From 6d7431fd0f0327b2696ca10784c35df5d365f32d Mon Sep 17 00:00:00 2001 From: ctl-ly Date: Thu, 29 Dec 2022 09:57:18 +0800 Subject: [PATCH 1/2] Fix --- 0003-Fix-memory-leak-in-caf_read_header.patch | 116 ++++++++++++++++++ libsndfile.spec | 9 +- 2 files changed, 124 insertions(+), 1 deletion(-) create mode 100644 0003-Fix-memory-leak-in-caf_read_header.patch diff --git a/0003-Fix-memory-leak-in-caf_read_header.patch b/0003-Fix-memory-leak-in-caf_read_header.patch new file mode 100644 index 0000000..77c2cd8 --- /dev/null +++ b/0003-Fix-memory-leak-in-caf_read_header.patch @@ -0,0 +1,116 @@ +From c0257203fffceb23548feb8868b469dd8e7cb3b2 Mon Sep 17 00:00:00 2001 +From: ctl-ly +Date: Thu, 29 Dec 2022 09:52:51 +0800 +Subject: [PATCH] Fix memory leak in caf_read_header + +--- + ChangeLog | 26 ++++++++++++++++++++++++++ + Makefile.am | 2 +- + docs/index.md | 2 +- + include/sndfile.h.in | 4 ++-- + src/caf.c | 7 +++++++ + 5 files changed, 37 insertions(+), 4 deletions(-) + +diff --git a/ChangeLog b/ChangeLog +index 3843688..b1386ce 100644 +--- a/ChangeLog ++++ b/ChangeLog +@@ -1,3 +1,29 @@ + For changes, please see the git commit history on github: + + https://github.com/libsndfile/libsndfile/commits/master ++ ++# Changelog ++ ++All notable changes to this project will be documented in this file. ++ ++The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), ++and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). ++ ++## [Unreleased] ++ ++### Added ++ ++* This `CHANGELOG.md`. All notable changes to this project will be documented in ++this file. The old `NEWS` file has been renamed to `NEWS.OLD` and is no longer ++updated. ++ ++### Changed ++* `SFC_SET_DITHER_ON_READ` and `SFC_SET_DITHER_ON_WRITE` enums comments in ++public header (#677). ++ ++### Fixed ++ ++* Typo in `docs/index.md`. ++* Memory leak in `caf_read_header`(), credit to OSS-Fuzz ([issue 30375](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=30375)). ++ ++[Unreleased]: https://github.com/libsndfile/libsndfile/compare/1.0.31...HEAD +diff --git a/Makefile.am b/Makefile.am +index 0b8bfa1..13ead22 100644 +--- a/Makefile.am ++++ b/Makefile.am +@@ -13,7 +13,7 @@ endif + endif + + EXTRA_DIST = libsndfile.spec.in sndfile.pc.in Scripts/android-configure.sh \ +- Scripts/linux-to-win-cross-configure.sh \ ++ NEWS.OLD CHANGELOG.md Scripts/linux-to-win-cross-configure.sh \ + CMakeLists.txt $(cmake_files) Win32 + + cmake_files = cmake/ClipMode.cmake cmake/FindFLAC.cmake \ +diff --git a/docs/index.md b/docs/index.md +index 3779fdf..ee6bd07 100644 +--- a/docs/index.md ++++ b/docs/index.md +@@ -194,7 +194,7 @@ long as you abide by [the license](http://www.gnu.org/copyleft/lesser.html). + Check latest version on + [GitHub Releases page](https://github.com/libsndfile/libsndfile/releases/). + +-Binatries and source packages are signed by current releaser David Seifert aka ++Binaries and source packages are signed by current releaser David Seifert aka + @SoapGentoo. You can verify signatures with his public GPG key: + + ``` +diff --git a/include/sndfile.h.in b/include/sndfile.h.in +index 917ff4b..970fb26 100644 +--- a/include/sndfile.h.in ++++ b/include/sndfile.h.in +@@ -173,6 +173,7 @@ enum + + SFC_SET_RAW_START_OFFSET = 0x1090, + ++ /* Commands reserved for dithering, which is not implemented. */ + SFC_SET_DITHER_ON_WRITE = 0x10A0, + SFC_SET_DITHER_ON_READ = 0x10A1, + +@@ -386,8 +387,7 @@ typedef struct + + /* + ** Enums and typedefs for adding dither on read and write. +-** See the html documentation for sf_command(), SFC_SET_DITHER_ON_WRITE +-** and SFC_SET_DITHER_ON_READ. ++** Reserved for future implementation. + */ + + enum +diff --git a/src/caf.c b/src/caf.c +index 45b1dba..a4128b6 100644 +--- a/src/caf.c ++++ b/src/caf.c +@@ -416,6 +416,13 @@ caf_read_header (SF_PRIVATE *psf) + return SFE_CAF_BAD_PEAK ; + } ; + ++ if (psf->peak_info) ++ { psf_log_printf (psf, "*** Found existing peak info, using last one.\n") ; ++ free (psf->peak_info) ; ++ psf->peak_info = NULL ; ++ } ; ++ ++ + if ((psf->peak_info = peak_info_calloc (psf->sf.channels)) == NULL) + return SFE_MALLOC_FAILED ; + +-- +2.27.0 + diff --git a/libsndfile.spec b/libsndfile.spec index 1d869da..b11ecc7 100644 --- a/libsndfile.spec +++ b/libsndfile.spec @@ -1,6 +1,6 @@ Name: libsndfile Version: 1.0.31 -Release: 2 +Release: 3 Summary: Library for reading and writing sound files License: LGPLv2+ and GPLv2+ and BSD URL: http://libsndfile.github.io/libsndfile @@ -12,6 +12,7 @@ BuildRequires: sqlite-devel Patch1: 0001-CVE-2021-3246.patch Patch2: 0002-CVE-2021-4156.patch +Patch3: 0003-Fix-memory-leak-in-caf_read_header.patch %description Libsndfile is a C library for reading and writing files containing @@ -116,6 +117,12 @@ LD_LIBRARY_PATH=$PWD/src/.libs make check %{_mandir}/man1/sndfile-salvage.1* %changelog +Wed Dec 28 2022 liying - 1.0.31-3 +- Marked unimplemented dither enums in the header file as such. +- Fix typo +- Add Changelog.md +- Fix memory leak in caf_read_header + * Mon May 16 2022 zhouwenpei - 1.0.31-2 - fix CVE-2021-4156 -- Gitee From b0efc06734e4e614387f34926765c5fbbdfd4999 Mon Sep 17 00:00:00 2001 From: ctl-ly Date: Thu, 29 Dec 2022 10:06:36 +0800 Subject: [PATCH 2/2] fix --- libsndfile.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libsndfile.spec b/libsndfile.spec index b11ecc7..6b761d3 100644 --- a/libsndfile.spec +++ b/libsndfile.spec @@ -117,7 +117,7 @@ LD_LIBRARY_PATH=$PWD/src/.libs make check %{_mandir}/man1/sndfile-salvage.1* %changelog -Wed Dec 28 2022 liying - 1.0.31-3 +* Wed Dec 28 2022 liying - 1.0.31-3 - Marked unimplemented dither enums in the header file as such. - Fix typo - Add Changelog.md -- Gitee