From e5b8c52a018bd8e75ca63f5442d2f7539c2b12ee Mon Sep 17 00:00:00 2001
From: wang_yue111 <648774160@qq.com>
Date: Mon, 11 Jan 2021 11:59:19 +0800
Subject: [PATCH] CVE-2014-9640

---
 CVE-2014-9640.patch | 42 ++++++++++++++++++++++++++++++++++++++++++
 vorbis-tools.spec   |  6 +++++-
 2 files changed, 47 insertions(+), 1 deletion(-)
 create mode 100644 CVE-2014-9640.patch

diff --git a/CVE-2014-9640.patch b/CVE-2014-9640.patch
new file mode 100644
index 0000000..615b917
--- /dev/null
+++ b/CVE-2014-9640.patch
@@ -0,0 +1,42 @@
+From af4a9502aa73c358f331ecc038e1e11375898a32 Mon Sep 17 00:00:00 2001
+Date: Mon, 11 Jan 2021 11:51:23 +0800
+Subject: [PATCH] fix CVE-2014-9640
+
+diff --git a/oggenc/oggenc.c b/oggenc/oggenc.c
+index 323dedb..4616506 100644
+--- a/oggenc/oggenc.c
++++ b/oggenc/oggenc.c
+@@ -97,6 +97,8 @@ int main(int argc, char **argv)
+               .3,-1,
+               0,0,0.f,
+               0, 0, 0, 0, 0};
++    input_format raw_format = {NULL, 0, raw_open, wav_close, "raw",
++      N_("RAW file reader")};
+ 
+     int i;
+ 
+@@ -239,8 +241,6 @@ int main(int argc, char **argv)
+ 
+         if(opt.rawmode)
+         {
+-            static input_format raw_format = {NULL, 0, raw_open, wav_close, "raw",
+-                N_("RAW file reader")};
+ 
+             enc_opts.rate=opt.raw_samplerate;
+             enc_opts.channels=opt.raw_channels;
+diff --git a/oggenc/skeleton.h b/oggenc/skeleton.h
+index cf87dc2..50b070f 100644
+--- a/oggenc/skeleton.h
++++ b/oggenc/skeleton.h
+@@ -41,7 +41,7 @@ typedef struct {
+     ogg_int64_t granule_rate_d;                            /* granule rate denominator */
+     ogg_int64_t start_granule;                             /* start granule value */
+     ogg_uint32_t preroll;                                   /* preroll */
+-    unsigned char granule_shift; // a 8-bit field           /* 1 byte value holding the granule shift */
++    unsigned char granule_shift;                            /* 1 byte value holding the granule shift */
+     char *message_header_fields;                            /* holds all the message header fields */
+     /* current total size of the message header fields, for realloc purpose, initially zero */
+     ogg_uint32_t current_header_size;
+-- 
+2.23.0
+
diff --git a/vorbis-tools.spec b/vorbis-tools.spec
index 4f7ec6c..2231b44 100644
--- a/vorbis-tools.spec
+++ b/vorbis-tools.spec
@@ -1,7 +1,7 @@
 Name:		vorbis-tools
 Summary:	Several Ogg Vorbis Tools
 Version:	1.4.0
-Release:	30
+Release:	31
 Epoch:		1
 License:	GPLv2
 URL:		http://www.xiph.org/
@@ -14,6 +14,7 @@ Patch3:		vorbis-tools-1.4.0-bz1116650.patch
 Patch4:		vorbis-tools-1.4.0-bz1185558.patch
 Patch5:		vorbis-tools-1.4.0-CVE-2014-9638-CVE-2014-9639.patch
 Patch6:		vorbis-tools-1.4.0-CVE-2015-6749.patch
+Patch7:		CVE-2014-9640.patch
 
 BuildRequires:	flac-devel gettext gcc libao-devel libcurl-devel libvorbis-devel speex-devel
 
@@ -54,5 +55,8 @@ export CFLAGS="$RPM_OPT_FLAGS -Wno-error=format-security"
 %exclude %{_docdir}/%{name}*
 
 %changelog
+* Mon Jan 11 2021 wangyue<wangyue92@huawei.com> - 1:1.4.0-31
+- fix CVE-2014-9640
+
 * Tue Nov 19 2019 caomeng<caomeng5@huawei.com> - 1:1.4.0-30
 - Package init
-- 
Gitee