Fix CVE-2017-8362:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8362

Patch copied from upstream source repository:

https://github.com/erikd/libsndfile/commit/ef1dbb2df1c0e741486646de40bd638a9c4cd808

From ef1dbb2df1c0e741486646de40bd638a9c4cd808 Mon Sep 17 00:00:00 2001
From: Erik de Castro Lopo <erikd@mega-nerd.com>
Date: Fri, 14 Apr 2017 15:19:16 +1000
Subject: [PATCH] src/flac.c: Fix a buffer read overflow

A file (generated by a fuzzer) which increased the number of channels
from one frame to the next could cause a read beyond the end of the
buffer provided by libFLAC. Only option is to abort the read.

Closes: https://github.com/erikd/libsndfile/issues/231
---
 src/flac.c | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/src/flac.c b/src/flac.c
index 5a4f8c21..e4f9aaa0 100644
--- a/src/flac.c
+++ b/src/flac.c
@@ -169,6 +169,14 @@ flac_buffer_copy (SF_PRIVATE *psf)
 	const int32_t* const *buffer = pflac->wbuffer ;
 	unsigned i = 0, j, offset, channels, len ;
 
+	if (psf->sf.channels != (int) frame->header.channels)
+	{	psf_log_printf (psf, "Error: FLAC frame changed from %d to %d channels\n"
+									"Nothing to do but to error out.\n" ,
+									psf->sf.channels, frame->header.channels) ;
+		psf->error = SFE_FLAC_CHANNEL_COUNT_CHANGED ;
+		return 0 ;
+		} ;
+
 	/*
 	**	frame->header.blocksize is variable and we're using a constant blocksize
 	**	of FLAC__MAX_BLOCK_SIZE.
@@ -202,7 +210,6 @@ flac_buffer_copy (SF_PRIVATE *psf)
 		return 0 ;
 		} ;
 
-
 	len = SF_MIN (pflac->len, frame->header.blocksize) ;
 
 	if (pflac->remain % channels != 0)
@@ -436,7 +443,7 @@ sf_flac_meta_callback (const FLAC__StreamDecoder * UNUSED (decoder), const FLAC_
 	{	case FLAC__METADATA_TYPE_STREAMINFO :
 			if (psf->sf.channels > 0 && psf->sf.channels != (int) metadata->data.stream_info.channels)
 			{	psf_log_printf (psf, "Error: FLAC stream changed from %d to %d channels\n"
-									"Nothing to be but to error out.\n" ,
+									"Nothing to do but to error out.\n" ,
 									psf->sf.channels, metadata->data.stream_info.channels) ;
 				psf->error = SFE_FLAC_CHANNEL_COUNT_CHANGED ;
 				return ;
-- 
2.12.2

d=203344cc37c8a7df1ec1454381b5069d53ce7f9e'>system</a>/<a href='/guix/log/gnu/system/vm.scm?id=203344cc37c8a7df1ec1454381b5069d53ce7f9e'>vm.scm</a></div><div class='content'><table class='list nowrap'><tr class='nohover'><th class='left'>Age</th><th class='left'>Commit message (<a href='/guix/log/gnu/system/vm.scm?id=203344cc37c8a7df1ec1454381b5069d53ce7f9e&amp;showmsg=1'>Expand</a>)</th><th class='left'>Author</th></tr>
<tr><td><span title='2024-02-10 23:21:07 +0100'>2024-02-10</span></td><td><a href='/guix/commit/gnu/system/vm.scm?id=9edbb2d7a40c9da7583a1046e39b87633459f656'>services: Add ‘virtual-build-machine’ service.</a><span class='msg-avail'>...<span class='msg-tooltip'>* gnu/services/virtualization.scm (&lt;virtual-build-machine&gt;): New record type.
(%build-vm-ssh-port, %build-vm-secrets-port, %x86-64-intel-cpu-models):
New variables.
(qemu-cpu-model-for-date, virtual-build-machine-ssh-port)
(virtual-build-machine-secrets-port): New procedures.
(%minimal-vm-syslog-config, %virtual-build-machine-operating-system):
New variables.
(virtual-build-machine-default-image):
(virtual-build-machine-account-name)
(virtual-build-machine-accounts)
(build-vm-shepherd-services)
(initialize-build-vm-substitutes)
(build-vm-activation)
(virtual-build-machine-offloading-ssh-key)
(virtual-build-machine-activation)
(virtual-build-machine-secret-root)
(check-vm-availability)
(build-vm-guix-extension): New procedures.
(initialize-hurd-vm-substitutes): Remove.
(hurd-vm-activation): Rewrite in terms of ‘build-vm-activation’.
* gnu/system/vm.scm (linux-image-startup-command): New procedure.
(operating-system-for-image): Export.
* gnu/tests/virtualization.scm (run-command-over-ssh): New procedure,
extracted from…
(run-childhurd-test): … here.
[test]: Adjust accordingly.
(%build-vm-os): New variable.
(run-build-vm-test): New procedure.
(%test-build-vm): New variable.
* doc/guix.texi (Virtualization Services)[Virtual Build Machines]: New
section.
(Build Environment Setup): Add cross-reference.

Change-Id: I0a47652a583062314020325aedb654f11cb2499c
</span></span></td><td>Ludovic Courtès</td></tr>
<tr><td><span title='2024-02-10 22:59:52 +0100'>2024-02-10</span></td><td><a href='/guix/commit/gnu/system/vm.scm?id=b0a5c0742f7e5cf0df4c0f20dbbb720df1311a70'>vm: Add ‘cpu-count’ field to &lt;virtual-machine&gt;.</a><span class='msg-avail'>...<span class='msg-tooltip'>* gnu/system/vm.scm (&lt;virtual-machine&gt;)[cpu-count]: New field.
(virtual-machine-compiler): Honor it.

Change-Id: I907a89365f32ac7a9981c4ae5f59cf6eb199c3cc
</span></span></td><td>Ludovic Courtès</td></tr>
<tr><td><span title='2024-02-10 22:59:49 +0100'>2024-02-10</span></td><td><a href='/guix/commit/gnu/system/vm.scm?id=7a4f585ae1875b1bee29e1f106c7af5ca0cd057d'>vm: Export &lt;virtual-machine&gt; accessors.</a><span class='msg-avail'>...<span class='msg-tooltip'>* gnu/system/vm.scm: Export.

Change-Id: If65d96f4052d070af5baee26f3dd9b233b8480f4
</span></span></td><td>Ludovic Courtès</td></tr>
<tr><td><span title='2024-02-10 22:59:46 +0100'>2024-02-10</span></td><td><a href='/guix/commit/gnu/system/vm.scm?id=f7447b1a32c5dc79d34a6bc9e66cca03ecb5cf56'>vm: Add ‘date’ field to &lt;virtual-machine&gt;.</a><span class='msg-avail'>...<span class='msg-tooltip'>* gnu/system/vm.scm (&lt;virtual-machine&gt;)[date]: New field.
(virtual-machine-compiler): Honor it.

Change-Id: Idab1c152466d57cbc6784c031a99fdfd37080bcb
</span></span></td><td>Ludovic Courtès</td></tr>
<tr><td><span title='2023-10-29 02:00:00 +0200'>2023-10-29</span></td><td><a href='/guix/commit/gnu/system/vm.scm?id=2059b9fbe0712e070b6e438b91484c170bf599ff'>system: vm: Include the cirrus driver in the initrd.</a><span class='msg-avail'>...<span class='msg-tooltip'>This is Ludo's suggestion at &lt;https://issues.guix.gnu.org/36069#26&gt;,
with an added guard against duplicates and a tweaked comment.

* gnu/system/vm.scm (virtualized-operating-system): Add "cirrus" to the
list of INITRD-MODULES.

