rpms/flac
7
0
Fork 0
Code Issues Pull Requests Releases Activity

fix out-of-bounds read in decoder (CVE-2020-0499)

Browse Source
This commit is contained in:
Miroslav Lichvar 2021-01-07 10:32:19 +01:00
parent 6d8487fcd0
commit e697993caa
2 changed files with 26 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
flac-cve-2020-0499.patch Normal file
View File

@ -0,0 +1,23 @@
commit 2e7931c27eb15e387da440a37f12437e35b22dd4
Author: Erik de Castro Lopo <erikd@mega-nerd.com>
Date: Mon Oct 7 12:55:58 2019 +1100
libFLAC/bitreader.c: Fix out-of-bounds read
Credit: Oss-Fuzz
Issue: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=17069
Testcase: fuzzer_decoder-5670265022840832
diff --git a/src/libFLAC/bitreader.c b/src/libFLAC/bitreader.c
index 5e4b5918..3df4d02c 100644
--- a/src/libFLAC/bitreader.c
+++ b/src/libFLAC/bitreader.c
@@ -869,7 +869,7 @@ incomplete_lsbs:
cwords = br->consumed_words;
words = br->words;
ucbits = FLAC__BITS_PER_WORD - br->consumed_bits;
- b = br->buffer[cwords] << br->consumed_bits;
+ b = cwords < br->capacity ? br->buffer[cwords] << br->consumed_bits : 0;
} while(cwords >= words && val < end);
}

3
flac.spec
View File

@ -25,6 +25,8 @@ BuildRequires: nasm >= 2.0
%endif %endif
BuildRequires: make BuildRequires: make
Patch1: flac-cve-2020-0499.patch
%description %description
FLAC stands for Free Lossless Audio Codec. Grossly oversimplified, FLAC FLAC stands for Free Lossless Audio Codec. Grossly oversimplified, FLAC
is similar to Ogg Vorbis, but lossless. The FLAC project consists of is similar to Ogg Vorbis, but lossless. The FLAC project consists of
@ -72,6 +74,7 @@ This is the input plugin for XMMS to be able to read FLAC files.
%prep %prep
%setup -q %setup -q
%patch1 -p1 -b .cve-2020-0499
%build %build
# use our libtool to avoid problems with RPATH # use our libtool to avoid problems with RPATH