File fluidsynth-1.11-CVE-2021-28421.patch of Package fluidsynth
From: Takashi Iwai <tiwai@suse.de>
Patch-mainline: Backport of CVE-2021-28421 fix for fluidsynth-1.11
Backported the upstream commit 005719628aef0bd48dc7b2f860c7e4ca16b81044
Signed-off-by: Takashi Iwai <tiwai@suse.de>
---
src/sfloader/fluid_defsfont.c | 24 ++++++++++++++++--------
1 file changed, 16 insertions(+), 8 deletions(-)
--- a/src/sfloader/fluid_defsfont.c
+++ b/src/sfloader/fluid_defsfont.c
@@ -2706,7 +2706,7 @@ load_pmod (int size, SFData * sf, FILE *
static int
load_pgen (int size, SFData * sf, FILE * fd)
{
- fluid_list_t *p, *p2, *p3, *dup, **hz = NULL;
+ fluid_list_t *p, *p2, *p3, *dup, **hz = NULL, *start_of_zone_list;
SFZone *z;
SFGen *g;
SFGenAmount genval;
@@ -2718,7 +2718,7 @@ load_pgen (int size, SFData * sf, FILE *
{ /* traverse through all presets */
gzone = FALSE;
discarded = FALSE;
- p2 = ((SFPreset *) (p->data))->zone;
+ start_of_zone_list = p2 = ((SFPreset *)(p->data))->zone;
if (p2)
hz = &p2;
while (p2)
@@ -2828,11 +2828,15 @@ load_pgen (int size, SFData * sf, FILE *
}
}
else
- { /* previous global zone exists, discard */
+ {
+ p2 = fluid_list_next (p2); /* advance to next zone before deleting the current list element */
+ /* previous global zone exists, discard */
FLUID_LOG (FLUID_WARN,
_("Preset \"%s\": Discarding invalid global zone"),
((SFPreset *) (p->data))->name);
- sfont_zone_delete (sf, hz, (SFZone *) (p2->data));
+ fluid_list_remove (start_of_zone_list, z);
+ sfont_zone_delete (sf, hz, z);
+ continue;
}
}
@@ -3057,7 +3061,7 @@ load_imod (int size, SFData * sf, FILE *
static int
load_igen (int size, SFData * sf, FILE * fd)
{
- fluid_list_t *p, *p2, *p3, *dup, **hz = NULL;
+ fluid_list_t *p, *p2, *p3, *dup, **hz = NULL, *start_of_zone_list;
SFZone *z;
SFGen *g;
SFGenAmount genval;
@@ -3069,7 +3073,7 @@ load_igen (int size, SFData * sf, FILE *
{ /* traverse through all instruments */
gzone = FALSE;
discarded = FALSE;
- p2 = ((SFInst *) (p->data))->zone;
+ start_of_zone_list = p2 = ((SFInst *)(p->data))->zone;
if (p2)
hz = &p2;
while (p2)
@@ -3178,11 +3182,15 @@ load_igen (int size, SFData * sf, FILE *
}
}
else
- { /* previous global zone exists, discard */
+ {
+ p2 = fluid_list_next (p2); /* advance to next zone before deleting the current list element */
+ /* previous global zone exists, discard */
FLUID_LOG (FLUID_WARN,
_("Instrument \"%s\": Discarding invalid global zone"),
((SFInst *) (p->data))->name);
- sfont_zone_delete (sf, hz, (SFZone *) (p2->data));
+ fluid_list_remove (start_of_zone_list, z);
+ sfont_zone_delete (sf, hz, z);
+ continue;
}
}