Fix CVE-2017-8362:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8362

Patch copied from upstream source repository:

https://github.com/erikd/libsndfile/commit/ef1dbb2df1c0e741486646de40bd638a9c4cd808

From ef1dbb2df1c0e741486646de40bd638a9c4cd808 Mon Sep 17 00:00:00 2001
From: Erik de Castro Lopo <erikd@mega-nerd.com>
Date: Fri, 14 Apr 2017 15:19:16 +1000
Subject: [PATCH] src/flac.c: Fix a buffer read overflow

A file (generated by a fuzzer) which increased the number of channels
from one frame to the next could cause a read beyond the end of the
buffer provided by libFLAC. Only option is to abort the read.

Closes: https://github.com/erikd/libsndfile/issues/231
---
 src/flac.c | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/src/flac.c b/src/flac.c
index 5a4f8c21..e4f9aaa0 100644
--- a/src/flac.c
+++ b/src/flac.c
@@ -169,6 +169,14 @@ flac_buffer_copy (SF_PRIVATE *psf)
 	const int32_t* const *buffer = pflac->wbuffer ;
 	unsigned i = 0, j, offset, channels, len ;
 
+	if (psf->sf.channels != (int) frame->header.channels)
+	{	psf_log_printf (psf, "Error: FLAC frame changed from %d to %d channels\n"
+									"Nothing to do but to error out.\n" ,
+									psf->sf.channels, frame->header.channels) ;
+		psf->error = SFE_FLAC_CHANNEL_COUNT_CHANGED ;
+		return 0 ;
+		} ;
+
 	/*
 	**	frame->header.blocksize is variable and we're using a constant blocksize
 	**	of FLAC__MAX_BLOCK_SIZE.
@@ -202,7 +210,6 @@ flac_buffer_copy (SF_PRIVATE *psf)
 		return 0 ;
 		} ;
 
-
 	len = SF_MIN (pflac->len, frame->header.blocksize) ;
 
 	if (pflac->remain % channels != 0)
@@ -436,7 +443,7 @@ sf_flac_meta_callback (const FLAC__StreamDecoder * UNUSED (decoder), const FLAC_
 	{	case FLAC__METADATA_TYPE_STREAMINFO :
 			if (psf->sf.channels > 0 && psf->sf.channels != (int) metadata->data.stream_info.channels)
 			{	psf_log_printf (psf, "Error: FLAC stream changed from %d to %d channels\n"
-									"Nothing to be but to error out.\n" ,
+									"Nothing to do but to error out.\n" ,
 									psf->sf.channels, metadata->data.stream_info.channels) ;
 				psf->error = SFE_FLAC_CHANNEL_COUNT_CHANGED ;
 				return ;
-- 
2.12.2

ref='/guix/log/?id=3689faac5c10249f052c979b527cba26054170d8&amp;showmsg=1'>root</a>/<a href='/guix/log/gnu?id=3689faac5c10249f052c979b527cba26054170d8&amp;showmsg=1'>gnu</a>/<a href='/guix/log/gnu/packages?id=3689faac5c10249f052c979b527cba26054170d8&amp;showmsg=1'>packages</a>/<a href='/guix/log/gnu/packages/telephony.scm?id=3689faac5c10249f052c979b527cba26054170d8&amp;showmsg=1'>telephony.scm</a></div><div class='content'><table class='list nowrap'><tr class='nohover'><th class='left'>Age</th><th class='left'>Commit message (<a href='/guix/log/gnu/packages/telephony.scm?id=3689faac5c10249f052c979b527cba26054170d8'>Collapse</a>)</th><th class='left'>Author</th></tr>
<tr class='logheader'><td><span title='2024-05-29 21:15:39 -0400'>2024-05-29</span></td><td class='logsubject'><a href='/guix/commit/gnu/packages/telephony.scm?id=d368c802840e1dd880975962ee0bd0ec560b6a95'>gnu: pjproject-jami: Update to 2.13.1-2.797f1a3.</a></td><td>Maxim Cournoyer</td></tr>
<tr class='nohover-highlight'><td/><td colspan='3' class='logmsg'>
* gnu/packages/telephony.scm (pjproject-jami): Update to 2.13.1-2.797f1a3.

Change-Id: I7a037ee040f5c8ae9b038eada4a33e89559b5332


</td></tr>
<tr class='logheader'><td><span title='2024-04-03 18:05:11 -0400'>2024-04-03</span></td><td class='logsubject'><a href='/guix/commit/gnu/packages/telephony.scm?id=e5aebf8a599213b719ab633fc177c333f257bb47'>gnu: pjproject-jami: Update to 2.13.1-1.e12ea3b.</a></td><td>Maxim Cournoyer</td></tr>
<tr class='nohover-highlight'><td/><td colspan='3' class='logmsg'>
* gnu/packages/telephony.scm (pjproject-jami): Update to 2.13.1-1.e12ea3b.

Change-Id: Idd6c60a4795e7b2661963358568005162705679f


</td></tr>
<tr class='logheader'><td><span title='2024-01-14 17:23:44 +0100'>2024-01-14</span></td><td class='logsubject'><a href='/guix/commit/gnu/packages/telephony.scm?id=1682264fdafbfa15925cce3d0d11cbca26696e6d'>Merge branch 'master' into gnome-team</a></td><td>Liliana Marie Prikler</td></tr>
<tr class='nohover-highlight'><td/><td colspan='3' class='logmsg'>
</td></tr>
<tr class='logheader'><td><span title='2024-01-09 22:10:12 -0500'>2024-01-09</span></td><td class='logsubject'><a href='/guix/commit/gnu/packages/telephony.scm?id=202b16e31abc2f3d283e4d04268a9df004724387'>gnu: pjproject-jami: Update and relocate.</a></td><td>Maxim Cournoyer</td></tr>
<tr class='nohover-highlight'><td/><td colspan='3' class='logmsg'>
* gnu/packages/jami.scm (pjproject-jami): Move to...
* gnu/packages/telephony.scm (pjproject-jami): ... here.  Update to latest
commit.
[arguments]: Use same configure flags as done in Jami/DhtNet projects.

Change-Id: I638364ebc94f17762ee072311b5fe439b7c6f837


</td></tr>

Age	Commit message (Collapse)	Author
2024-05-29	gnu: pjproject-jami: Update to 2.13.1-2.797f1a3.	Maxim Cournoyer
	* gnu/packages/telephony.scm (pjproject-jami): Update to 2.13.1-2.797f1a3. Change-Id: I7a037ee040f5c8ae9b038eada4a33e89559b5332
2024-04-03	gnu: pjproject-jami: Update to 2.13.1-1.e12ea3b.	Maxim Cournoyer
	* gnu/packages/telephony.scm (pjproject-jami): Update to 2.13.1-1.e12ea3b. Change-Id: Idd6c60a4795e7b2661963358568005162705679f
2024-01-14	Merge branch 'master' into gnome-team	Liliana Marie Prikler

2024-01-09	gnu: pjproject-jami: Update and relocate.	Maxim Cournoyer
	* gnu/packages/jami.scm (pjproject-jami): Move to... * gnu/packages/telephony.scm (pjproject-jami): ... here. Update to latest commit. [arguments]: Use same configure flags as done in Jami/DhtNet projects. Change-Id: I638364ebc94f17762ee072311b5fe439b7c6f837