Fix CVE-2017-8362:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8362

Patch copied from upstream source repository:

https://github.com/erikd/libsndfile/commit/ef1dbb2df1c0e741486646de40bd638a9c4cd808

From ef1dbb2df1c0e741486646de40bd638a9c4cd808 Mon Sep 17 00:00:00 2001
From: Erik de Castro Lopo <erikd@mega-nerd.com>
Date: Fri, 14 Apr 2017 15:19:16 +1000
Subject: [PATCH] src/flac.c: Fix a buffer read overflow

A file (generated by a fuzzer) which increased the number of channels
from one frame to the next could cause a read beyond the end of the
buffer provided by libFLAC. Only option is to abort the read.

Closes: https://github.com/erikd/libsndfile/issues/231
---
 src/flac.c | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/src/flac.c b/src/flac.c
index 5a4f8c21..e4f9aaa0 100644
--- a/src/flac.c
+++ b/src/flac.c
@@ -169,6 +169,14 @@ flac_buffer_copy (SF_PRIVATE *psf)
 	const int32_t* const *buffer = pflac->wbuffer ;
 	unsigned i = 0, j, offset, channels, len ;
 
+	if (psf->sf.channels != (int) frame->header.channels)
+	{	psf_log_printf (psf, "Error: FLAC frame changed from %d to %d channels\n"
+									"Nothing to do but to error out.\n" ,
+									psf->sf.channels, frame->header.channels) ;
+		psf->error = SFE_FLAC_CHANNEL_COUNT_CHANGED ;
+		return 0 ;
+		} ;
+
 	/*
 	**	frame->header.blocksize is variable and we're using a constant blocksize
 	**	of FLAC__MAX_BLOCK_SIZE.
@@ -202,7 +210,6 @@ flac_buffer_copy (SF_PRIVATE *psf)
 		return 0 ;
 		} ;
 
-
 	len = SF_MIN (pflac->len, frame->header.blocksize) ;
 
 	if (pflac->remain % channels != 0)
@@ -436,7 +443,7 @@ sf_flac_meta_callback (const FLAC__StreamDecoder * UNUSED (decoder), const FLAC_
 	{	case FLAC__METADATA_TYPE_STREAMINFO :
 			if (psf->sf.channels > 0 && psf->sf.channels != (int) metadata->data.stream_info.channels)
 			{	psf_log_printf (psf, "Error: FLAC stream changed from %d to %d channels\n"
-									"Nothing to be but to error out.\n" ,
+									"Nothing to do but to error out.\n" ,
 									psf->sf.channels, metadata->data.stream_info.channels) ;
 				psf->error = SFE_FLAC_CHANNEL_COUNT_CHANGED ;
 				return ;
-- 
2.12.2

