rpms/flac
6
0
Fork 0
Code Issues Pull Requests Releases Activity

handle end-of-stream when encoding with verification (CVE-2021-0561)

Browse Source 
Resolves: CVE-2021-0561
This commit is contained in:
Miroslav Lichvar 2022-05-05 10:36:22 +02:00
parent 2cb1956f22
commit c5a69e606b
2 changed files with 31 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
flac-cve-2021-0561.patch Normal file
View File

@ -0,0 +1,28 @@
commit e1575e4a7c5157cbf4e4a16dbd39b74f7174c7be
Author: Neelkamal Semwal <neelkamal.semwal@ittiam.com>
Date: Fri Dec 18 22:28:36 2020 +0530
libFlac: Exit at EOS in verify mode
When verify mode is enabled, once decoder flags end of stream,
encode processing is considered complete.
CVE-2021-0561
Signed-off-by: Ralph Giles <giles@thaumas.net>
diff --git a/src/libFLAC/stream_encoder.c b/src/libFLAC/stream_encoder.c
index 4c91247f..7109802c 100644
--- a/src/libFLAC/stream_encoder.c
+++ b/src/libFLAC/stream_encoder.c
@@ -2610,7 +2610,9 @@ FLAC__bool write_bitbuffer_(FLAC__StreamEncoder *encoder, uint32_t samples, FLAC
encoder->private_->verify.needs_magic_hack = true;
}
else {
- if(!FLAC__stream_decoder_process_single(encoder->private_->verify.decoder)) {
+ if(!FLAC__stream_decoder_process_single(encoder->private_->verify.decoder)
+ || (!is_last_block
+ && (FLAC__stream_encoder_get_verify_decoder_state(encoder) == FLAC__STREAM_DECODER_END_OF_STREAM))) {
FLAC__bitwriter_release_buffer(encoder->private_->frame);
FLAC__bitwriter_clear(encoder->private_->frame);
if(encoder->protected_->state != FLAC__STREAM_ENCODER_VERIFY_MISMATCH_IN_AUDIO_DATA)

3
flac.spec
View File

@ -26,6 +26,8 @@ BuildRequires: nasm >= 2.0
BuildRequires: make
Patch1: flac-cve-2020-0499.patch
# handle end-of-stream when encoding with verification
Patch2: flac-cve-2021-0561.patch
%description
FLAC stands for Free Lossless Audio Codec. Grossly oversimplified, FLAC
@ -75,6 +77,7 @@ This is the input plugin for XMMS to be able to read FLAC files.
%prep
%setup -q
%patch1 -p1 -b .cve-2020-0499
%patch2 -p1 -b .cve-2021-0561
%build
# use our libtool to avoid problems with RPATH