diff --git a/CVE-2015-9101.patch b/CVE-2015-9101.patch new file mode 100644 index 0000000..ba0064d --- /dev/null +++ b/CVE-2015-9101.patch @@ -0,0 +1,29 @@ +Subject: Fix decision if sample rate ratio is an integer value or not + If the sample rate of the input file is sufficiently close to an + integer multiple of the output sample rate, the value of the intratio + variable is calculated incorrectly. This leads to further values + being miscalculated up to the joff variable which is used as an index + to dereference the esv->blackfilt array. This leads top an overflow + and causes a segmentation fault. +Author: Fabian Greffrath +Bug-Debian: https://bugs.debian.org/778529 + +--- a/libmp3lame/util.c ++++ b/libmp3lame/util.c +@@ -26,6 +26,7 @@ + # include + #endif + ++#include + #include "lame.h" + #include "machine.h" + #include "encoder.h" +@@ -544,7 +545,7 @@ fill_buffer_resample(lame_internal_flags + if (bpc > BPC) + bpc = BPC; + +- intratio = (fabs(resample_ratio - floor(.5 + resample_ratio)) < .0001); ++ intratio = (fabs(resample_ratio - floor(.5 + resample_ratio)) < FLT_EPSILON); + fcn = 1.00 / resample_ratio; + if (fcn > 1.00) + fcn = 1.00; diff --git a/PKGBUILD b/PKGBUILD index 143568c..00b1163 100644 --- a/PKGBUILD +++ b/PKGBUILD @@ -5,7 +5,7 @@ pkgname=lame pkgver=3.99.5 -pkgrel=4 +pkgrel=5 pkgdesc="A high quality MPEG Audio Layer III (MP3) encoder" arch=('i686' 'x86_64') url="http://lame.sourceforge.net/" @@ -13,14 +13,16 @@ depends=('ncurses') makedepends=('nasm') license=('LGPL') source=("http://downloads.sourceforge.net/$pkgname/$pkgname-$pkgver.tar.gz" - "sse.patch" CVE-2017-15018.patch) + "sse.patch" CVE-2015-9101.patch CVE-2017-15018.patch) md5sums=('84835b313d4a8b68f5349816d33e07ce' 'ca77f3259ed398ae1c55073dacdd752f' + '4596c5971a96a39b025460d28f24c5fa' 'f3707ae5dbc6c84018b925ce98ce6158') prepare() { cd "$srcdir/$pkgname-$pkgver" patch -Np1 -i ../sse.patch + patch -Np1 -i ../CVE-2015-9101.patch patch -Np1 -i ../CVE-2017-15018.patch # https://sourceforge.net/p/lame/bugs/480/ }