[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#779083: marked as done (wheezy-pu: package lame/3.99.5+repack1-3)

Your message dated Sat, 05 Sep 2015 14:33:54 +0100
with message-id <1441460034.2151.33.camel@adam-barratt.org.uk>
and subject line Closing bugs for 7.9
has caused the Debian Bug report #779083,
regarding wheezy-pu: package lame/3.99.5+repack1-3
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
779083: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=779083
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: release.debian.org
Severity: normal
Tags: wheezy
User: release.debian.org@packages.debian.org
Usertags: pu

Hi there,

please grant permission to upload an updated package for lame in
wheezy. The package will contain three patches that have been created
to cope with a couple of crashes that were detected by feeding fuzzed
wav file samples into the library. At least two of them appear to be
security-relevant, to say the least, and the third one fixes a nasty
crash in the frontend.

All three patches have been forwarded upstream by private mail to one
of the upstream developers. Please find a debdiff between the original
and the updated package attached.

Cheers,

Fabian

PS: I have set the distribution to wheezy-p-u. Is this correct or
should I rather set it to stable, or wheezy?


-- System Information:
Debian Release: 8.0
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.utf8, LC_CTYPE=de_DE.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

diff -Nru lame-3.99.5+repack1/debian/changelog lame-3.99.5+repack1/debian/changelog
--- lame-3.99.5+repack1/debian/changelog	2012-03-17 18:41:48.000000000 +0100
+++ lame-3.99.5+repack1/debian/changelog	2015-02-24 09:50:06.000000000 +0100
@@ -1,3 +1,18 @@
+lame (3.99.5+repack1-3wheezy1) stable-proposed-updates; urgency=medium
+
+  * Add check for invalid input sample rate, thanks Maks Naumov
+    (Closes: #775959, #777160, #777161). Thanks Jakub Wilk and
+    Brian Carpenter for the bug reports and test cases.
+  * Extend Maks Naumov's patch to also include a sanity check for
+    a valid amount of input channels (Closes: #778703).
+  * Avoid malformed wav causing floating point exception in the
+    frontend (Closes: #777159).
+  * Fix decision if sample rate ratio is an integer value or not
+    (Closes: #778529). Thanks to Henri Salo for the bug reports
+    and the fuzzed samples!
+
+ -- Fabian Greffrath <fabian+debian@greffrath.com>  Tue, 24 Feb 2015 09:46:48 +0100
+
 lame (3.99.5+repack1-3) unstable; urgency=low
 
