From c6944a81733995053d21ce3ee76d6193a7eb7a0d Mon Sep 17 00:00:00 2001 From: zhangnaichuan Date: Fri, 7 Mar 2025 09:33:03 +0000 Subject: [PATCH] fix CVE-2024-50612 --- backport-CVE-2024-50612.patch | 53 +++++++++++++++++++++++++++++++++++ libsndfile.spec | 8 +++++- 2 files changed, 60 insertions(+), 1 deletion(-) create mode 100644 backport-CVE-2024-50612.patch diff --git a/backport-CVE-2024-50612.patch b/backport-CVE-2024-50612.patch new file mode 100644 index 0000000..5ab07a2 --- /dev/null +++ b/backport-CVE-2024-50612.patch @@ -0,0 +1,53 @@ +From 274198fd95152b412ada49be059258ec0efca272 Mon Sep 17 00:00:00 2001 +From: Arthur Taylor +Date: Fri, 15 Nov 2024 19:46:53 -0800 +Subject: [PATCH] sec/ogg: better checking for vorbis + +--- + src/ogg_vorbis.c | 16 ++++++++++------ + 1 file changed, 10 insertions(+), 6 deletions(-) + +diff --git a/src/ogg_vorbis.c b/src/ogg_vorbis.c +index 78acd38..ede7a3d 100644 +--- a/src/ogg_vorbis.c ++++ b/src/ogg_vorbis.c +@@ -423,8 +423,10 @@ vorbis_write_header (SF_PRIVATE *psf, int UNUSED (calc_length)) + * audio data will start on a new page, as per spec + */ + while ((result = ogg_stream_flush (&odata->ostream, &odata->opage)) != 0) +- { psf_fwrite (odata->opage.header, 1, odata->opage.header_len, psf) ; +- psf_fwrite (odata->opage.body, 1, odata->opage.body_len, psf) ; ++ { if (psf_fwrite (odata->opage.header, 1, odata->opage.header_len, psf) < 0) ++ return -1; ++ if (psf_fwrite (odata->opage.body, 1, odata->opage.body_len, psf) < 0) ++ return -1; + } ; + } + +@@ -435,7 +437,7 @@ static int + vorbis_close (SF_PRIVATE *psf) + { OGG_PRIVATE* odata = psf->container_data ; + VORBIS_PRIVATE *vdata = psf->codec_data ; +- ++ int ret = 0; + if (odata == NULL || vdata == NULL) + return 0 ; + +@@ -445,9 +447,11 @@ vorbis_close (SF_PRIVATE *psf) + if (psf->file.mode == SFM_WRITE) + { + if (psf->write_current <= 0) +- vorbis_write_header (psf, 0) ; +- +- vorbis_analysis_wrote (&vdata->vdsp, 0) ; ++ ret = vorbis_write_header (psf, 0) ; ++ if (ret == 0) ++ { ++ ret = vorbis_analysis_wrote (&vdata->vdsp, 0) ; ++ } + while (vorbis_analysis_blockout (&vdata->vdsp, &vdata->vblock) == 1) + { + +-- +2.33.0 + diff --git a/libsndfile.spec b/libsndfile.spec index efbfd1b..4818ef9 100644 --- a/libsndfile.spec +++ b/libsndfile.spec @@ -1,6 +1,6 @@ Name: libsndfile Version: 1.0.28 -Release: 21 +Release: 22 Summary: Library for reading and writing sound files License: LGPLv2+ and GPLv2+ and BSD URL: http://www.mega-nerd.com/libsndfile/ @@ -24,6 +24,7 @@ Patch6006: libsndfile-1.0.28-CVE-2017-8362.patch Patch6007: backport-CVE-2021-3246.patch Patch6008: backport-CVE-2021-4156.patch Patch6009: backport-CVE-2022-33065.patch +Patch6010: backport-CVE-2024-50612.patch %description Libsndfile is a C library for reading and writing files containing @@ -130,6 +131,11 @@ LD_LIBRARY_PATH=$PWD/src/.libs make check %{_mandir}/man1/sndfile-salvage.1* %changelog +* Fri Mar 07 2025 zhangnaichuan - 1.0.28-22 +- Type:CVE +- CVE:CVE-2024-50612 +- DESC:fix CVE-2024-50612 + * Thu Dec 21 2023 xuyuchao - 1.0.28-21 - Type:CVE - CVE:CVE-2023-33065 -- Gitee