From 886a111ea13fe21707983d3475283d05af6cf18e Mon Sep 17 00:00:00 2001 From: chenjianhu Date: Wed, 2 Jul 2025 13:10:02 +0800 Subject: [PATCH 1/2] fix CVE-2024-50612 --- libsndfile-1.0.28-CVE-2024-50612.patch | 335 +++++++++++++++++++++++++ libsndfile.spec | 10 +- 2 files changed, 343 insertions(+), 2 deletions(-) create mode 100644 libsndfile-1.0.28-CVE-2024-50612.patch diff --git a/libsndfile-1.0.28-CVE-2024-50612.patch b/libsndfile-1.0.28-CVE-2024-50612.patch new file mode 100644 index 0000000..340d6b8 --- /dev/null +++ b/libsndfile-1.0.28-CVE-2024-50612.patch @@ -0,0 +1,335 @@ +diff -Nur a/src/ogg.c b/src/ogg.c +--- a/src/ogg.c 2017-04-01 15:18:02.000000000 +0800 ++++ b/src/ogg.c 2025-06-30 17:21:55.359316837 +0800 +@@ -45,6 +45,20 @@ + static int ogg_page_classify (SF_PRIVATE * psf, const ogg_page * og) ; + + int ++ogg_write_page (SF_PRIVATE *psf, ogg_page *page) ++{ int n ; ++ ++ n = psf_fwrite (page->header, 1, page->header_len, psf) ; ++ if (n == page->header_len) ++ n += psf_fwrite (page->body, 1, page->body_len, psf) ; ++ ++ if (n != page->body_len + page->header_len) ++ return -1 ; ++ ++ return n ; ++} /* ogg_write_page */ ++ ++int + ogg_open (SF_PRIVATE *psf) + { OGG_PRIVATE* odata = calloc (1, sizeof (OGG_PRIVATE)) ; + sf_count_t pos = psf_ftell (psf) ; +diff -Nur a/src/ogg.h b/src/ogg.h +--- a/src/ogg.h 2016-05-13 06:52:55.000000000 +0800 ++++ b/src/ogg.h 2025-06-30 17:22:25.921159657 +0800 +@@ -41,6 +41,11 @@ + int codec ; + } OGG_PRIVATE ; + ++/* ++** Write the whole Ogg page out. Convenience function as the ogg_page struct ++** splits header and body data into separate buffers. ++*/ ++int ogg_write_page (SF_PRIVATE *, ogg_page *) ; + + #define readint(buf, base) (((buf [base + 3] << 24) & 0xff000000) | \ + ((buf [base + 2] <<16) & 0xff0000) | \ +diff -Nur a/src/ogg_vorbis.c b/src/ogg_vorbis.c +--- a/src/ogg_vorbis.c 2017-04-01 15:18:02.000000000 +0800 ++++ b/src/ogg_vorbis.c 2025-07-01 18:13:54.394002685 +0800 +@@ -76,24 +76,6 @@ + + #include "ogg.h" + +-typedef int convert_func (SF_PRIVATE *psf, int, void *, int, int, float **) ; +- +-static int vorbis_read_header (SF_PRIVATE *psf, int log_data) ; +-static int vorbis_write_header (SF_PRIVATE *psf, int calc_length) ; +-static int vorbis_close (SF_PRIVATE *psf) ; +-static int vorbis_command (SF_PRIVATE *psf, int command, void *data, int datasize) ; +-static int vorbis_byterate (SF_PRIVATE *psf) ; +-static sf_count_t vorbis_seek (SF_PRIVATE *psf, int mode, sf_count_t offset) ; +-static sf_count_t vorbis_read_s (SF_PRIVATE *psf, short *ptr, sf_count_t len) ; +-static sf_count_t vorbis_read_i (SF_PRIVATE *psf, int *ptr, sf_count_t len) ; +-static sf_count_t vorbis_read_f (SF_PRIVATE *psf, float *ptr, sf_count_t len) ; +-static sf_count_t vorbis_read_d (SF_PRIVATE *psf, double *ptr, sf_count_t len) ; +-static sf_count_t vorbis_write_s (SF_PRIVATE *psf, const short *ptr, sf_count_t len) ; +-static sf_count_t vorbis_write_i (SF_PRIVATE *psf, const int *ptr, sf_count_t len) ; +-static