   * Handle case on setting CFLAGS for systems where dpkg-dev (<< 1.15.7)
diff -Nru lame-3.99.5+repack1/debian/patches/0001-Add-check-for-invalid-input-sample-rate.patch lame-3.99.5+repack1/debian/patches/0001-Add-check-for-invalid-input-sample-rate.patch
--- lame-3.99.5+repack1/debian/patches/0001-Add-check-for-invalid-input-sample-rate.patch	1970-01-01 01:00:00.000000000 +0100
+++ lame-3.99.5+repack1/debian/patches/0001-Add-check-for-invalid-input-sample-rate.patch	2015-02-24 09:38:55.000000000 +0100
@@ -0,0 +1,25 @@
+From 1ea4eac3e7d57dbad42fb067a32ac1600a0397a0 Mon Sep 17 00:00:00 2001
+From: Maks Naumov <maksqwe1@ukr.net>
+Date: Thu, 22 Jan 2015 16:20:40 +0200
+Subject: [PATCH] Add check for invalid input sample rate
+
+Signed-off-by: Maks Naumov <maksqwe1@ukr.net>
+---
+ libmp3lame/lame.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+--- a/libmp3lame/lame.c
++++ b/libmp3lame/lame.c
+@@ -822,6 +822,12 @@ lame_init_params(lame_global_flags * gfp
+     }
+ #endif
+ 
++    if (gfp->samplerate_in < 0 || gfp->num_channels < 0) {
++        freegfc(gfc);
++        gfp->internal_flags = NULL;
++        return -1;
++    }
++
+     cfg->disable_reservoir = gfp->disable_reservoir;
+     cfg->lowpassfreq = gfp->lowpassfreq;
+     cfg->highpassfreq = gfp->highpassfreq;
diff -Nru lame-3.99.5+repack1/debian/patches/bits_per_sample.patch lame-3.99.5+repack1/debian/patches/bits_per_sample.patch
--- lame-3.99.5+repack1/debian/patches/bits_per_sample.patch	1970-01-01 01:00:00.000000000 +0100
+++ lame-3.99.5+repack1/debian/patches/bits_per_sample.patch	2015-02-24 09:39:00.000000000 +0100
@@ -0,0 +1,17 @@
+Description: Avoid malformed wav causing floating point exception (integer divide by zero) 
+Author: Fabian Greffrath <fabian+debian@greffrath.com>
+Bug-Debian: https://bugs.debian.org/777159
+
+--- a/frontend/get_audio.c
++++ b/frontend/get_audio.c
+@@ -1448,6 +1448,10 @@ parse_wave_header(lame_global_flags * gf
+         else {
+             (void) lame_set_in_samplerate(gfp, global_reader.input_samplerate);
+         }
++        /* avoid division by zero */
++        if (bits_per_sample < 1)
++            return -1;
++
+         global. pcmbitwidth = bits_per_sample;
+         global. pcm_is_unsigned_8bit = 1;
+         global. pcm_is_ieee_float = (format_tag == WAVE_FORMAT_IEEE_FLOAT ? 1 : 0);
diff -Nru lame-3.99.5+repack1/debian/patches/int_resample_ratio.patch lame-3.99.5+repack1/debian/patches/int_resample_ratio.patch
--- lame-3.99.5+repack1/debian/patches/int_resample_ratio.patch	1970-01-01 01:00:00.000000000 +0100
+++ lame-3.99.5+repack1/debian/patches/int_resample_ratio.patch	2015-02-24 09:39:05.000000000 +0100
@@ -0,0 +1,29 @@
+Subject: Fix decision if sample rate ratio is an integer value or not
+ If the sample rate of the input file is sufficiently close to an
+ integer multiple of the output sample rate, the value of the intratio
+ variable is calculated incorrectly. This leads to further values
+ being miscalculated up to the joff variable which is used as an index
+ to dereference the esv->blackfilt array. This leads top an overflow
+ and causes a segmentation fault.
+Author: Fabian Greffrath <fabian+debian@greffrath.com>
+Bug-Debian: https://bugs.debian.org/778529
+
+--- a/libmp3lame/util.c
++++ b/libmp3lame/util.c
+@@ -26,6 +26,7 @@
+ # include <config.h>
+ #endif
+ 
++#include <float.h>
+ #include "lame.h"
+ #include "machine.h"
+ #include "encoder.h"
+@@ -544,7 +545,7 @@ fill_buffer_resample(lame_internal_flags
+     if (bpc > BPC)
+         bpc = BPC;
+ 
+-    intratio = (fabs(resample_ratio - floor(.5 + resample_ratio)) < .0001);
++    intratio = (fabs(resample_ratio - floor(.5 + resample_ratio)) < FLT_EPSILON);
+     fcn = 1.00 / resample_ratio;
+     if (fcn > 1.00)
+         fcn = 1.00;
diff -Nru lame-3.99.5+repack1/debian/patches/series lame-3.99.5+repack1/debian/patches/series
--- lame-3.99.5+repack1/debian/patches/series	2012-03-15 22:47:42.000000000 +0100
+++ lame-3.99.5+repack1/debian/patches/series	2015-02-24 09:41:54.000000000 +0100
@@ -1,3 +1,6 @@
 07-field-width-fix.patch
 parallel-builds-fix.patch
 unbreak-ftbfs-gcc4.4.patch
+0001-Add-check-for-invalid-input-sample-rate.patch
+bits_per_sample.patch
+int_resample_ratio.patch

--- End Message ---
--- Begin Message --- 
Version: 7.9

Hi,

These bugs relate to updates which were included in the 7.9 point
release.

Regards,

Adam

--- End Message ---
Reply to: