poky/meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2022-33065-10.patch

From cd44bfaf3708e778c8670cb7f707a597c3334376 Mon Sep 17 00:00:00 2001
From: Alex Stewart <alex.stewart@ni.com>
Date: Tue, 17 Oct 2023 11:50:53 -0400
Subject: [PATCH 14/17] nms_adpcm: fix int overflow in sf.frames calc

When calculating sf.frames from the blocks_total PNMS variable, it is
theoretically possible to overflow the blocks_total int boundaries,
leading to undefined behavior.

Cast blocks_total to a long-sized sf_count_t before the calculation, to
provide it with enough numeric space and because that is the final
typing regardless.

CVE: CVE-2022-33065
Fixes: https://github.com/libsndfile/libsndfile/issues/833

Signed-off-by: Alex Stewart <alex.stewart@ni.com>

Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/libsndfile/tree/debian/patches/CVE-2022-33065/CVE-2022-33065-10.patch?h=ubuntu/jammy-security
Upstream commit https://github.com/libsndfile/libsndfile/commit/cd44bfaf3708e778c8670cb7f707a597c3334376]
CVE: CVE-2022-33065
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
---
 src/nms_adpcm.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/nms_adpcm.c b/src/nms_adpcm.c
index dca85f0b0..61d171c73 100644
--- a/src/nms_adpcm.c
+++ b/src/nms_adpcm.c
@@ -1090,7 +1090,7 @@ nms_adpcm_init (SF_PRIVATE *psf)
 	else
 		pnms->blocks_total = psf->datalength / (pnms->shortsperblock * sizeof (short)) ;
 
-	psf->sf.frames		= pnms->blocks_total * NMS_SAMPLES_PER_BLOCK ;
+	psf->sf.frames		= (sf_count_t) pnms->blocks_total * NMS_SAMPLES_PER_BLOCK ;
 	psf->codec_close	= nms_adpcm_close ;
 	psf->seek			= nms_adpcm_seek ;