.000000000 +0200 +++ new/libsndfile-1.2.2/SECURITY.md 2023-08-12 17:14:09.000000000 +0200 @@ -8,4 +8,4 @@ ## Reporting a Vulnerability -Please send report privately to evpo...@gmail.com, and include how would you like to be credited. +Please send report privately to evp...@gmail.com, and include how would you like to be credited. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libsndfile-1.2.0/cmake/FindMpg123.cmake new/libsndfile-1.2.2/cmake/FindMpg123.cmake --- old/libsndfile-1.2.0/cmake/FindMpg123.cmake 2021-05-17 11:12:28.000000000 +0200 +++ new/libsndfile-1.2.2/cmake/FindMpg123.cmake 1970-01-01 01:00:00.000000000 +0100 @@ -1,64 +0,0 @@ -# - Find mpg123 -# Find the native mpg123 includes and libraries -# -# MPG123_INCLUDE_DIRS - where to find mpg123.h, etc. -# MPG123_LIBRARIES - List of libraries when using mpg123. -# MPG123_FOUND - True if Mpg123 found. - -if (MPG123_INCLUDE_DIR) - # Already in cache, be silent - set(MPG123_FIND_QUIETLY TRUE) -endif () - -find_package (PkgConfig QUIET) -pkg_check_modules(PC_MPG123 QUIET libmpg123>=1.25.10) - -set (MPG123_VERSION ${PC_MPG123_VERSION}) - -find_path (MPG123_INCLUDE_DIR mpg123.h - HINTS - ${PC_MPG123_INCLUDEDIR} - ${PC_MPG123_INCLUDE_DIRS} - ${MPG123_ROOT} - ) - -# MSVC built mpg123 may be named mpg123_static. -# The provided project files name the library with the lib prefix. - -find_library (MPG123_LIBRARY - NAMES - mpg123 - mpg123_static - libmpg123 - libmpg123_static - HINTS - ${PC_MPG123_LIBDIR} - ${PC_MPG123_LIBRARY_DIRS} - ${MPG123_ROOT} - ) - -# Handle the QUIETLY and REQUIRED arguments and set MPG123_FOUND -# to TRUE if all listed variables are TRUE. -include(FindPackageHandleStandardArgs) -find_package_handle_standard_args (Mpg123 - REQUIRED_VARS - MPG123_LIBRARY - MPG123_INCLUDE_DIR - VERSION_VAR - MPG123_VERSION - ) - -if (MPG123_FOUND) - set (MPG123_LIBRARIES ${MPG123_LIBRARY}) - set (MPG123_INCLUDE_DIRS ${MPG123_INCLUDE_DIR}) - - if (NOT TARGET MPG123::libmpg123) - add_library (MPG123::libmpg123 UNKNOWN IMPORTED) - set_target_properties (MPG123::libmpg123 PROPERTIES - INTERFACE_INCLUDE_DIRECTORIES "${MPG123_INCLUDE_DIRS}" - IMPORTED_LOCATION "${MPG123_LIBRARIES}" - ) - endif () -endif () - -mark_as_advanced(MPG123_INCLUDE_DIR MPG123_LIBRARY) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libsndfile-1.2.0/cmake/Findmpg123.cmake new/libsndfile-1.2.2/cmake/Findmpg123.cmake --- old/libsndfile-1.2.0/cmake/Findmpg123.cmake 1970-01-01 01:00:00.000000000 +0100 +++ new/libsndfile-1.2.2/cmake/Findmpg123.cmake 2023-05-20 20:22:29.000000000 +0200 @@ -0,0 +1,95 @@ +#[=======================================================================[.rst: +Findmpg123 +------- + +Finds the mpg123 library. + +Imported Targets +^^^^^^^^^^^^^^^^ + +This module provides the following imported targets, if found: + +``MPG123::libmpg123`` + The mpg123 library + +Result Variables +^^^^^^^^^^^^^^^^ + +This will define the following variables: + +``mpg123_FOUND`` + True if the system has the mpg123 package. +``mpg123_VERSION`` + The version of mpg123 that was found on the system. + +Cache Variables +^^^^^^^^^^^^^^^ + +The following cache variables may also be set: + +``mpg123_INCLUDE_DIR`` + The directory containing ``mpg123.h``. +``mpg123_LIBRARY`` + The path to the mpg123 library. + +#]=======================================================================] + +if (mpg123_INCLUDE_DIR) + # Already in cache, be silent + set(mpg123_FIND_QUIETLY TRUE) +endif () + +find_package (PkgConfig QUIET) +pkg_check_modules(PC_MPG123 QUIET libmpg123>=1.25.10) + +find_path (mpg123_INCLUDE_DIR mpg123.h + HINTS + ${PC_MPG123_INCLUDEDIR} + ${PC_MPG123_INCLUDE_DIRS} + ${mpg123_ROOT} + ) + +# MSVC built mpg123 may be named mpg123_static. +# The provided project files name the library with the lib prefix. + +find_library (mpg123_LIBRARY + NAMES + mpg123 + mpg123_static + libmpg123 + libmpg123_static + HINTS + ${PC_MPG123_LIBDIR} + ${PC_MPG123_LIBRARY_DIRS} + ${mpg123_ROOT} + ) + +if (PC_MPG123_FOUND) + set (mpg123_VERSION ${PC_MPG123_VERSION}) +elseif (mpg123_INCLUDE_DIR) + file (READ "${mpg123_INCLUDE_DIR}/mpg123.h" _mpg123_h) + string (REGEX MATCH "[0-9]+.[0-9]+.[0-9]+" _mpg123_version_re "${_mpg123_h}") + set (mpg123_VERSION "${_mpg123_version_re}") +endif () + +# Handle the QUIETLY and REQUIRED arguments and set mpg123_FOUND +# to TRUE if all listed variables are TRUE. +include(FindPackageHandleStandardArgs) +find_package_handle_standard_args (mpg123 + REQUIRED_VARS + mpg123_LIBRARY + mpg123_INCLUDE_DIR + VERSION_VAR + mpg123_VERSION + ) + +if (mpg123_FOUND AND NOT TARGET MPG123::libmpg123) + add_library (MPG123::libmpg123 UNKNOWN IMPORTED) + set_target_properties (MPG123::libmpg123 + PROPERTIES + IMPORTED_LOCATION "${mpg123_LIBRARY}" + INTERFACE_INCLUDE_DIRECTORIES "${mpg123_INCLUDE_DIR}" + ) +endif () + +mark_as_advanced(mpg123_INCLUDE_DIR mpg123_LIBRARY) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libsndfile-1.2.0/cmake/SndFileChecks.cmake new/libsndfile-1.2.2/cmake/SndFileChecks.cmake --- old/libsndfile-1.2.0/cmake/SndFileChecks.cmake 2022-09-12 20:17:56.000000000 +0200 +++ new/libsndfile-1.2.2/cmake/SndFileChecks.cmake 2023-05-20 20:22:29.000000000 +0200 @@ -50,7 +50,7 @@ endif () find_package (mp3lame) -find_package (Mpg123 1.25.10) +find_package (mpg123 1.25.10) if (TARGET mp3lame::mp3lame AND (TARGET MPG123::libmpg123)) set (HAVE_MPEG_LIBS 1) else () diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libsndfile-1.2.0/cmake/SndFileConfig.cmake.in new/libsndfile-1.2.2/cmake/SndFileConfig.cmake.in --- old/libsndfile-1.2.0/cmake/SndFileConfig.cmake.in 2022-09-12 20:17:56.000000000 +0200 +++ new/libsndfile-1.2.2/cmake/SndFileConfig.cmake.in 2023-05-20 20:22:29.000000000 +0200 @@ -10,6 +10,10 @@ include (CMakeFindDependencyMacro) +if (NOT @BUILD_SHARED_LIBS@) + list (APPEND CMAKE_MODULE_PATH ${CMAKE_CURRENT_LIST_DIR}) +endif () + if (SndFile_WITH_EXTERNAL_LIBS AND NOT @BUILD_SHARED_LIBS@) find_dependency (Ogg 1.3) find_dependency (Vorbis) @@ -19,7 +23,11 @@ if (SndFile_WITH_MPEG AND NOT @BUILD_SHARED_LIBS@) find_dependency (mp3lame) - find_dependency (MPG123) + find_dependency (mpg123) +endif () + +if (NOT @BUILD_SHARED_LIBS@) + list (REMOVE_ITEM CMAKE_MODULE_PATH ${CMAKE_CURRENT_LIST_DIR}) endif () include (${CMAKE_CURRENT_LIST_DIR}/SndFileTargets.cmake) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libsndfile-1.2.0/configure.ac new/libsndfile-1.2.2/configure.ac --- old/libsndfile-1.2.0/configure.ac 2022-12-25 12:32:44.000000000 +0100 +++ new/libsndfile-1.2.2/configure.ac 2023-08-13 11:20:17.000000000 +0200 @@ -3,7 +3,7 @@ dnl Require autoconf version >= 2.69 AC_PREREQ([2.69]) -AC_INIT([libsndfile],[1.2.0],[sndf...@mega-nerd.com], +AC_INIT([libsndfile],[1.2.2],[sndf...@mega-nerd.com], [libsndfile],[http://libsndfile.github.io/libsndfile/]) dnl Check whether we want to set defaults for CFLAGS, CXXFLAGS, CPPFLAGS and LDFLAGS @@ -88,7 +88,7 @@ dnl This is libtool version of library, we add it to `--version-info` property. m4_define([lt_current], [1]) -m4_define([lt_revision], [35]) +m4_define([lt_revision], [37]) m4_define([lt_age], [0]) dnl This is ABI version for linker scripts, CMake uses the same format for @@ -697,7 +697,7 @@ Makefile Octave/Makefile src/version-metadata.rc tests/test_wrapper.sh tests/pedantic-header-test.sh - libsndfile.spec sndfile.pc + sndfile.pc Scripts/build-test-tarball.mk ]) AC_OUTPUT diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libsndfile-1.2.0/docs/api.md new/libsndfile-1.2.2/docs/api.md --- old/libsndfile-1.2.0/docs/api.md 2022-09-12 20:17:56.000000000 +0200 +++ new/libsndfile-1.2.2/docs/api.md 2023-08-12 17:14:09.000000000 +0200 @@ -47,7 +47,7 @@ | [sf_writef_short, sf_writef_int, sf_writef_float, sf_writef_double](#writef) | File frames write functions. | | [sf_read_raw, sf_write_raw](#raw) | Raw read/write functions. | | [sf_get_string, sf_set_string](#string) | Functions for reading and writing string data. | -| [sf_version_string](#version_string) | Retrive library version string. | +| [sf_version_string](#version_string) | Retrieve library version string. | | [sf_current_byterate](#current_byterate) | Retrieve current byterate. | | [sf_set_chunk, sf_get_chunk_iterator, sf_next_chunk_iterator, sf_get_chunk_size, sf_get_chunk_data](#chunk) | RIFF chunks API. | @@ -262,7 +262,7 @@ typedef sf_count_t (*sf_vio_get_filelen) (void *user_data) ; ``` -The virtual file contex must return the length of the virtual file in bytes. +The virtual file context must return the length of the virtual file in bytes. #### sf_vio_seek @@ -347,7 +347,7 @@ is used for the whence parameter. sf_seek will return the offset in (multichannel) frames from the start of the -audio data or -1 if an error occured (ie an attempt is made to seek beyond the +audio data or -1 if an error occurred (ie an attempt is made to seek beyond the start or end of the file). ## Error Reporting Functions {#error} @@ -557,7 +557,7 @@ WAV and AIF files with libsndfile will work when read back with libsndfile, but may not work with other programs. -The suggested method of dealing with tags retrived using sf_get_string() is to +The suggested method of dealing with tags retrieved using sf_get_string() is to assume they are utf-8. Similarly if you have a string in some exotic format like utf-16, it should be encoded to utf-8 before being written using libsndfile. @@ -733,7 +733,7 @@ ## Note 2 -Reading a file containg floating point data (allowable with WAV, AIFF, AU and +Reading a file containing floating point data (allowable with WAV, AIFF, AU and other file formats) using integer read methods (sf_read_short() or sf_read_int()) can produce unexpected results. For instance the data in the file may have a maximum absolute value < 1.0 which would mean that all sample diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libsndfile-1.2.0/docs/bugs.md new/libsndfile-1.2.2/docs/bugs.md --- old/libsndfile-1.2.0/docs/bugs.md 2021-05-17 11:12:28.000000000 +0200 +++ new/libsndfile-1.2.2/docs/bugs.md 2023-08-12 17:14:09.000000000 +0200 @@ -14,7 +14,7 @@ - Compilation problems on new platforms. - Errors being detected during the `make check` process. -- Segmentation faults occuring inside libsndfile. +- Segmentation faults occurring inside libsndfile. - libsndfile hanging when opening a file. - Supported sound file types being incorrectly read or written. - Omissions, errors or spelling mistakes in the documentation. @@ -24,7 +24,7 @@ - Your system (CPU and memory size should be enough). - The operating system you are using. - Whether you are using a package provided by your distribution or you compiled - it youself. + it yourself. - If you compiled it yourself, the compiler you are using. (Also make sure to run `make check`.) - A description of the problem. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libsndfile-1.2.0/docs/command.md new/libsndfile-1.2.2/docs/command.md --- old/libsndfile-1.2.0/docs/command.md 2022-09-12 20:17:56.000000000 +0200 +++ new/libsndfile-1.2.2/docs/command.md 2023-08-12 17:14:09.000000000 +0200 @@ -1034,7 +1034,7 @@ ### Return value -Zero on sucess, non-zero otherwise. +Zero on success, non-zero otherwise. ## SFC_SET_RAW_START_OFFSET @@ -1228,7 +1228,7 @@ Set the Variable Bit Rate encoding quality. The encoding quality value should be between 0.0 (lowest quality) and 1.0 (highest quality). -Currenly this command is only implemented for FLAC and Ogg/Vorbis files. +Currently this command is only implemented for FLAC and Ogg/Vorbis files. It has no effect on un-compressed file formats. ### Parameters @@ -1301,7 +1301,7 @@ ## SFC_SET_COMPRESSION_LEVEL Set the compression level. The compression level should be between 0.0 (minimum -compression level) and 1.0 (highest compression level). Currenly this command is +compression level) and 1.0 (highest compression level). Currently this command is only implemented for FLAC and Ogg/Vorbis files. It has no effect on uncompressed file formats. @@ -1604,7 +1604,7 @@ /* a full bar of 7/8 is 7 beats */ float bpm ; /* suggestion, as it can be calculated using other fields:*/ - /* file's lenght, file's sampleRate and our time_sig_den*/ + /* file's length, file's sampleRate and our time_sig_den*/ /* -> bpms are always the amount of _quarter notes_ per minute */ int root_key ; /* MIDI note, or -1 for None */ @@ -1627,7 +1627,7 @@ ## SFC_GET_INSTRUMENT Retrieve instrument information from file including MIDI base note, keyboard -mapping and looping informations(start/stop and mode). +mapping and looping information (start/stop and mode). ### Parameters @@ -1829,7 +1829,7 @@ Enable auto downgrade from RF64 to WAV. -The EBU recomendation is that when writing RF64 files and the resulting file is +The EBU recommendation is that when writing RF64 files and the resulting file is less than 4Gig in size, it should be downgraded to a WAV file (WAV files have a maximum size of 4Gig). libsndfile doesn't follow the EBU recommendations exactly, mainly because the test suite needs to be able test reading/writing diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libsndfile-1.2.0/docs/index.md new/libsndfile-1.2.2/docs/index.md --- old/libsndfile-1.2.0/docs/index.md 2022-03-27 14:39:27.000000000 +0200 +++ new/libsndfile-1.2.2/docs/index.md 2023-08-13 11:20:17.000000000 +0200 @@ -93,7 +93,7 @@ * Version 1.0.6 (Feb 08 2004) Large file fix for Linux/Solaris, new functionality and Win32 improvements. * Version 1.0.7 (Feb 24 2004) Fix build problems on MacOS X and fix ia64/MIPS - etc clip mode detction. + etc clip mode detection. * Version 1.0.8 (Mar 14 2004) Minor bug fixes. * Version 1.0.9 (Mar 30 2004) Add AVR format. Improve handling of some WAV files. @@ -112,7 +112,7 @@ enhancements and bug fixes. * Version 1.0.17 (Aug 31 2006) Add C++ wrapper sndfile.hh. Minor bug fixes and cleanups. -* Version 1.0.18 (Feb 07 2009) Add Ogg/Vorbis suppport, remove captive +* Version 1.0.18 (Feb 07 2009) Add Ogg/Vorbis support, remove captive libraries, many new features and bug fixes. Generate Win32 and Win64 pre-compiled binaries. * Version 1.0.19 (Mar 02 2009) Fix for CVE-2009-0186. Huge number of minor fixes @@ -144,6 +144,10 @@ reported by OSS-Fuzz. More SSE2-optimized functions for x86 and amd64. * Version 1.1.0 (March 27 2022) Minor release, backward compatible with previous releases. Added long-awaited MP3 support. Numerous improvements and bugfixes. +* Version 1.2.0 (December 25 2022) Various bugfixes, + removed artificial samplerate limit +* Version 1.2.1 (August 12 2023) Patch release, various bugfixes. +* Version 1.2.2 (August 13 2023) Patch release, various bugfixes. ## Similar or Related Projects diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libsndfile-1.2.0/docs/lists.md new/libsndfile-1.2.2/docs/lists.md --- old/libsndfile-1.2.0/docs/lists.md 2021-05-17 11:12:28.000000000 +0200 +++ new/libsndfile-1.2.2/docs/lists.md 2023-08-12 17:14:09.000000000 +0200 @@ -12,7 +12,7 @@ - **libsndfile-annou...@mega-nerd.com**Â Â [Subscribe](mailto:libsndfile-announce-requ...@mega-nerd.com?subject=subscribe) - A list which will announce each new release of libsndfile. Noone can + A list which will announce each new release of libsndfile. No one can post to this list except the author. - **libsndfile-de...@mega-nerd.com**Â Â [Subscribe](mailto:libsndfile-devel-requ...@mega-nerd.com?subject=subscribe) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libsndfile-1.2.0/include/sndfile.hh new/libsndfile-1.2.2/include/sndfile.hh --- old/libsndfile-1.2.0/include/sndfile.hh 2021-05-17 11:12:28.000000000 +0200 +++ new/libsndfile-1.2.2/include/sndfile.hh 2023-08-12 17:14:09.000000000 +0200 @@ -100,6 +100,11 @@ SndfileHandle (const SndfileHandle &orig) ; SndfileHandle & operator = (const SndfileHandle &rhs) ; +#if (__cplusplus >= 201100L) + SndfileHandle (SndfileHandle &&orig) noexcept ; + SndfileHandle & operator = (SndfileHandle &&rhs) noexcept ; +#endif + /* Mainly for debugging/testing. */ int refCount (void) const { return (p == SF_NULL) ? 0 : p->ref ; } @@ -288,7 +293,32 @@ ++ p->ref ; return *this ; -} /* SndfileHandle assignment operator */ +} /* SndfileHandle copy assignment */ + +#if (__cplusplus >= 201100L) + +inline +SndfileHandle::SndfileHandle (SndfileHandle &&orig) noexcept +: p (orig.p) +{ + orig.p = SF_NULL ; +} /* SndfileHandle move constructor */ + +inline SndfileHandle & +SndfileHandle::operator = (SndfileHandle &&rhs) noexcept +{ + if (&rhs == this) + return *this ; + if (p != SF_NULL && -- p->ref == 0) + delete p ; + + p = rhs.p ; + rhs.p = SF_NULL ; + + return *this ; +} /* SndfileHandle move assignment */ + +#endif inline int SndfileHandle::error (void) const diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libsndfile-1.2.0/libsndfile.spec.in new/libsndfile-1.2.2/libsndfile.spec.in --- old/libsndfile-1.2.0/libsndfile.spec.in 2021-05-17 11:12:28.000000000 +0200 +++ new/libsndfile-1.2.2/libsndfile.spec.in 1970-01-01 01:00:00.000000000 +0100 @@ -1,69 +0,0 @@ - -%define name @PACKAGE@ -%define version @VERSION@ -%define release 1 - -Summary: A library to handle various audio file formats. -Name: %{name} -Version: %{version} -Release: %{release} -Copyright: LGPL -Group: Libraries/Sound -Source: http://www.mega-nerd.com/libsndfile/libsndfile-%{version}.tar.gz -Url: http://www.mega-nerd.com/libsndfile/ -BuildRoot: /var/tmp/%{name}-%{version} - -%description -libsndfile is a C library for reading and writing sound files such as -AIFF, AU and WAV files through one standard interface. It can currently -read/write 8, 16, 24 and 32-bit PCM files as well as 32-bit floating -point WAV files and a number of compressed formats. - -%package devel -Summary: Libraries, includes, etc to develop libsndfile applications -Group: Libraries - -%description devel -Libraries, include files, etc you can use to develop libsndfile applications. - -%prep -%setup - -%build -%configure -make - -%install -if [ -d $RPM_BUILD_ROOT ]; then rm -rf $RPM_BUILD_ROOT; fi -mkdir -p $RPM_BUILD_ROOT -make DESTDIR=$RPM_BUILD_ROOT install -%clean -if [ -d $RPM_BUILD_ROOT ]; then rm -rf $RPM_BUILD_ROOT; fi - -%files -%defattr(-,root,root) -%doc AUTHORS COPYING ChangeLog INSTALL NEWS README TODO doc -%{_libdir}/libsndfile.so.* -%{_bindir}/* -%{_mandir}/man1/* -%{_datadir}/octave/site/m/* -%{_defaultdocdir}/libsndfile1-dev/html/* - -%files devel -%defattr(-,root,root) -%{_libdir}/libsndfile.a -%{_libdir}/libsndfile.la -%{_libdir}/libsndfile.so -%{_includedir}/sndfile.h -%{_libdir}/pkgconfig/sndfile.pc - -%changelog -* Sun May 15 2005 Erik de Castro Lopo <er...@mega-nerd.com> -- Add html files to the files section. -* Tue Sep 16 2003 Erik de Castro Lopo <er...@mega-nerd.com> -- Apply corrections from Andrew Schultz. -* Mon Oct 21 2002 Erik de Castro Lopo <er...@mega-nerd.com> -- Force installation of sndfile.pc file. -* Thu Jul 6 2000 Josh Green <jgr...@users.sourceforge.net> -- Created libsndfile.spec.in - diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libsndfile-1.2.0/m4/libtool.m4 new/libsndfile-1.2.2/m4/libtool.m4 --- old/libsndfile-1.2.0/m4/libtool.m4 2022-12-25 12:36:55.000000000 +0100 +++ new/libsndfile-1.2.2/m4/libtool.m4 2023-08-13 11:22:00.000000000 +0200 @@ -1719,11 +1719,6 @@ lt_cv_sys_max_cmd_len=8192; ;; - mint*) - # On MiNT this can take a long time and run out of memory. - lt_cv_sys_max_cmd_len=8192; - ;; - amigaos*) # On AmigaOS with pdksh, this test takes hours, literally. # So we just punt and use a minimum line length of 8192. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libsndfile-1.2.0/programs/sndfile-metadata-set.c new/libsndfile-1.2.2/programs/sndfile-metadata-set.c --- old/libsndfile-1.2.0/programs/sndfile-metadata-set.c 2021-05-17 11:12:28.000000000 +0200 +++ new/libsndfile-1.2.2/programs/sndfile-metadata-set.c 2023-05-20 20:22:29.000000000 +0200 @@ -279,7 +279,10 @@ time (¤t) ; memset (timedata, 0, sizeof (struct tm)) ; -#if defined (HAVE_LOCALTIME_R) +#if defined (_WIN32) + /* If the re-entrant version is available, use it. */ + localtime_s (timedata, ¤t) ; +#elif defined (HAVE_LOCALTIME_R) /* If the re-entrant version is available, use it. */ localtime_r (¤t, timedata) ; #elif defined (HAVE_LOCALTIME) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libsndfile-1.2.0/programs/sndfile-play.c new/libsndfile-1.2.2/programs/sndfile-play.c --- old/libsndfile-1.2.0/programs/sndfile-play.c 2021-09-21 14:16:36.000000000 +0200 +++ new/libsndfile-1.2.2/programs/sndfile-play.c 2023-05-20 20:22:29.000000000 +0200 @@ -56,7 +56,7 @@ #if defined (__ANDROID__) -#elif defined (__linux__) || defined (__FreeBSD_kernel__) || defined (__FreeBSD__) +#elif defined (__linux__) || defined (__FreeBSD_kernel__) || defined (__FreeBSD__) || defined (__riscos__) #include <fcntl.h> #include <sys/ioctl.h> #include <sys/soundcard.h> @@ -355,7 +355,7 @@ ** Linux/OSS functions for playing a sound. */ -#if !defined (__ANDROID__) && (defined (__linux__) || defined (__FreeBSD_kernel__) || defined (__FreeBSD__)) +#if !defined (__ANDROID__) && (defined (__linux__) || defined (__FreeBSD_kernel__) || defined (__FreeBSD__) || defined (__riscos__)) static int opensoundsys_open_device (int channels, int srate) ; @@ -841,7 +841,7 @@ else #endif opensoundsys_play (argc, argv) ; -#elif defined (__FreeBSD_kernel__) || defined (__FreeBSD__) +#elif defined (__FreeBSD_kernel__) || defined (__FreeBSD__) || defined (__riscos__) opensoundsys_play (argc, argv) ; #elif HAVE_SNDIO_H sndio_play (argc, argv) ; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libsndfile-1.2.0/src/aiff.c new/libsndfile-1.2.2/src/aiff.c --- old/libsndfile-1.2.0/src/aiff.c 2022-04-02 20:53:09.000000000 +0200 +++ new/libsndfile-1.2.2/src/aiff.c 2023-08-12 17:14:09.000000000 +0200 @@ -1059,6 +1059,13 @@ else psf_log_printf (psf, " Sample Size : %d\n", comm_fmt->sampleSize) ; + + if ((psf->sf.channels != comm_fmt->numChannels) && psf->peak_info) + { psf_log_printf (psf, " *** channel count changed, discarding existing PEAK chunk\n") ; + free (psf->peak_info) ; + psf->peak_info = NULL ; + } ; + subformat = s_bitwidth_to_subformat (comm_fmt->sampleSize) ; psf->sf.samplerate = samplerate ; @@ -1156,18 +1163,27 @@ /*========================================================================================== */ -static void +static int aiff_rewrite_header (SF_PRIVATE *psf) -{ +{ AIFF_PRIVATE *paiff = psf->container_data ; + /* Assuming here that the header has already been written and just ** needs to be corrected for new data length. That means that we ** only change the length fields of the FORM and SSND chunks ; ** everything else can be skipped over. */ int k, ch, comm_size, comm_frames ; + sf_count_t header_len ; + /* Calculate the header length rather than use dataoffset, as AIFF files + ** can have additional padding offset bytes which aren't usefully a part of + ** the header. + */ + header_len = paiff->ssnd_offset + 8 + SIZEOF_SSND_CHUNK ; + if (psf->header.len < header_len || header_len > psf->dataoffset) + return SFE_INTERNAL ; psf_fseek (psf, 0, SEEK_SET) ; - psf_fread (psf->header.ptr, psf->dataoffset, 1, psf) ; + psf_fread (psf->header.ptr, header_len, 1, psf) ; psf->header.indx = 0 ; @@ -1202,7 +1218,7 @@ psf_fseek (psf, 0, SEEK_SET) ; psf_fwrite (psf->header.ptr, psf->header.indx, 1, psf) ; - return ; + return 0 ; } /* aiff_rewrite_header */ static int @@ -1211,7 +1227,7 @@ AIFF_PRIVATE *paiff ; uint8_t comm_sample_rate [10], comm_zero_bytes [2] = { 0, 0 } ; uint32_t comm_type, comm_size, comm_encoding, comm_frames = 0, uk ; - int k, endian, has_data = SF_FALSE ; + int ret, k, endian, has_data = SF_FALSE ; int16_t bit_width ; if ((paiff = psf->container_data) == NULL) @@ -1234,7 +1250,8 @@ } ; if (psf->file.mode == SFM_RDWR && psf->dataoffset > 0 && psf->rchunks.count > 0) - { aiff_rewrite_header (psf) ; + { if ((ret = aiff_rewrite_header (psf)) != 0) + return ret ; if (current > 0) psf_fseek (psf, current, SEEK_SET) ; return 0 ; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libsndfile-1.2.0/src/chunk.c new/libsndfile-1.2.2/src/chunk.c --- old/libsndfile-1.2.0/src/chunk.c 2021-05-17 11:12:28.000000000 +0200 +++ new/libsndfile-1.2.2/src/chunk.c 2023-08-12 17:14:09.000000000 +0200 @@ -122,10 +122,12 @@ { READ_CHUNK * old_ptr = pchk->chunks ; int new_count = 3 * (pchk->count + 1) / 2 ; - pchk->chunks = realloc (old_ptr, new_count * sizeof (READ_CHUNK)) ; - if (pchk->chunks == NULL) - { pchk->chunks = old_ptr ; + READ_CHUNK * new_chunks = realloc (old_ptr, new_count * sizeof (READ_CHUNK)) ; + if (new_chunks == NULL) + { return SFE_MALLOC_FAILED ; + } else { + pchk->chunks = new_chunks; } ; pchk->count = new_count ; } ; @@ -238,10 +240,12 @@ { WRITE_CHUNK * old_ptr = pchk->chunks ; int new_count = 3 * (pchk->count + 1) / 2 ; - pchk->chunks = realloc (old_ptr, new_count * sizeof (WRITE_CHUNK)) ; - if (pchk->chunks == NULL) - { pchk->chunks = old_ptr ; + WRITE_CHUNK * new_chunks = realloc (old_ptr, new_count * sizeof (WRITE_CHUNK)) ; + if (new_chunks == NULL) + { return SFE_MALLOC_FAILED ; + } else { + pchk->chunks = new_chunks; } ; } ; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libsndfile-1.2.0/src/common.c new/libsndfile-1.2.2/src/common.c --- old/libsndfile-1.2.0/src/common.c 2022-12-25 10:48:36.000000000 +0100 +++ new/libsndfile-1.2.2/src/common.c 2023-08-12 17:14:09.000000000 +0200 @@ -252,10 +252,10 @@ else { if (D < 0) { log_putchar (psf, '-') ; - U = -((uint64_t) D) ; + U = - ((uint64_t) D) ; } else - { U = (uint64_t) D; + { U = (uint64_t) D ; } } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libsndfile-1.2.0/src/common.h new/libsndfile-1.2.2/src/common.h --- old/libsndfile-1.2.0/src/common.h 2022-09-12 20:17:56.000000000 +0200 +++ new/libsndfile-1.2.2/src/common.h 2023-08-12 17:14:09.000000000 +0200 @@ -43,7 +43,11 @@ #include <math.h> #ifdef USE_SSE2 -#include <immintrin.h> +# ifdef _MSC_VER +# include <intrin.h> +# else +# include <immintrin.h> +# endif #endif #ifdef __cplusplus diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libsndfile-1.2.0/src/config.h.cmake new/libsndfile-1.2.2/src/config.h.cmake --- old/libsndfile-1.2.0/src/config.h.cmake 2022-09-12 20:17:56.000000000 +0200 +++ new/libsndfile-1.2.2/src/config.h.cmake 2023-05-20 20:22:29.000000000 +0200 @@ -148,6 +148,10 @@ /* Define to 1 if the system has the type `ssize_t'. */ #cmakedefine01 HAVE_SSIZE_T +#if (HAVE_SSIZE_T == 0) +#define ssize_t intptr_t +#endif + /* Define to 1 if you have the <stdint.h> header file. */ #cmakedefine01 HAVE_STDINT_H diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libsndfile-1.2.0/src/create_symbols_file.py new/libsndfile-1.2.2/src/create_symbols_file.py --- old/libsndfile-1.2.0/src/create_symbols_file.py 2021-05-17 11:12:28.000000000 +0200 +++ new/libsndfile-1.2.2/src/create_symbols_file.py 2023-08-13 10:46:34.000000000 +0200 @@ -118,7 +118,7 @@ def os2_symbols (progname, version, name): print ("; Auto-generated by %s\n" %progname) - print ("LIBRARY %s%s" % (name, re.sub ("\..*", "", version))) + print ("LIBRARY %s%s" % (name, re.sub (r"\..*", "", version))) print ("INITINSTANCE TERMINSTANCE") print ("CODE PRELOAD MOVEABLE DISCARDABLE") print ("DATA PRELOAD MOVEABLE MULTIPLE NONSHARED") @@ -160,7 +160,7 @@ sys.exit (1) os_name = sys.argv [1] -version = re.sub ("\.[a-z0-9]+$", "", sys.argv [2]) +version = re.sub (r"\.[a-z0-9]+$", "", sys.argv [2]) if os_name == "linux" or os_name == "gnu" or os_name == "binutils": linux_symbols (progname, version) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libsndfile-1.2.0/src/mpeg_decode.c new/libsndfile-1.2.2/src/mpeg_decode.c --- old/libsndfile-1.2.0/src/mpeg_decode.c 2022-12-25 10:48:36.000000000 +0100 +++ new/libsndfile-1.2.2/src/mpeg_decode.c 2023-08-12 17:14:09.000000000 +0200 @@ -203,7 +203,7 @@ } /* mpeg_dec_seek */ static int -mpeg_dec_fill_sfinfo (mpg123_handle *mh, SF_INFO *info) +mpeg_dec_fill_sfinfo (SF_PRIVATE* psf, mpg123_handle *mh, SF_INFO *info) { int error ; int channels ; int encoding ; @@ -218,6 +218,12 @@ info->channels = channels ; length = mpg123_length (mh) ; + if (length <= 0 && !psf->is_pipe) + { if ((error = mpg123_scan (mh)) != MPG123_OK) + return error ; + length = mpg123_length (mh) ; + } + if (length >= 0) { info->frames = length ; info->seekable = SF_TRUE ; @@ -577,7 +583,7 @@ return SFE_BAD_FILE ; } ; - if (mpeg_dec_fill_sfinfo (pmp3d->pmh, &psf->sf) != MPG123_OK) + if (mpeg_dec_fill_sfinfo (psf, pmp3d->pmh, &psf->sf) != MPG123_OK) { psf_log_printf (psf, "Cannot get MPEG decoder configuration: %s\n", mpg123_plain_strerror (error)) ; return SFE_BAD_FILE ; } ; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libsndfile-1.2.0/src/ogg.c new/libsndfile-1.2.2/src/ogg.c --- old/libsndfile-1.2.0/src/ogg.c 2022-12-25 10:48:36.000000000 +0100 +++ new/libsndfile-1.2.2/src/ogg.c 2023-05-20 20:22:29.000000000 +0200 @@ -424,8 +424,12 @@ left_link = 0 ; while (position < end) { ret = ogg_sync_next_page (psf, &odata->opage, end - position, &position) ; - if (ret <= 0) + if (ret < 0) return -1 ; + else if (ret == 0) + { // Hit EOF before EOS + break ; + } if (ogg_page_serialno (&odata->opage) == serialno) { uint64_t page_gp = ogg_page_granulepos (&odata->opage) ; if (page_gp != (uint64_t) -1) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libsndfile-1.2.0/src/sfconfig.h new/libsndfile-1.2.2/src/sfconfig.h --- old/libsndfile-1.2.0/src/sfconfig.h 2021-05-17 11:12:28.000000000 +0200 +++ new/libsndfile-1.2.2/src/sfconfig.h 2023-05-20 20:22:29.000000000 +0200 @@ -128,12 +128,4 @@ #define USE_SSE2 #endif -#ifndef HAVE_SSIZE_T -#define HAVE_SSIZE_T 0 -#endif - -#if (HAVE_SSIZE_T == 0) -#define ssize_t intptr_t -#endif - #endif diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libsndfile-1.2.0/src/sndfile.c new/libsndfile-1.2.2/src/sndfile.c --- old/libsndfile-1.2.0/src/sndfile.c 2022-12-25 10:48:36.000000000 +0100 +++ new/libsndfile-1.2.2/src/sndfile.c 2023-08-12 17:14:09.000000000 +0200 @@ -439,7 +439,6 @@ SNDFILE* sf_open_fd (int fd, int mode, SF_INFO *sfinfo, int close_desc) { SF_PRIVATE *psf ; - SNDFILE *result ; if ((SF_CONTAINER (sfinfo->format)) == SF_FORMAT_SD2) { sf_errno = SFE_SD2_FD_DISALLOWED ; @@ -461,15 +460,12 @@ psf_copy_filename (psf, "") ; psf->file.mode = mode ; + psf->file.do_not_close_descriptor = !close_desc; psf_set_file (psf, fd) ; psf->is_pipe = psf_is_pipe (psf) ; psf->fileoffset = psf_ftell (psf) ; - result = psf_open_file (psf, sfinfo) ; - if (result != NULL && ! close_desc) - psf->file.do_not_close_descriptor = SF_TRUE ; - - return result ; + return psf_open_file (psf, sfinfo) ; } /* sf_open_fd */ SNDFILE* diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libsndfile-1.2.0/src/strings.c new/libsndfile-1.2.2/src/strings.c --- old/libsndfile-1.2.0/src/strings.c 2021-05-17 11:12:28.000000000 +0200 +++ new/libsndfile-1.2.2/src/strings.c 2023-08-12 17:14:09.000000000 +0200 @@ -131,9 +131,12 @@ newlen = newlen < 256 ? 