commit libsndfile for openSUSE:Factory

root Mon, 10 Dec 2018 03:26:51 -0800

Hello community,

here is the log from the commit of package libsndfile for openSUSE:Factory 
checked in at 2018-12-10 12:26:32
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/libsndfile (Old)
 and      /work/SRC/openSUSE:Factory/.libsndfile.new.19453 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Package is "libsndfile"

Mon Dec 10 12:26:32 2018 rev:57 rq:653853 version:1.0.28

Changes:
--------
--- /work/SRC/openSUSE:Factory/libsndfile/libsndfile.changes    2018-11-28 
11:09:31.375222654 +0100
+++ /work/SRC/openSUSE:Factory/.libsndfile.new.19453/libsndfile.changes 
2018-12-10 12:26:33.946633209 +0100
@@ -1,0 +2,7 @@
+Tue Dec  4 13:42:05 CET 2018 - [email protected]
+
+- Fix segfault in wav conversion due to the invalid loop count
+  (CVE-2018-19758, bsc#1117954):
+  libsndfile-wav-loop-count-fix.patch
+
+-------------------------------------------------------------------

New:
----
  libsndfile-wav-loop-count-fix.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ libsndfile.spec ++++++
--- /var/tmp/diff_new_pack.kS6361/_old  2018-12-10 12:26:34.650632506 +0100
+++ /var/tmp/diff_new_pack.kS6361/_new  2018-12-10 12:26:34.654632502 +0100
@@ -40,6 +40,8 @@
 Patch32:        libsndfile-CVE-2017-17456-alaw-range-check.patch
 Patch33:        libsndfile-CVE-2017-17457-ulaw-range-check.patch
 Patch34:        sndfile-deinterlace-channels-check.patch
+# not yet upstreamed, CVE-2018-19758, bsc#1117954
+Patch40:        libsndfile-wav-loop-count-fix.patch
 # PATCH-FIX-OPENSUSE
 Patch100:       sndfile-ocloexec.patch
 BuildRequires:  alsa-devel
@@ -96,6 +98,7 @@
 %patch32 -p1
 %patch33 -p1
 %patch34 -p1
+%patch40 -p1
 %patch100 -p1
 
 %build


++++++ libsndfile-wav-loop-count-fix.patch ++++++
From: Takashi Iwai <[email protected]>
Subject: wav: Fix segfault due to invalid loop_count
References: CVE-2018-19758, bsc#1117954

The psf->instrument->loop_count can be over the actual loops array size,
and it leads to a segfault.

Just add the loop size fix to address it.

Signed-off-by: Takashi Iwai <[email protected]>

---
 src/wav.c |    3 +++
 1 file changed, 3 insertions(+)

--- a/src/wav.c
+++ b/src/wav.c
@@ -1097,6 +1097,9 @@ wav_write_header (SF_PRIVATE *psf, int c
                for (tmp = 0 ; tmp < psf->instrument->loop_count ; tmp++)
                {       int type ;
 
+                       if (tmp >= ARRAY_LEN (psf->instrument->loops))
+                               break;
+
                        type = psf->instrument->loops [tmp].mode ;
                        type = (type == SF_LOOP_FORWARD ? 0 : type == 
SF_LOOP_BACKWARD ? 2 : type == SF_LOOP_ALTERNATING ? 1 : 32) ;

commit libsndfile for openSUSE:Factory

Reply via email to