libsndfile: fix CVE-2021-4156 heap out-of-bounds read in src/flac.c in flac_buffer_copy

Upstream-Status: Backport from https://github.com/libsndfile/libsndfile/commit/ced91d7b971be6173b604154c39279ce90ad87cc (From OE-Core rev: d922a288f79834d8f1120a4454b97803290e5c36) Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
author: Vivek Kumbhar <vkumbhar@mvista.com> 2023-12-14 16:55:42 +0530
committer: Steve Sakoman <steve@sakoman.com> 2023-12-21 05:17:55 -1000
commit: c7fbe91c2a2db78dd7ba44021ef972ec20da8b3a (patch)
tree: 048ec1ef05a1e6f042865cb0b795a7fde8b0a333
parent: 3eda06c358c313368c25c99e6f8b2635ca4b4bd0 (diff)
download: poky-c7fbe91c2a2db78dd7ba44021ef972ec20da8b3a.tar.gz
2 files changed, 31 insertions, 0 deletions
diff --git a/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2021-4156.patch b/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2021-4156.patch
new file mode 100644
index 0000000000..f7ae82588f
--- /dev/null
+++ b/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2021-4156.patch
@@ -0,0 +1,30 @@
+From ced91d7b971be6173b604154c39279ce90ad87cc Mon Sep 17 00:00:00 2001
+From: yuan <ssspeed00@gmail.com>
+Date: Tue, 20 Apr 2021 16:16:32 +0800
+Subject: [PATCH] flac: Fix improper buffer reusing (#732)
+Upstream-Status: Backport [https://github.com/libsndfile/libsndfile/commit/ced91d7b971be6173b604154c39279ce90ad87cc]
+CVE: CVE-2021-4156
+Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com>
+---
+ src/flac.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+diff --git a/src/flac.c b/src/flac.c
+index 0be82ac..4fa5cfa 100644
+--- a/src/flac.c
+++ b/src/flac.c
+@@ -952,7 +952,11 @@ flac_read_loop (SF_PRIVATE *psf, unsigned len)
+        /* Decode some more. */
+        while (pflac->pos < pflac->len)
+        {       if (FLAC__stream_decoder_process_single (pflac->fsd) == 0)
+               {       psf_log_printf (psf, "FLAC__stream_decoder_process_single returned false\n") ;
+                       /* Current frame is busted, so NULL the pointer. */
+                       pflac->frame = NULL ;
+                        break ;
+                       } ;
+                state = FLAC__stream_decoder_get_state (pflac->fsd) ;
+                if (state >= FLAC__STREAM_DECODER_END_OF_STREAM)
+                {       psf_log_printf (psf, "FLAC__stream_decoder_get_state returned %s\n", FLAC__StreamDecoderStateString [state]) ;
+--
+2.40.1
diff --git a/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb b/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb
index 32b678ce90..fb7d94ab75 100644
--- a/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb
+++ b/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb
@@ -23,6 +23,7 @@ SRC_URI = "http://www.mega-nerd.com/libsndfile/files/libsndfile-${PV}.tar.gz \
           file://CVE-2021-3246_1.patch \
           file://CVE-2021-3246_2.patch \
           file://CVE-2022-33065.patch \
+           file://CVE-2021-4156.patch \
           "
 SRC_URI[md5sum] = "646b5f98ce89ac60cdb060fcd398247c"
author	Vivek Kumbhar <vkumbhar@mvista.com>	2023-12-14 16:55:42 +0530
committer	Steve Sakoman <steve@sakoman.com>	2023-12-21 05:17:55 -1000
commit	c7fbe91c2a2db78dd7ba44021ef972ec20da8b3a (patch)
tree	048ec1ef05a1e6f042865cb0b795a7fde8b0a333
parent	3eda06c358c313368c25c99e6f8b2635ca4b4bd0 (diff)
download	poky-c7fbe91c2a2db78dd7ba44021ef972ec20da8b3a.tar.gz

diff --git a/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2021-4156.patch b/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2021-4156.patch new file mode 100644 index 0000000000..f7ae82588f --- /dev/null +++ b/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2021-4156.patch
@@ -0,0 +1,30 @@
		1	From ced91d7b971be6173b604154c39279ce90ad87cc Mon Sep 17 00:00:00 2001
		2	From: yuan <ssspeed00@gmail.com>
		3	Date: Tue, 20 Apr 2021 16:16:32 +0800
		4	Subject: [PATCH] flac: Fix improper buffer reusing (#732)
		5
		6	Upstream-Status: Backport [https://github.com/libsndfile/libsndfile/commit/ced91d7b971be6173b604154c39279ce90ad87cc]
		7	CVE: CVE-2021-4156
		8	Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com>
		9	---
		10	src/flac.c \| 4 ++++
		11	1 file changed, 4 insertions(+)
		12
		13	diff --git a/src/flac.c b/src/flac.c
		14	index 0be82ac..4fa5cfa 100644
		15	--- a/src/flac.c
		16	+++ b/src/flac.c
		17	@@ -952,7 +952,11 @@ flac_read_loop (SF_PRIVATE *psf, unsigned len)
		18	/* Decode some more. */
		19	while (pflac->pos < pflac->len)
		20	{ if (FLAC__stream_decoder_process_single (pflac->fsd) == 0)
		21	+ { psf_log_printf (psf, "FLAC__stream_decoder_process_single returned false\n") ;
		22	+ /* Current frame is busted, so NULL the pointer. */
		23	+ pflac->frame = NULL ;
		24	break ;
		25	+ } ;
		26	state = FLAC__stream_decoder_get_state (pflac->fsd) ;
		27	if (state >= FLAC__STREAM_DECODER_END_OF_STREAM)
		28	{ psf_log_printf (psf, "FLAC__stream_decoder_get_state returned %s\n", FLAC__StreamDecoderStateString [state]) ;
		29	--
		30	2.40.1


diff --git a/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb b/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb index 32b678ce90..fb7d94ab75 100644 --- a/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb +++ b/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb
@@ -23,6 +23,7 @@ SRC_URI = "http://www.mega-nerd.com/libsndfile/files/libsndfile-${PV}.tar.gz \
23	file://CVE-2021-3246_1.patch \	23	file://CVE-2021-3246_1.patch \
24	file://CVE-2021-3246_2.patch \	24	file://CVE-2021-3246_2.patch \
25	file://CVE-2022-33065.patch \	25	file://CVE-2022-33065.patch \
		26	file://CVE-2021-4156.patch \
26	"	27	"
27		28
28	SRC_URI[md5sum] = "646b5f98ce89ac60cdb060fcd398247c"	29	SRC_URI[md5sum] = "646b5f98ce89ac60cdb060fcd398247c"