256 : newlen ; - if ((psf->strings.storage = realloc (temp, newlen)) == NULL) - { psf->strings.storage = temp ; + char * new_storage = realloc(temp, newlen); + if (new_storage == NULL) + { return SFE_MALLOC_FAILED ; + } else { + psf->strings.storage = new_storage; } ; psf->strings.storage_len = newlen ; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libsndfile-1.2.0/src/version-metadata.rc new/libsndfile-1.2.2/src/version-metadata.rc --- old/libsndfile-1.2.0/src/version-metadata.rc 2022-12-25 12:37:05.000000000 +0100 +++ new/libsndfile-1.2.2/src/version-metadata.rc 2023-08-13 11:22:11.000000000 +0200 @@ -2,8 +2,8 @@ LANGUAGE LANG_ENGLISH, SUBLANG_ENGLISH_AUS 1 VERSIONINFO - FILEVERSION 1,2,0,0 - PRODUCTVERSION 1,2,0,0 + FILEVERSION 1,2,2,0 + PRODUCTVERSION 1,2,2,0 FILEOS VOS__WINDOWS32 FILETYPE VFT_DLL FILESUBTYPE VFT2_UNKNOWN @@ -16,7 +16,7 @@ { VALUE "FileDescription", "A library for reading and writing audio files." VALUE "FileVersion", ".0\0" - VALUE "Full Version", "1.2.0" + VALUE "Full Version", "1.2.2" VALUE "InternalName", "libsndfile" VALUE "LegalCopyright", "Copyright (C) 1999-2012, Licensed LGPL" VALUE "ProductName", "libsndfile-1 DLL" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libsndfile-1.2.0/src/wav.c new/libsndfile-1.2.2/src/wav.c --- old/libsndfile-1.2.0/src/wav.c 2022-04-02 20:53:09.000000000 +0200 +++ new/libsndfile-1.2.2/src/wav.c 2023-08-12 17:14:09.000000000 +0200 @@ -1172,9 +1172,9 @@ /* RIFF/RIFX marker, length, WAVE and 'fmt ' markers. */ if (psf->endian == SF_ENDIAN_LITTLE) - psf_binheader_writef (psf, "etm8", BHWm (RIFF_MARKER), BHW8 ((psf->filelength < 8) ? 8 : psf->filelength - 8)) ; + psf_binheader_writef (psf, "etm8", BHWm (RIFF_MARKER), BHW8 ((psf->filelength < 8) ? 8 : SF_MIN(psf->filelength - 8, UINT32_MAX))) ; else - psf_binheader_writef (psf, "Etm8", BHWm (RIFX_MARKER), BHW8 ((psf->filelength < 8) ? 8 : psf->filelength - 8)) ; + psf_binheader_writef (psf, "Etm8", BHWm (RIFX_MARKER), BHW8 ((psf->filelength < 8) ? 8 : SF_MIN(psf->filelength - 8, UINT32_MAX))) ; /* WAVE and 'fmt ' markers. */ psf_binheader_writef (psf, "mm", BHWm (WAVE_MARKER), BHWm (fmt_MARKER)) ; @@ -1258,7 +1258,7 @@ psf_binheader_writef (psf, "m4z", BHWm (PAD_MARKER), BHW4 (k), BHWz (k)) ; } ; - psf_binheader_writef (psf, "tm8", BHWm (data_MARKER), BHW8 (psf->datalength)) ; + psf_binheader_writef (psf, "tm8", BHWm (data_MARKER), BHW8 (SF_MIN(psf->datalength, UINT32_MAX))) ; psf_fwrite (psf->header.ptr, psf->header.indx, 1, psf) ; if (psf->error) return psf->error ; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/libsndfile-1.2.0/tests/string_test.c new/libsndfile-1.2.2/tests/string_test.c --- old/libsndfile-1.2.0/tests/string_test.c 2021-05-17 11:12:28.000000000 +0200 +++ new/libsndfile-1.2.2/tests/string_test.c 2023-08-13 10:46:35.000000000 +0200 @@ -37,6 +37,8 @@ #define BUFFER_LEN (1 << 10) #define LOG_BUFFER_SIZE 1024 +#define NULL_PRINTF_CHECK(X) (X ? X : "(null)") + static const char STR_TEST_PREFIX[] = "str" ; static void string_start_test (const char *filename, int typemajor) ; @@ -263,21 +265,21 @@ if (cptr == NULL || strcmp (filename, cptr) != 0) { if (errors++ == 0) puts ("\n") ; - printf (" Bad filename : %s\n", cptr) ; + printf (" Bad filename : %s\n", NULL_PRINTF_CHECK(cptr)) ; } ; cptr = sf_get_string (file, SF_STR_COPYRIGHT) ; if (cptr == NULL || strcmp (copyright, cptr) != 0) { if (errors++ == 0) puts ("\n") ; - printf (" Bad copyright : %s\n", cptr) ; + printf (" Bad copyright : %s\n", NULL_PRINTF_CHECK(cptr)) ; } ; cptr = sf_get_string (file, SF_STR_SOFTWARE) ; if (cptr == NULL || strstr (cptr, software) != cptr) { if (errors++ == 0) puts ("\n") ; - printf (" Bad software : %s\n", cptr) ; + printf (" Bad software : %s\n", NULL_PRINTF_CHECK(cptr)) ; } ; if (str_count (cptr, "libsndfile") != 1) @@ -290,14 +292,14 @@ if (cptr == NULL || strcmp (artist, cptr) != 0) { if (errors++ == 0) puts ("\n") ; - printf (" Bad artist : %s\n", cptr) ; + printf (" Bad artist : %s\n", NULL_PRINTF_CHECK(cptr)) ; } ; cptr = sf_get_string (file, SF_STR_COMMENT) ; if (cptr == NULL || strcmp (comment, cptr) != 0) { if (errors++ == 0) puts ("\n") ; - printf (" Bad comment : %s\n", cptr) ; + printf (" Bad comment : %s\n", NULL_PRINTF_CHECK(cptr)) ; } ; if (typemajor != SF_FORMAT_AIFF) @@ -305,14 +307,14 @@ if (cptr == NULL || strcmp (date, cptr) != 0) { if (errors++ == 0) puts ("\n") ; - printf (" Bad date : %s\n", cptr) ; + printf (" Bad date : %s\n", NULL_PRINTF_CHECK(cptr)) ; } ; cptr = sf_get_string (file, SF_STR_GENRE) ; if (cptr == NULL || strcmp (genre, cptr) != 0) { if (errors++ == 0) puts ("\n") ; - printf (" Bad genre : %s\n", cptr) ; + printf (" Bad genre : %s\n", NULL_PRINTF_CHECK(cptr)) ; } ; } ; @@ -330,21 +332,21 @@ if (cptr == NULL || strcmp (album, cptr) != 0) { if (errors++ == 0) puts ("\n") ; - printf (" Bad album : %s\n", cptr) ; + printf (" Bad album : %s\n", NULL_PRINTF_CHECK(cptr)) ; } ; cptr = sf_get_string (file, SF_STR_LICENSE) ; if (cptr == NULL || strcmp (license, cptr) != 0) { if (errors++ == 0) puts ("\n") ; - printf (" Bad license : %s\n", cptr) ; + printf (" Bad license : %s\n", NULL_PRINTF_CHECK(cptr)) ; } ; cptr = sf_get_string (file, SF_STR_TRACKNUMBER) ; if (cptr == NULL || strcmp (trackno, cptr) != 0) { if (errors++ == 0) puts ("\n") ; - printf (" Bad track no. : %s\n", cptr) ; + printf (" Bad track no. : %s\n", NULL_PRINTF_CHECK(cptr)) ; } ; break ; } ; @@ -429,7 +431,7 @@ if (cptr == NULL || strcmp (filename, cptr) != 0) { if (errors++ == 0) puts ("\n") ; - printf (" Bad filename : %s\n", cptr) ; + printf (" Bad filename : %s\n", NULL_PRINTF_CHECK(cptr)) ; } ; if (typemajor != SF_FORMAT_MPEG) @@ -437,14 +439,14 @@ if (cptr == NULL || strcmp (copyright, cptr) != 0) { if (errors++ == 0) puts ("\n") ; - printf (" Bad copyright : %s\n", cptr) ; + printf (" Bad copyright : %s\n", NULL_PRINTF_CHECK(cptr)) ; } ; cptr = sf_get_string (file, SF_STR_SOFTWARE) ; if (cptr == NULL || strstr (cptr, software) != cptr) { if (errors++ == 0) puts ("\n") ; - printf (" Bad software : %s\n", cptr) ; + printf (" Bad software : %s\n", NULL_PRINTF_CHECK(cptr)) ; } ; if (cptr && str_count (cptr, "libsndfile") != 1) @@ -459,7 +461,7 @@ if (cptr == NULL || strcmp (id3v1_genre, cptr) != 0) { if (errors++ == 0) puts ("\n") ; - printf (" Bad genre : %s\n", cptr) ; + printf (" Bad genre : %s\n", NULL_PRINTF_CHECK(cptr)) ; } ; } ; @@ -467,14 +469,14 @@ if (cptr == NULL || strcmp (artist, cptr) != 0) { if (errors++ == 0) puts ("\n") ; - printf (" Bad artist : %s\n", cptr) ; + printf (" Bad artist : %s\n", NULL_PRINTF_CHECK(cptr)) ; } ; cptr = sf_get_string (file, SF_STR_COMMENT) ; if (cptr == NULL || strcmp (comment, cptr) != 0) { if (errors++ == 0) puts ("\n") ; - printf (" Bad comment : %s\n", cptr) ; + printf (" Bad comment : %s\n", NULL_PRINTF_CHECK(cptr)) ; } ; switch (typemajor) @@ -488,7 +490,7 @@ if (cptr == NULL || strcmp (year, cptr) != 0) { if (errors++ == 0) puts ("\n") ; - printf (" Bad date : %s\n", cptr) ; + printf (" Bad date : %s\n", NULL_PRINTF_CHECK(cptr)) ; } ; break ; @@ -497,7 +499,7 @@ if (cptr == NULL || strcmp (date, cptr) != 0) { if (errors++ == 0) puts ("\n") ; - printf (" Bad date : %s\n", cptr) ; + printf (" Bad date : %s\n", NULL_PRINTF_CHECK(cptr)) ; } ; break ; } ; @@ -507,7 +509,7 @@ if (cptr == NULL || strcmp (album, cptr) != 0) { if (errors++ == 0) puts ("\n") ; - printf (" Bad album : %s\n", cptr) ; + printf (" Bad album : %s\n", NULL_PRINTF_CHECK(cptr)) ; } ; } ; @@ -524,7 +526,7 @@ if (cptr == NULL || strcmp (license, cptr) != 0) { if (errors++ == 0) puts ("\n") ; - printf (" Bad license : %s\n", cptr) ; + printf (" Bad license : %s\n", NULL_PRINTF_CHECK(cptr)) ; } ; } ; ++++++ libsndfile-CVE-2022-33065.patch ++++++ >From 0754562e13d2e63a248a1c82f90b30bc0ffe307c Mon Sep 17 00:00:00 2001 From: Alex Stewart <alex.stew...@ni.com> Date: Tue, 10 Oct 2023 16:10:34 -0400 Subject: [PATCH] mat4/mat5: fix int overflow in dataend calculation The clang sanitizer warns of a possible signed integer overflow when calculating the `dataend` value in `mat4_read_header()`. ``` src/mat4.c:323:41: runtime error: signed integer overflow: 205 * -100663296 cannot be represented in type 'int' SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior src/mat4.c:323:41 in src/mat4.c:323:48: runtime error: signed integer overflow: 838860800 * 4 cannot be represented in type 'int' SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior src/mat4.c:323:48 in ``` Cast the offending `rows` and `cols` ints to `sf_count_t` (the type of `dataend` before performing the calculation, to avoid the issue. CVE: CVE-2022-33065 Fixes: https://github.com/libsndfile/libsndfile/issues/789 Fixes: https://github.com/libsndfile/libsndfile/issues/833 Signed-off-by: Alex Stewart <alex.stew...@ni.com> --- src/mat4.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/mat4.c b/src/mat4.c index 0b1b414b4..575683ba1 100644 --- a/src/mat4.c +++ b/src/mat4.c @@ -320,7 +320,7 @@ mat4_read_header (SF_PRIVATE *psf) psf->filelength - psf->dataoffset, psf->sf.channels * psf->sf.frames * psf->bytewidth) ; } else if ((psf->filelength - psf->dataoffset) > psf->sf.channels * psf->sf.frames * psf->bytewidth) - psf->dataend = psf->dataoffset + rows * cols * psf->bytewidth ; + psf->dataend = psf->dataoffset + (sf_count_t) rows * (sf_count_t) cols * psf->bytewidth ; psf->datalength = psf->filelength - psf->dataoffset - psf->dataend ;
