From a82cf137cdd4df2bb1a1f3405adca21ce263aa4f Mon Sep 17 00:00:00 2001
From: penny <pennycng@outlook.com>
Date: Fri, 10 Jan 2025 11:42:54 +0800
Subject: [PATCH] fix for CVE-2018-24599

---
 audiofile.spec                |  7 +++++-
 backport-CVE-2022-24599.patch | 45 +++++++++++++++++++++++++++++++++++
 2 files changed, 51 insertions(+), 1 deletion(-)
 create mode 100644 backport-CVE-2022-24599.patch

diff --git a/audiofile.spec b/audiofile.spec
index 67368dd..b41acf7 100644
--- a/audiofile.spec
+++ b/audiofile.spec
@@ -1,6 +1,6 @@
 Name: audiofile
 Version: 0.3.6
-Release: 28
+Release: 29
 Summary: Library for reading and writing audio files in many common formats
 License: LGPLv2+ and GPLv2+
 URL: http://audiofile.68k.org/
@@ -13,6 +13,7 @@ Patch4: backport-CVE-2017-6829.patch
 Patch5: backport-CVE-2017-6831.patch
 Patch6: backport-CVE-2017-6838.patch
 Patch7: backport-CVE-2017-6839.patch
+Patch8:backport-CVE-2022-24599.patch
 
 BuildRequires: gcc-c++ libtool alsa-lib-devel flac-devel chrpath
 
@@ -82,6 +83,10 @@ chrpath --delete %{buildroot}%{_bindir}/sfconvert
 %{_mandir}/man3/*
 
 %changelog
+* Fri Jan 10 2025 pengjian <pengjian23@mails.ucas.ac.cn> - 0.3.6-29
+- enhances error checking and boundary verification in memory allocation 
+to fix potential security vulnerabilities during audio file analysis.
+
 * Tue Nov 15 2022 dillon chen <dillon.chen@gmail.com> - 0.3.6-28
 - Remove check when flac >= 1.3.4
 
diff --git a/backport-CVE-2022-24599.patch b/backport-CVE-2022-24599.patch
new file mode 100644
index 0000000..18237d0
--- /dev/null
+++ b/backport-CVE-2022-24599.patch
@@ -0,0 +1,45 @@
+diff --git a/sfcommands/printinfo.c b/sfcommands/printinfo.c
+index 60e6947..f5cf925 100644
+--- a/sfcommands/printinfo.c
++++ b/sfcommands/printinfo.c
+@@ -37,6 +37,7 @@
+ #include <stdint.h>
+ #include <stdio.h>
+ #include <stdlib.h>
++#include <limits.h>
+
+ static char *copyrightstring (AFfilehandle file);
+
+@@ -147,7 +148,11 @@ static char *copyrightstring (AFfilehandle file)
+ 	int		i, misccount;
+
+ 	misccount = afGetMiscIDs(file, NULL);
+-	miscids = (int *) malloc(sizeof (int) * misccount);
++	if(!misccount)
++		return NULL;
++	miscids = (int *) calloc(misccount, sizeof(int));
++	if(!miscids)
++		return NULL;
+ 	afGetMiscIDs(file, miscids);
+
+ 	for (i=0; i<misccount; i++)
+@@ -159,13 +164,16 @@ static char *copyrightstring (AFfilehandle file)
+ 			If this code executes, the miscellaneous chunk is a
+ 			copyright chunk.
+ 		*/
+-		int datasize = afGetMiscSize(file, miscids[i]);
+-		char *data = (char *) malloc(datasize);
++		size_t datasize = afGetMiscSize(file, miscids[i]);
++		if(datasize >= INT_MAX -1 ) {
++			goto error;
++		}
++		char *data = (char *) calloc(datasize + 1, 1);
+ 		afReadMisc(file, miscids[i], data, datasize);
+ 		copyright = data;
+ 		break;
+ 	}
+-
++error:
+ 	free(miscids);
+
+ 	return copyright;
-- 
Gitee