[arch-commits] CVS update of extra/lib/libsndfile (PKGBUILD flac-buffer-overflow.patch)

Tobias Powalowski tpowa at archlinux.org
Sun Sep 30 11:09:36 UTC 2007 

    Date: Sunday, September 30, 2007 @ 07:09:36
  Author: tpowa
    Path: /home/cvs-extra/extra/lib/libsndfile

   Added: flac-buffer-overflow.patch (1.1)
Modified: PKGBUILD (1.10 -> 1.11)

'upgpgk: added security fix'


----------------------------+
 PKGBUILD                   |   14 +++++++++-----
 flac-buffer-overflow.patch |   40 ++++++++++++++++++++++++++++++++++++++++
 2 files changed, 49 insertions(+), 5 deletions(-)


Index: extra/lib/libsndfile/PKGBUILD
diff -u extra/lib/libsndfile/PKGBUILD:1.10 extra/lib/libsndfile/PKGBUILD:1.11
--- extra/lib/libsndfile/PKGBUILD:1.10	Sun Mar 11 04:06:10 2007
+++ extra/lib/libsndfile/PKGBUILD	Sun Sep 30 07:09:36 2007
@@ -1,23 +1,27 @@
-# $Id: PKGBUILD,v 1.10 2007/03/11 08:06:10 tpowa Exp $
+# $Id: PKGBUILD,v 1.11 2007/09/30 11:09:36 tpowa Exp $
 # Maintainer: Arjan Timmerman <arjan at archlinux.org>
 # Contributor: Tom Newsom <Jeepster at gmx.co.uk>
 pkgname=libsndfile
 pkgver=1.0.17
-pkgrel=1
-options="NOLIBTOOL"
+pkgrel=2
+options=(!libtool)
 pkgdesc="a C library for reading and writing files containing sampled sound"
 arch=(i686 x86_64)
 url="http://www.mega-nerd.com/libsndfile"
 depends=('alsa-lib' 'flac>=1.1.4')
-source=(http://www.mega-nerd.com/libsndfile/$pkgname-$pkgver.tar.gz flac-1.1.4.patch)
+source=(http://www.mega-nerd.com/libsndfile/$pkgname-$pkgver.tar.gz flac-1.1.4.patch flac-buffer-overflow.patch)
 md5sums=('2d126c35448503f6dbe33934d9581f6b' '87efbec75b3321e4a015ad2dfc3ee965')
 
 build() {
   cd $startdir/src/$pkgname-$pkgver
-  patch -Np1 -i ../flac-1.1.4.patch
+  patch -Np1 -i ../flac-1.1.4.patch || return 1
+  patch -Np1 -i ../flac-buffer-overflow.patch || return 1
   aclocal
   automake
   ./configure --prefix=/usr --disable-sqlite
   make || return 1
   make DESTDIR=$startdir/pkg install
 }
+md5sums=('2d126c35448503f6dbe33934d9581f6b'
+         '87efbec75b3321e4a015ad2dfc3ee965'
+         '6cd2ad05491221f1d3a0e3e5131a5642')
Index: extra/lib/libsndfile/flac-buffer-overflow.patch
diff -u /dev/null extra/lib/libsndfile/flac-buffer-overflow.patch:1.1
--- /dev/null	Sun Sep 30 07:09:36 2007
+++ extra/lib/libsndfile/flac-buffer-overflow.patch	Sun Sep 30 07:09:36 2007
@@ -0,0 +1,40 @@
+Index: libsndfile-1.0.17/src/flac.c
+===================================================================
+--- libsndfile-1.0.17.orig/src/flac.c
++++ libsndfile-1.0.17/src/flac.c
+@@ -57,7 +57,7 @@ flac_open (SF_PRIVATE *psf)
+ ** Private static functions.
+ */
+ 
+-#define ENC_BUFFER_SIZE 4096
++#define ENC_BUFFER_SIZE 8192
+ 
+ typedef enum
+ {	PFLAC_PCM_SHORT = 0,
+@@ -202,6 +202,17 @@ flac_buffer_copy (SF_PRIVATE *psf)
+ 	const FLAC__int32* const *buffer = pflac->wbuffer ;
+ 	unsigned i = 0, j, offset ;
+ 
++	/*
++	**	frame->header.blocksize is variable and we're using a constant blocksize
++	**	of FLAC__MAX_BLOCK_SIZE.
++	**	Check our assumptions here.
++	*/
++	if (frame->header.blocksize > FLAC__MAX_BLOCK_SIZE)
++	{	psf_log_printf (psf, "Ooops : frame->header.blocksize (%d) > FLAC__MAX_BLOCK_SIZE (%d)\n", __func__, __LINE__, frame->header.blocksize, FLAC__MAX_BLOCK_SIZE) ;
++		psf->error = SFE_INTERNAL ;
++		return 0 ;
++		} ;
++
+ 	if (pflac->ptr == NULL)
+ 	{	/*
+ 		**	Not sure why this code is here and not elsewhere.
+@@ -210,7 +221,7 @@ flac_buffer_copy (SF_PRIVATE *psf)
+ 		pflac->bufferbackup = SF_TRUE ;
+ 		for (i = 0 ; i < frame->header.channels ; i++)
+ 		{	if (pflac->rbuffer [i] == NULL)
+-				pflac->rbuffer [i] = calloc (frame->header.blocksize, sizeof (FLAC__int32)) ;
++				pflac->rbuffer [i] = calloc (FLAC__MAX_BLOCK_SIZE, sizeof (FLAC__int32)) ;
+ 			memcpy (pflac->rbuffer [i], buffer [i], frame->header.blocksize * sizeof (FLAC__int32)) ;
+ 			} ;
+ 		pflac->wbuffer = (const FLAC__int32* const*) pflac->rbuffer ;

More information about the arch-commits mailing list