void-packages/srcpkgs/libsndfile/patches/CVE-2017-6892.patch

Description: Fix for CVE-2017-6892
Author: Erik de Castro Lopez
Origin: https://github.com/erikd/libsndfile/commit/f833c53cb596e9e1792949f762e0b33661822748
Applied-Upstream: https://github.com/erikd/libsndfile/commit/f833c53cb596e9e1792949f762e0b33661822748
Last-Update: 2017-06-20
---
This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
--- libsndfile.orig/src/aiff.c
+++ libsndfile/src/aiff.c
@@ -1905,7 +1905,7 @@
 		psf_binheader_readf (psf, "j", dword - bytesread) ;
 
 	if (map_info->channel_map != NULL)
-	{	size_t chanmap_size = psf->sf.channels * sizeof (psf->channel_map [0]) ;
+	{	size_t chanmap_size = SF_MIN (psf->sf.channels, layout_tag & 0xffff) * sizeof (psf->channel_map [0]) ;
 
 		free (psf->channel_map) ;
libsndfile: apply security fixes from upstream fixes: CVE-2017-12562 CVE-2017-14245 CVE-2017-14246 CVE-2017-14634 CVE-2017-6892 CVE-2017-8362 CVE-2017-8363 CVE-2017-8365 CVE-2018-13139 2018-10-02 13:31:20 +02:00			`Description: Fix for CVE-2017-6892`
			`Author: Erik de Castro Lopez`
			`Origin: https://github.com/erikd/libsndfile/commit/f833c53cb596e9e1792949f762e0b33661822748`
			`Applied-Upstream: https://github.com/erikd/libsndfile/commit/f833c53cb596e9e1792949f762e0b33661822748`
			`Last-Update: 2017-06-20`
			`---`
			`This patch header follows DEP-3: http://dep.debian.net/deps/dep3/`
			`--- libsndfile.orig/src/aiff.c`
			`+++ libsndfile/src/aiff.c`
			`@@ -1905,7 +1905,7 @@`
			`psf_binheader_readf (psf, "j", dword - bytesread) ;`

			`if (map_info->channel_map != NULL)`
			`- { size_t chanmap_size = psf->sf.channels * sizeof (psf->channel_map [0]) ;`
			`+ { size_t chanmap_size = SF_MIN (psf->sf.channels, layout_tag & 0xffff) * sizeof (psf->channel_map [0]) ;`

			`free (psf->channel_map) ;`