sf_count_t vorbis_write_f (SF_PRIVATE *psf, const float *ptr, sf_count_t len) ; +-static sf_count_t vorbis_write_d (SF_PRIVATE *psf, const double *ptr, sf_count_t len) ; +-static sf_count_t vorbis_read_sample (SF_PRIVATE *psf, void *ptr, sf_count_t lens, convert_func *transfn) ; +-static sf_count_t vorbis_length (SF_PRIVATE *psf) ; + + typedef struct + { int id ; +@@ -129,6 +111,42 @@ + double quality ; + } VORBIS_PRIVATE ; + ++typedef int convert_func (SF_PRIVATE *psf, int, void *, int, int, float **) ; ++ ++static int vorbis_read_header (SF_PRIVATE *psf, int log_data) ; ++static int vorbis_write_header (SF_PRIVATE *psf, int calc_length) ; ++static int vorbis_close (SF_PRIVATE *psf) ; ++static int vorbis_command (SF_PRIVATE *psf, int command, void *data, int datasize) ; ++static int vorbis_byterate (SF_PRIVATE *psf) ; ++static sf_count_t vorbis_seek (SF_PRIVATE *psf, int mode, sf_count_t offset) ; ++static sf_count_t vorbis_read_s (SF_PRIVATE *psf, short *ptr, sf_count_t len) ; ++static sf_count_t vorbis_read_i (SF_PRIVATE *psf, int *ptr, sf_count_t len) ; ++static sf_count_t vorbis_read_f (SF_PRIVATE *psf, float *ptr, sf_count_t len) ; ++static sf_count_t vorbis_read_d (SF_PRIVATE *psf, double *ptr, sf_count_t len) ; ++static sf_count_t vorbis_write_s (SF_PRIVATE *psf, const short *ptr, sf_count_t len) ; ++static sf_count_t vorbis_write_i (SF_PRIVATE *psf, const int *ptr, sf_count_t len) ; ++static sf_count_t vorbis_write_f (SF_PRIVATE *psf, const float *ptr, sf_count_t len) ; ++static sf_count_t vorbis_write_d (SF_PRIVATE *psf, const double *ptr, sf_count_t len) ; ++static sf_count_t vorbis_read_sample (SF_PRIVATE *psf, void *ptr, sf_count_t lens, convert_func *transfn) ; ++static int vorbis_write_samples (SF_PRIVATE *psf, OGG_PRIVATE *odata, VORBIS_PRIVATE *vdata, int in_frames) ; ++static sf_count_t vorbis_length (SF_PRIVATE *psf) ; ++static void vorbis_log_error (SF_PRIVATE *psf, int error) ; ++ ++ ++static void ++vorbis_log_error(SF_PRIVATE *psf, int error) { ++ switch (error) ++ { case 0: return; ++ case OV_EIMPL: psf->error = SFE_UNIMPLEMENTED ; break ; ++ case OV_ENOTVORBIS: psf->error = SFE_MALFORMED_FILE ; break ; ++ case OV_EBADHEADER: psf->error = SFE_MALFORMED_FILE ; break ; ++ case OV_EVERSION: psf->error = SFE_UNSUPPORTED_ENCODING ; break ; ++ case OV_EFAULT: ++ case OV_EINVAL: ++ default: psf->error = SFE_INTERNAL ; ++ } ; ++} ; ++ + static int + vorbis_read_header (SF_PRIVATE *psf, int log_data) + { +@@ -422,10 +440,11 @@ + /* This ensures the actual + * audio data will start on a new page, as per spec + */ +- while ((result = ogg_stream_flush (&odata->ostream, &odata->opage)) != 0) +- { psf_fwrite (odata->opage.header, 1, odata->opage.header_len, psf) ; +- psf_fwrite (odata->opage.body, 1, odata->opage.body_len, psf) ; +- } ; ++ while (ogg_stream_flush (&odata->ostream, &odata->opage)) ++ { ++ if (ogg_write_page (psf, &odata->opage) < 0) ++ return -1 ; ++ } + } + + return 0 ; +@@ -435,6 +454,7 @@ + vorbis_close (SF_PRIVATE *psf) + { OGG_PRIVATE* odata = psf->container_data ; + VORBIS_PRIVATE *vdata = psf->codec_data ; ++ int ret = 0 ; + + if (odata == NULL || vdata == NULL) + return 0 ; +@@ -445,35 +465,14 @@ + if (psf->file.mode == SFM_WRITE) + { + if (psf->write_current <= 0) +- vorbis_write_header (psf, 0) ; +- +- vorbis_analysis_wrote (&vdata->vdsp, 0) ; +- while (vorbis_analysis_blockout (&vdata->vdsp, &vdata->vblock) == 1) +- { +- +- /* analysis, assume we want to use bitrate management */ +- vorbis_analysis (&vdata->vblock, NULL) ; +- vorbis_bitrate_addblock (&vdata->vblock) ; +- +- while (vorbis_bitrate_flushpacket (&vdata->vdsp, &odata->opacket)) +- { /* weld the packet into the bitstream */ +- ogg_stream_packetin (&odata->ostream, &odata->opacket) ; +- +- /* write out pages (if any) */ +- while (!odata->eos) +- { int result = ogg_stream_pageout (&odata->ostream, &odata->opage) ; +- if (result == 0) break ; +- psf_fwrite (odata->opage.header, 1, odata->opage.header_len, psf) ; +- psf_fwrite (odata->opage.body, 1, odata->opage.body_len, psf) ; +- +- /* this could be set above, but for illustrative purposes, I do +- it here (to show that vorbis does know where the stream ends) */ ++ ret = vorbis_write_header (psf, 0) ; + +- if (ogg_page_eos (&odata->opage)) odata->eos = 1 ; +- } +- } +- } +- } ++ if (ret == 0) ++ { /* A write of zero samples tells Vorbis the stream is done and to ++ flush. */ ++ ret = vorbis_write_samples (psf, odata, vdata, 0) ; ++ } ; ++ } ; + + /* ogg_page and ogg_packet structs always point to storage in + libvorbis. They are never freed or manipulated directly */ +@@ -483,7 +482,7 @@ + vorbis_comment_clear (&vdata->vcomment) ; + vorbis_info_clear (&vdata->vinfo) ; + +- return 0 ; ++ return ret ; + } /* vorbis_close */ + + int +@@ -752,34 +751,40 @@ + /*============================================================================== + */ + +-static void ++static int + vorbis_write_samples (SF_PRIVATE *psf, OGG_PRIVATE *odata, VORBIS_PRIVATE *vdata, int in_frames) +-{ +- vorbis_analysis_wrote (&vdata->vdsp, in_frames) ; ++{ int ret ; ++ ++ if ((ret = vorbis_analysis_wrote (&vdata->vdsp, in_frames)) != 0) ++ return ret ; + + /* + ** Vorbis does some data preanalysis, then divvies up blocks for + ** more involved (potentially parallel) processing. Get a single + ** block for encoding now. + */ +- while (vorbis_analysis_blockout (&vdata->vdsp, &vdata->vblock) == 1) ++ while ((ret = vorbis_analysis_blockout (&vdata->vdsp, &vdata->vblock)) == 1) + { + /* analysis, assume we want to use bitrate management */ +- vorbis_analysis (&vdata->vblock, NULL) ; +- vorbis_bitrate_addblock (&vdata->vblock) ; ++ if ((ret = vorbis_analysis (&vdata->vblock, NULL)) != 0) ++ return ret ; ++ if ((ret = vorbis_bitrate_addblock (&vdata->vblock)) != 0) ++ return ret ; + +- while (vorbis_bitrate_flushpacket (&vdata->vdsp, &odata->opacket)) ++ while ((ret = vorbis_bitrate_flushpacket (&vdata->vdsp, &odata->opacket)) == 1) + { + /* weld the packet