Co-authored-by: Ludovic Courtès &lt;ludo@gnu.org&gt;
Change-Id: I1a86286586eee0b8c39706544778c7911a86da33
</span></span></td><td>Tobias Geerinckx-Rice</td></tr>
<tr><td><span title='2023-10-01 22:58:18 +0200'>2023-10-01</span></td><td><a href='/guix/commit/gnu/system/vm.scm?id=f5c3f8e59e266f9fef629fb6a86a133fbc92a537'>system: vm: Remove unused variable.</a><span class='msg-avail'>...<span class='msg-tooltip'>This is a followup to 05a9d1f378e2e13e8f759be926ea368358afc27c, which
removed its sole user.

* gnu/system/vm.scm (%linux-vm-file-systems): Remove.
(mapping-&gt;file-system): Add comment about “cache=loose”.
</span></span></td><td>Ludovic Courtès</td></tr>

Age	Commit message (Expand)	Author
2024-02-10	services: Add ‘virtual-build-machine’ service....* gnu/services/virtualization.scm (<virtual-build-machine>): New record type. (%build-vm-ssh-port, %build-vm-secrets-port, %x86-64-intel-cpu-models): New variables. (qemu-cpu-model-for-date, virtual-build-machine-ssh-port) (virtual-build-machine-secrets-port): New procedures. (%minimal-vm-syslog-config, %virtual-build-machine-operating-system): New variables. (virtual-build-machine-default-image): (virtual-build-machine-account-name) (virtual-build-machine-accounts) (build-vm-shepherd-services) (initialize-build-vm-substitutes) (build-vm-activation) (virtual-build-machine-offloading-ssh-key) (virtual-build-machine-activation) (virtual-build-machine-secret-root) (check-vm-availability) (build-vm-guix-extension): New procedures. (initialize-hurd-vm-substitutes): Remove. (hurd-vm-activation): Rewrite in terms of ‘build-vm-activation’. * gnu/system/vm.scm (linux-image-startup-command): New procedure. (operating-system-for-image): Export. * gnu/tests/virtualization.scm (run-command-over-ssh): New procedure, extracted from… (run-childhurd-test): … here. [test]: Adjust accordingly. (%build-vm-os): New variable. (run-build-vm-test): New procedure. (%test-build-vm): New variable. * doc/guix.texi (Virtualization Services)[Virtual Build Machines]: New section. (Build Environment Setup): Add cross-reference. Change-Id: I0a47652a583062314020325aedb654f11cb2499c	Ludovic Courtès
2024-02-10	vm: Add ‘cpu-count’ field to <virtual-machine>....* gnu/system/vm.scm (<virtual-machine>)[cpu-count]: New field. (virtual-machine-compiler): Honor it. Change-Id: I907a89365f32ac7a9981c4ae5f59cf6eb199c3cc	Ludovic Courtès
2024-02-10	vm: Export <virtual-machine> accessors....* gnu/system/vm.scm: Export. Change-Id: If65d96f4052d070af5baee26f3dd9b233b8480f4	Ludovic Courtès
2024-02-10	vm: Add ‘date’ field to <virtual-machine>....* gnu/system/vm.scm (<virtual-machine>)[date]: New field. (virtual-machine-compiler): Honor it. Change-Id: Idab1c152466d57cbc6784c031a99fdfd37080bcb	Ludovic Courtès
2023-10-29	system: vm: Include the cirrus driver in the initrd....This is Ludo's suggestion at <https://issues.guix.gnu.org/36069#26>, with an added guard against duplicates and a tweaked comment. * gnu/system/vm.scm (virtualized-operating-system): Add "cirrus" to the list of INITRD-MODULES. Co-authored-by: Ludovic Courtès <ludo@gnu.org> Change-Id: I1a86286586eee0b8c39706544778c7911a86da33	Tobias Geerinckx-Rice
2023-10-01	system: vm: Remove unused variable....This is a followup to 05a9d1f378e2e13e8f759be926ea368358afc27c, which removed its sole user. * gnu/system/vm.scm (%linux-vm-file-systems): Remove. (mapping->file-system): Add comment about “cache=loose”.	Ludovic Courtès