From c70f69a90a15590cbfde48e61a42078ad47116a5 Mon Sep 17 00:00:00 2001 From: Miroslav Lichvar Date: Mon, 3 Jun 2013 13:31:09 +0200 Subject: [PATCH] fix memory corruption in metaflac (#969259) --- flac-metaflac_strcat.patch | 29 +++++++++++++++++++++++++++++ flac.spec | 3 +++ 2 files changed, 32 insertions(+) create mode 100644 flac-metaflac_strcat.patch diff --git a/flac-metaflac_strcat.patch b/flac-metaflac_strcat.patch new file mode 100644 index 0000000..78f534e --- /dev/null +++ b/flac-metaflac_strcat.patch @@ -0,0 +1,29 @@ +From 78055800dd8fd2563e9248fcafda81a211fcc4d2 Mon Sep 17 00:00:00 2001 +From: Miroslav Lichvar +Date: Mon, 3 Jun 2013 12:54:59 +0200 +Subject: [PATCH 1/2] metaflac : Fix local_strcat() to terminate string + correctly. + +The NUL char is written at incorrect place when the destination string +is longer than 0, which causes memory corruption. It was broken by +commit 2d6354ff2a618a79d40edbd4f208b4b07c5422f1. +--- + src/metaflac/utils.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/metaflac/utils.c b/src/metaflac/utils.c +index 097537b..8a31daa 100644 +--- a/src/metaflac/utils.c ++++ b/src/metaflac/utils.c +@@ -75,7 +75,7 @@ void local_strcat(char **dest, const char *source) + *dest = safe_realloc_add_3op_(*dest, ndest, /*+*/nsource, /*+*/1); + if(0 == *dest) + die("out of memory growing string"); +- safe_strncpy((*dest)+ndest, source, ndest + nsource + 1); ++ safe_strncpy((*dest)+ndest, source, nsource + 1); + } + + static inline int local_isprint(int c) +-- +1.8.1.4 + diff --git a/flac.spec b/flac.spec index 46ee8b0..29f5091 100644 --- a/flac.spec +++ b/flac.spec @@ -17,6 +17,8 @@ BuildRequires: automake autoconf libtool gettext-devel doxygen BuildRequires: nasm >= 2.0 %endif +Patch1: flac-metaflac_strcat.patch + %description FLAC stands for Free Lossless Audio Codec. Grossly oversimplified, FLAC is similar to Ogg Vorbis, but lossless. The FLAC project consists of @@ -54,6 +56,7 @@ will use the Free Lossless Audio Codec. %prep %setup -q +%patch1 -p1 -b .metaflac-strcat %build # use our libtool to avoid problems with RPATH