into the bitstream */ +- ogg_stream_packetin (&odata->ostream, &odata->opacket) ; ++ if ((ret = ogg_stream_packetin (&odata->ostream, &odata->opacket)) != 0) ++ return ret ; + + /* write out pages (if any) */ + while (!odata->eos) +- { int result = ogg_stream_pageout (&odata->ostream, &odata->opage) ; +- if (result == 0) ++ { ret = ogg_stream_pageout (&odata->ostream, &odata->opage) ; ++ if (ret == 0) + break ; +- psf_fwrite (odata->opage.header, 1, odata->opage.header_len, psf) ; +- psf_fwrite (odata->opage.body, 1, odata->opage.body_len, psf) ; ++ ++ if (ogg_write_page (psf, &odata->opage) < 0) ++ return -1 ; + + /* This could be set above, but for illustrative purposes, I do + ** it here (to show that vorbis does know where the stream ends) */ +@@ -787,16 +792,22 @@ + odata->eos = 1 ; + } ; + } ; ++ if (ret != 0) ++ return ret ; + } ; ++ if (ret != 0) ++ return ret ; + + vdata->loc += in_frames ; ++ ++ return 0 ; + } /* vorbis_write_data */ + + + static sf_count_t + vorbis_write_s (SF_PRIVATE *psf, const short *ptr, sf_count_t lens) + { +- int i, m, j = 0 ; ++ int i, m, j = 0, ret ; + OGG_PRIVATE *odata = (OGG_PRIVATE *) psf->container_data ; + VORBIS_PRIVATE *vdata = (VORBIS_PRIVATE *) psf->codec_data ; + int in_frames = lens / psf->sf.channels ; +@@ -805,14 +816,17 @@ + for (m = 0 ; m < psf->sf.channels ; m++) + buffer [m][i] = (float) (ptr [j++]) / 32767.0f ; + +- vorbis_write_samples (psf, odata, vdata, in_frames) ; ++ if ((ret = vorbis_write_samples (psf, odata, vdata, in_frames))) ++ { vorbis_log_error (psf, ret) ; ++ return 0 ; ++ } ; + + return lens ; + } /* vorbis_write_s */ + + static sf_count_t + vorbis_write_i (SF_PRIVATE *psf, const int *ptr, sf_count_t lens) +-{ int i, m, j = 0 ; ++{ int i, m, j = 0, ret ; + OGG_PRIVATE *odata = (OGG_PRIVATE *) psf->container_data ; + VORBIS_PRIVATE *vdata = (VORBIS_PRIVATE *) psf->codec_data ; + int in_frames = lens / psf->sf.channels ; +@@ -821,14 +835,17 @@ + for (m = 0 ; m < psf->sf.channels ; m++) + buffer [m][i] = (float) (ptr [j++]) / 2147483647.0f ; + +- vorbis_write_samples (psf, odata, vdata, in_frames) ; ++ if ((ret = vorbis_write_samples (psf, odata, vdata, in_frames))) ++ { vorbis_log_error (psf, ret) ; ++ return 0 ; ++ } ; + + return lens ; + } /* vorbis_write_i */ + + static sf_count_t + vorbis_write_f (SF_PRIVATE *psf, const float *ptr, sf_count_t lens) +-{ int i, m, j = 0 ; ++{ int i, m, j = 0, ret ; + OGG_PRIVATE *odata = (OGG_PRIVATE *) psf->container_data ; + VORBIS_PRIVATE *vdata = (VORBIS_PRIVATE *) psf->codec_data ; + int in_frames = lens / psf->sf.channels ; +@@ -837,14 +854,17 @@ + for (m = 0 ; m < psf->sf.channels ; m++) + buffer [m][i] = ptr [j++] ; + +- vorbis_write_samples (psf, odata, vdata, in_frames) ; ++ if ((ret = vorbis_write_samples (psf, odata, vdata, in_frames)) != 0) ++ { vorbis_log_error (psf, ret) ; ++ return 0 ; ++ } ; + + return lens ; + } /* vorbis_write_f */ + + static sf_count_t + vorbis_write_d (SF_PRIVATE *psf, const double *ptr, sf_count_t