c85d51f082681a9f4fa911867afba'>opam.scm</a></div><div class='content'><table class='list nowrap'><tr class='nohover'><th class='left'>Age</th><th class='left'>Commit message (<a href='/guix/log/tests/opam.scm?id=7893b32ef6ec85d51f082681a9f4fa911867afba&amp;showmsg=1'>Expand</a>)</th><th class='left'>Author</th></tr>
<tr><td><span title='2024-04-15 22:36:42 +0200'>2024-04-15</span></td><td><a href='/guix/commit/tests/opam.scm?id=54be7795b5cc2f6cad05f8649121372c9d5af806'>utils: Don’t re-export ‘call-with-temporary-output-file’.</a><span class='msg-avail'>...</span></td><td>Ludovic Courtès</td></tr>
<tr><td><span title='2023-05-31 23:50:06 +0200'>2023-05-31</span></td><td><a href='/guix/commit/tests/opam.scm?id=654fcf9971bb01389d577be07c6ec0f68940c743'>tests: Use quasiquoted 'match' patterns for package sexps.</a><span class='msg-avail'>...</span></td><td>Ludovic Courtès</td></tr>
<tr><td><span title='2021-11-18 22:56:10 +0100'>2021-11-18</span></td><td><a href='/guix/commit/tests/opam.scm?id=bcff9d6388dc1cad38fbfb3983f97f52d0533301'>tests: Adjust opam and pypi tests to simplified inputs.</a><span class='msg-avail'>...</span></td><td>Ludovic Courtès</td></tr>
<tr><td><span title='2021-10-12 17:46:23 +0000'>2021-10-12</span></td><td><a href='/guix/commit/tests/opam.scm?id=a1eca979fb8da842e73c42f4f53be29b169810f2'>Merge remote-tracking branch 'origin/master' into core-updates-frozen.</a></td><td>Mathieu Othacehe</td></tr>
<tr><td><span title='2021-09-18 19:37:44 +0200'>2021-09-18</span></td><td><a href='/guix/commit/tests/opam.scm?id=358ad74f41a59b177c9961abf49753a7ce3f41a0'>tests: Allow opam test to run without networking.</a><span class='msg-avail'>...</span></td><td>Ludovic Courtès</td></tr>
<tr><td><span title='2021-09-07 14:19:08 +0200'>2021-09-07</span></td><td><a href='/guix/commit/tests/opam.scm?id=d9dfbf886ddbb92dfdaa118bb9765e78aad5c53a'>Merge branch 'master' into core-updates-frozen</a></td><td>Ludovic Courtès</td></tr>
<tr><td><span title='2021-08-21 00:05:21 +0200'>2021-08-21</span></td><td><a href='/guix/commit/tests/opam.scm?id=fc29c80b9635ff490bcc768c774442043cb1e231'>guix: opam: More flexibility in the importer.</a><span class='msg-avail'>...</span></td><td>Alice BRENON</td></tr>
<tr><td><span title='2021-07-20 23:43:29 +0200'>2021-07-20</span></td><td><a href='/guix/commit/tests/opam.scm?id=3d5a36c45755d8ca2b5978eb3769cba4809a68f1'>import: opam: Emit new-style package inputs.</a><span class='msg-avail'>...</span></td><td>Sarah Morgensen</td></tr>
<tr><td><span title='2021-05-28 11:36:03 +0200'>2021-05-28</span></td><td><a href='/guix/commit/tests/opam.scm?id=3f5bc6cbb34e1b57829ce3bf482310c49f03d3c3'>import: opam: Generate license for package.</a><span class='msg-avail'>...</span></td><td>Xinglu Chen</td></tr>
<tr><td><span title='2020-12-08 22:58:37 +0100'>2020-12-08</span></td><td><a href='/guix/commit/tests/opam.scm?id=799f066768bacb321ebad84c75b2bbfd269e7cd8'>import: opam: Adjust test to latest 'opam-&gt;guix-package' changes.</a><span class='msg-avail'>...</span></td><td>Ludovic Courtès</td></tr>
<tr><td><span title='2020-12-08 16:40:30 +0100'>2020-12-08</span></td><td><a href='/guix/commit/tests/opam.scm?id=15ee1b8317adeb74938f3bb7f0c7cb635a818292'>guix: opam: Pass default repository to recursive importer.</a><span class='msg-avail'>...</span></td><td>Julien Lepiller</td></tr>
<tr><td><span title='2020-10-02 00:44:14 +0200'>2020-10-02</span></td><td><a href='/guix/commit/tests/opam.scm?id=23dc21f05b54ef63daaea9eb301cfddbc4c82ddb'>tests: opam: Test additional syntax.</a><span class='msg-avail'>...</span></td><td>Julien Lepiller</td></tr>
<tr><td><span title='2020-10-02 00:30:23 +0200'>2020-10-02</span></td><td><a href='/guix/commit/tests/opam.scm?id=ad05537e32173403d034a0d552092f566abd05a5'>tests: opam: Factorize tests.</a><span class='msg-avail'>...</span></td><td>Julien Lepiller</td></tr>
<tr><td><span title='2020-01-17 14:22:07 +0100'>2020-01-17</span></td><td><a href='/guix/commit/tests/opam.scm?id=282f91790a5bbd0d9b3223c4bfd45b66e418c200'>import: opam: Avoid uses of '@@' in tests.</a><span class='msg-avail'>...</span></td><td>Ludovic Courtès</td></tr>

Age	Commit message (Expand)	Author
2024-04-15	utils: Don’t re-export ‘call-with-temporary-output-file’....	Ludovic Courtès
2023-05-31	tests: Use quasiquoted 'match' patterns for package sexps....	Ludovic Courtès
2021-11-18	tests: Adjust opam and pypi tests to simplified inputs....	Ludovic Courtès
2021-10-12	Merge remote-tracking branch 'origin/master' into core-updates-frozen.	Mathieu Othacehe
2021-09-18	tests: Allow opam test to run without networking....	Ludovic Courtès
2021-09-07	Merge branch 'master' into core-updates-frozen	Ludovic Courtès
2021-08-21	guix: opam: More flexibility in the importer....	Alice BRENON
2021-07-20	import: opam: Emit new-style package inputs....	Sarah Morgensen
2021-05-28	import: opam: Generate license for package....	Xinglu Chen
2020-12-08	import: opam: Adjust test to latest 'opam->guix-package' changes....	Ludovic Courtès
2020-12-08	guix: opam: Pass default repository to recursive importer....	Julien Lepiller
2020-10-02	tests: opam: Test additional syntax....	Julien Lepiller
2020-10-02	tests: opam: Factorize tests....	Julien Lepiller
2020-01-17	import: opam: Avoid uses of '@@' in tests....	Ludovic Courtès