!7 Synchronize patches of master branch to LTS-Next

From: @small_leek Reviewed-by: @miao_kaibo Signed-off-by: @miao_kaibo
2020-11-27 17:05:21 +08:00 · 2020-11-27 17:05:21 +08:00 · e69b8b22b4
commit e69b8b22b4
parent 48e5c8dcfa e8c89fb65e
4 changed files with 103 additions and 3 deletions
--- a/CVE-2018-19841.patch
+++ b/CVE-2018-19841.patch
@ -0,0 +1,29 @@
+From bba5389dc598a92bdf2b297c3ea34620b6679b5b Mon Sep 17 00:00:00 2001
+From: David Bryant <david@wavpack.com>
+Date: Thu, 29 Nov 2018 21:53:51 -0800
+Subject: [PATCH] issue #54: fix potential out-of-bounds heap read
+
+---
+ src/open_utils.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/open_utils.c b/src/open_utils.c
+index 80051fc..4fe0d67 100644
+--- a/src/open_utils.c
+++ b/src/open_utils.c
+@@ -1258,13 +1258,13 @@ int WavpackVerifySingleBlock (unsigned char *buffer, int verify_checksum)
+ #endif
+ 
+             if (meta_bc == 4) {
+-                if (*dp++ != (csum & 0xff) || *dp++ != ((csum >> 8) & 0xff) || *dp++ != ((csum >> 16) & 0xff) || *dp++ != ((csum >> 24) & 0xff))
+                if (*dp != (csum & 0xff) || dp[1] != ((csum >> 8) & 0xff) || dp[2] != ((csum >> 16) & 0xff) || dp[3] != ((csum >> 24) & 0xff))
+                     return FALSE;
+             }
+             else {
+                 csum ^= csum >> 16;
+ 
+-                if (*dp++ != (csum & 0xff) || *dp++ != ((csum >> 8) & 0xff))
+                if (*dp != (csum & 0xff) || dp[1] != ((csum >> 8) & 0xff))
+                     return FALSE;
+             }
+ 
--- a/fix-memory-leak-on-opening-corrupted-files.patch
+++ b/fix-memory-leak-on-opening-corrupted-files.patch
@ -0,0 +1,21 @@
+commit cba2f967ebcc7e15d0f33e4219a1e04e2a6fc41e
+Author: David Bryant <david@wavpack.com>
+Date:   Sun Dec 8 12:06:19 2019 -0800
+
+    fix possible memory leak on opening corrupted files
+
+diff --git a/src/open_utils.c b/src/open_utils.c
+index 170c6eb..dfb7cf6 100644
+--- a/src/open_utils.c
+++ b/src/open_utils.c
+@@ -177,6 +177,11 @@ WavpackContext *WavpackOpenFileInputEx64 (WavpackStreamReader64 *reader, void *w
+             return WavpackCloseFile (wpc);
+         }
+
+        if (!wps->wphdr.block_samples) {    // free blockbuff if we're going to loop again
+            free (wps->blockbuff);
+            wps->blockbuff = NULL;
+        }
+
+         wps->init_done = TRUE;
+     }
--- a/wavpack-CVE-2019-11498.patch
+++ b/wavpack-CVE-2019-11498.patch
@ -0,0 +1,36 @@
+From bc6cba3f552c44565f7f1e66dc1580189addb2b4 Mon Sep 17 00:00:00 2001
+From: David Bryant <david@wavpack.com>
+Date: Tue, 5 Mar 2019 21:32:27 -0800
+Subject: [PATCH] issue #67: make sure sample rate is specified and non-zero in
+ DFF files
+
+---
+ cli/dsdiff.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/cli/dsdiff.c b/cli/dsdiff.c
+index f357181..193adee 100644
+--- a/cli/dsdiff.c
+++ b/cli/dsdiff.c
+@@ -171,7 +171,7 @@ int ParseDsdiffHeaderConfig (FILE *infile, char *infilename, char *fourcc, Wavpa
+             if (!strncmp (prop_chunk, "SND ", 4)) {
+                 char *cptr = prop_chunk + 4, *eptr = prop_chunk + dff_chunk_header.ckDataSize;
+                 uint16_t numChannels, chansSpecified, chanMask = 0;
+-                uint32_t sampleRate;
+                uint32_t sampleRate = 0;
+ 
+                 while (eptr - cptr >= sizeof (dff_chunk_header)) {
+                     memcpy (&dff_chunk_header, cptr, sizeof (dff_chunk_header));
+@@ -263,6 +263,12 @@ int ParseDsdiffHeaderConfig (FILE *infile, char *infilename, char *fourcc, Wavpa
+             free (prop_chunk);
+         }
+         else if (!strncmp (dff_chunk_header.ckID, "DSD ", 4)) {
+
+            if (!config->num_channels || !config->sample_rate) {
+                error_line ("%s is not a valid .DFF file!", infilename);
+                return WAVPACK_SOFT_ERROR;
+            }
+
+             total_samples = dff_chunk_header.ckDataSize / config->num_channels;
+             break;
+         }
--- a/wavpack.spec
+++ b/wavpack.spec
@ -1,6 +1,6 @@
 Name:           wavpack
 Version:        5.1.0
-Release:        10
+Release:        12
 Summary:        Hybrid Lossless Wavefile Compressor
 License:        BSD
 Url:            http://www.wavpack.com/
@ -10,7 +10,11 @@ Patch0001:      wavpack-0002-issue-28-do-not-overwrite-heap-on-corrupt-DSDIFF-fi
 Patch0002:      wavpack-0003-issue-28-fix-buffer-overflows-and-bad-allocs-on-corr.patch
 Patch0003:      wavpack-0004-issue-33-sanitize-size-of-unknown-chunks-before-mall.patch
 Patch0004:      wavpack-0005-issue-30-issue-31-issue-32-no-multiple-format-chunks.patch
-
+# fix potential out-of-bounds heapo read
+Patch0005:      wavpack-CVE-2019-11498.patch
+# make sure sample rate is specified and non-zero in DFF files       
+Patch0006:      CVE-2018-19841.patch
+Patch0007:      fix-memory-leak-on-opening-corrupted-files.patch
 Patch6000:      CVE-2018-19840.patch

 BuildRequires:  autoconf automake libtool
@ -37,7 +41,7 @@ Buildarch: noarch
 Help document for the wavpack package.

 %prep
-%autosetup -p1
+%autosetup -n %{name}-%{version} -p1

 %build
 autoreconf -ivf
@ -69,5 +73,15 @@ autoreconf -ivf
 %{_mandir}/man1/*.1*

 %changelog
+* Sat May 14 2020 lutianxiong <lutianxiong@huawei.com> - 5.1.0-12
+- Type:bugfix
+- ID:NA
+- SUG:NA
+- Fix memory leak on opening corrupted files 
+
+* Sat Mar 14 2020 wangzhishun <wangzhishun1@huawei.com> - 5.1.0-11
+- Make sure sample rate is specified and non-zero in DFF files
+- Fix potential out-of-bounds heap read 
+
 * Fri Oct 25 2019 Lijin Yang <yanglijin@huawei.com> - 5.1.0-10
 - Package init