lens) +-{ int i, m, j = 0 ; ++{ int i, m, j = 0, ret ; + OGG_PRIVATE *odata = (OGG_PRIVATE *) psf->container_data ; + VORBIS_PRIVATE *vdata = (VORBIS_PRIVATE *) psf->codec_data ; + int in_frames = lens / psf->sf.channels ; +@@ -853,7 +873,10 @@ + for (m = 0 ; m < psf->sf.channels ; m++) + buffer [m][i] = (float) ptr [j++] ; + +- vorbis_write_samples (psf, odata, vdata, in_frames) ; ++ if ((ret = vorbis_write_samples (psf, odata, vdata, in_frames)) != 0) ++ { vorbis_log_error (psf, ret) ; ++ return 0 ; ++ } ; + + return lens ; + } /* vorbis_write_d */ diff --git a/libsndfile.spec b/libsndfile.spec index 5dbca71..959112b 100644 --- a/libsndfile.spec +++ b/libsndfile.spec @@ -1,6 +1,6 @@ Name: libsndfile Version: 1.0.28 -Release: 22 +Release: 23 Summary: Library for reading and writing sound files License: LGPLv2+ and GPLv2+ and BSD URL: http://www.mega-nerd.com/libsndfile/ @@ -23,7 +23,8 @@ Patch6005: libsndfile-1.0.28-CVE-2017-14634.patch Patch6006: libsndfile-1.0.28-CVE-2017-8362.patch Patch6007: backport-CVE-2021-3246.patch Patch6008: backport-CVE-2021-4156.patch -Patch6009: backport-CVE-2022-33065.patch +Patch6009: backport-CVE-2022-33065.patch +Patch6010: libsndfile-1.0.28-CVE-2024-50612.patch %description Libsndfile is a C library for reading and writing files containing @@ -130,6 +131,11 @@ LD_LIBRARY_PATH=$PWD/src/.libs make check %{_mandir}/man1/sndfile-salvage.1* %changelog +* Tue July 1 2025 chenjianhu - 1.0.28-23 +- Type:CVE +- CVE:CVE-2024-50612 +- DESC:fix CVE-2024-50612 + * Mon Nov 4 2024 yinzeqiang - 1.0.28-22 - Modify the wrong CVE number in Changelog -- Gitee From 1881b61c1654ef7e42ca932d572a741b45bb653d Mon Sep 17 00:00:00 2001 From: chenjianhu Date: Fri, 11 Jul 2025 01:29:08 +0800 Subject: [PATCH 2/2] fix CVE-2024-50612 --- libsndfile-1.0.28-CVE-2024-50612.patch | 73 ++++++++++++++++---------- libsndfile.spec | 2 +- 2 files changed, 46 insertions(+), 29 deletions(-) diff --git a/libsndfile-1.0.28-CVE-2024-50612.patch b/libsndfile-1.0.28-CVE-2024-50612.patch index 340d6b8..b203aea 100644 --- a/libsndfile-1.0.28-CVE-2024-50612.patch +++ b/libsndfile-1.0.28-CVE-2024-50612.patch @@ -1,10 +1,23 @@ -diff -Nur a/src/ogg.c b/src/ogg.c ---- a/src/ogg.c 2017-04-01 15:18:02.000000000 +0800 -+++ b/src/ogg.c 2025-06-30 17:21:55.359316837 +0800 -@@ -45,6 +45,20 @@ +From 185322ffa8ae08785d469a26ece741dd518ec3e9 Mon Sep 17 00:00:00 2001 +From: chenjianhu +Date: Thu, 10 Jul 2025 19:51:55 +0800 +Subject: [PATCH] fix CVE-2024-50612 + +--- + src/ogg.c | 14 ++++ + src/ogg.h | 5 ++ + src/ogg_vorbis.c | 165 +++++++++++++++++++++++++++-------------------- + 3 files changed, 113 insertions(+), 71 deletions(-) + +diff --git a/src/ogg.c b/src/ogg.c +index 0856f77..d84d557 100644 +--- a/src/ogg.c ++++ b/src/ogg.c +@@ -44,6 +44,20 @@ static int ogg_close (SF_PRIVATE *psf) ; + static int ogg_stream_classify (SF_PRIVATE *psf, OGG_PRIVATE * odata) ; static int ogg_page_classify (SF_PRIVATE * psf, const ogg_page * og) ; - int ++int +ogg_write_page (SF_PRIVATE *psf, ogg_page *page) +{ int n ; + @@ -18,14 +31,14 @@ diff -Nur a/src/ogg.c b/src/ogg.c + return n ; +} /* ogg_write_page */ + -+int + int ogg_open (SF_PRIVATE *psf) { OGG_PRIVATE* odata = calloc (1, sizeof (OGG_PRIVATE)) ; - sf_count_t pos = psf_ftell (psf) ; -diff -Nur a/src/ogg.h b/src/ogg.h ---- a/src/ogg.h 2016-05-13 06:52:55.000000000 +0800 -+++ b/src/ogg.h 2025-06-30 17:22:25.921159657 +0800 -@@ -41,6 +41,11 @@ +diff --git a/src/ogg.h b/src/ogg.h +index 88544bb..adaa31c 100644 +--- a/src/ogg.h ++++ b/src/ogg.h +@@ -41,6 +41,11 @@ typedef struct int codec ; } OGG_PRIVATE ; @@ -37,9 +50,10 @@ diff -Nur a/src/ogg.h b/src/ogg.h #define readint(buf, base) (((buf [base + 3] << 24) & 0xff000000) | \ ((buf [base + 2] <<16) & 0xff0000) | \ -diff -Nur a/src/ogg_vorbis.c b/src/ogg_vorbis.c ---- a/src/ogg_vorbis.c 2017-04-01 15:18:02.000000000 +0800 -+++ b/src/ogg_vorbis.c 2025-07-01 18:13:54.394002685 +0800 +diff --git a/src/ogg_vorbis.c b/src/ogg_vorbis.c +index 78acd38..5cde25d 100644 +--- a/src/ogg_vorbis.c ++++ b/src/ogg_vorbis.c @@ -76,24 +76,6 @@ #include "ogg.h" @@ -65,7 +79,7 @@ diff -Nur a/src/ogg_vorbis.c b/src/ogg_vorbis.c typedef struct { int id ; -@@ -129,6 +111,42 @@ +@@ -129,6 +111,42 @@ typedef struct double quality ; } VORBIS_PRIVATE ; @@ -108,7 +122,7 @@ diff -Nur a/src/ogg_vorbis.c b/src/ogg_vorbis.c static int vorbis_read_header (SF_PRIVATE *psf, int log_data) { -@@ -422,10 +440,11 @@ +@@ -422,10 +440,11 @@ vorbis_write_header (SF_PRIVATE *psf, int UNUSED (calc_length)) /* This ensures the actual * audio data will start on a new page, as per spec */ @@ -124,7 +138,7 @@ diff -Nur a/src/ogg_vorbis.c b/src/ogg_vorbis.c } return 0 ; -@@ -435,6 +454,7 @@ +@@ -435,6 +454,7 @@ static int vorbis_close (SF_PRIVATE *psf) { OGG_PRIVATE* odata = psf->container_data ; VORBIS_PRIVATE *vdata = psf->codec_data ; @@ -132,7 +146,7 @@ diff -Nur a/src/ogg_vorbis.c b/src/ogg_vorbis.c if (odata == NULL || vdata == NULL) return 0 ; -@@ -445,35 +465,14 @@ +@@ -445,35 +465,14 @@ vorbis_close (SF_PRIVATE *psf) if (psf->file.mode == SFM_WRITE) { if (psf->write_current <= 0) @@ -141,7 +155,8 @@ diff -Nur a/src/ogg_vorbis.c b/src/ogg_vorbis.c - vorbis_analysis_wrote (&vdata->vdsp, 0) ; - while (vorbis_analysis_blockout (&vdata->vdsp, &vdata->vblock) == 1) - { -- ++ ret = vorbis_write_header (psf, 0) ; + - /* analysis, assume we want to use bitrate management */ - vorbis_analysis (&vdata->vblock, NULL) ; - vorbis_bitrate_addblock (&vdata->vblock) ; @@ -159,8 +174,7 @@ diff -Nur a/src/ogg_vorbis.c b/src/ogg_vorbis.c - - /* this could be set above, but for illustrative purposes, I do - it here (to show that vorbis does know where the stream ends) */ -+ ret = vorbis_write_header (psf, 0) ; - +- - if (ogg_page_eos (&odata->opage)) odata->eos = 1 ; - } - } @@ -175,7 +189,7 @@ diff -Nur a/src/ogg_vorbis.c b/src/ogg_vorbis.c /* ogg_page and ogg_packet structs always point to storage in libvorbis. They are never freed or manipulated directly */ -@@ -483,7 +482,7 @@ +@@ -483,7 +482,7 @@ vorbis_close (SF_PRIVATE *psf) vorbis_comment_clear (&vdata->vcomment) ; vorbis_info_clear (&vdata->vinfo) ; @@ -184,7 +198,7 @@ diff -Nur a/src/ogg_vorbis.c b/src/ogg_vorbis.c } /* vorbis_close */ int -@@ -752,34 +751,40 @@ +@@ -752,34 +751,40 @@ vorbis_read_d (SF_PRIVATE *psf, double *ptr, sf_count_t lens) /*============================================================================== */ @@ -237,7 +251,7 @@ diff -Nur a/src/ogg_vorbis.c b/src/ogg_vorbis.c /* This could be set above, but for illustrative purposes, I do ** it here (to show that vorbis does know where the stream ends) */ -@@ -787,16 +792,22 @@ +@@ -787,16 +792,22 @@ vorbis_write_samples (SF_PRIVATE *psf, OGG_PRIVATE *odata, VORBIS_PRIVATE *vdata odata->eos = 1 ; } ; } ; @@ -261,7 +275,7 @@ diff -Nur a/src/ogg_vorbis.c b/src/ogg_vorbis.c OGG_PRIVATE *odata = (OGG_PRIVATE *) psf->container_data ; VORBIS_PRIVATE *vdata = (VORBIS_PRIVATE *) psf->codec_data ; int in_frames = lens / psf->sf.channels ; -@@ -805,14 +816,17 @@ +@@ -805,14 +816,17 @@ vorbis_write_s (SF_PRIVATE *psf, const short *ptr, sf_count_t lens) for (m = 0 ; m < psf->sf.channels ; m++) buffer [m][i] = (float) (ptr [j++]) / 32767.0f ; @@ -281,7 +295,7 @@ diff -Nur a/src/ogg_vorbis.c b/src/ogg_vorbis.c OGG_PRIVATE *odata = (OGG_PRIVATE *) psf->container_data ; VORBIS_PRIVATE *vdata = (VORBIS_PRIVATE *) psf->codec_data ; int in_frames = lens / psf->sf.channels ; -@@ -821,14 +835,17 @@ +@@ -821,14 +835,17 @@ vorbis_write_i (SF_PRIVATE *psf, const int *ptr, sf_count_t lens) for (m = 0 ; m < psf->sf.channels ; m++) buffer [m][i] = (float) (ptr [j++]) / 2147483647.0f ; @@ -301,7 +315,7 @@ diff -Nur a/src/ogg_vorbis.c b/src/ogg_vorbis.c OGG_PRIVATE *odata = (OGG_PRIVATE *) psf->container_data ; VORBIS_PRIVATE *vdata = (VORBIS_PRIVATE *) psf->codec_data ; int in_frames = lens / psf->sf.channels ; -@@ -837,14 +854,17 @@ +@@ -837,14 +854,17 @@ vorbis_write_f (SF_PRIVATE *psf, const float *ptr, sf_count_t lens) for (m = 0 ; m < psf->sf.channels ; m++) buffer [m][i] = ptr [j++] ; @@ -321,7 +335,7 @@ diff -Nur a/src/ogg_vorbis.c b/src/ogg_vorbis.c OGG_PRIVATE *odata = (OGG_PRIVATE *) psf->container_data ; VORBIS_PRIVATE *vdata = (VORBIS_PRIVATE *) psf->codec_data ; int in_frames = lens / psf->sf.channels ; -@@ -853,7 +873,10 @@ +@@ -853,7 +873,10 @@ vorbis_write_d (SF_PRIVATE *psf, const double *ptr, sf_count_t lens) for (m = 0 ; m < psf->sf.channels ; m++) buffer [m][i] = (float) ptr [j++] ; @@ -333,3 +347,6 @@ diff -Nur a/src/ogg_vorbis.c b/src/ogg_vorbis.c return lens ; } /* vorbis_write_d */ +-- +2.43.0 + diff --git a/libsndfile.spec b/libsndfile.spec index 959112b..5658e3a 100644 --- a/libsndfile.spec +++ b/libsndfile.spec @@ -131,7 +131,7 @@ LD_LIBRARY_PATH=$PWD/src/.libs make check %{_mandir}/man1/sndfile-salvage.1* %changelog -* Tue July 1 2025 chenjianhu - 1.0.28-23 +* Tue Jul 1 2025 chenjianhu - 1.0.28-23 - Type:CVE - CVE:CVE-2024-50612 - DESC:fix CVE-2024-50612 -- Gitee