File fluidsynth-1.11-CVE-2021-28421.patch of Package fluidsynth

From: Takashi Iwai <tiwai@suse.de>
Patch-mainline: Backport of CVE-2021-28421 fix for fluidsynth-1.11

Backported the upstream commit 005719628aef0bd48dc7b2f860c7e4ca16b81044

Signed-off-by: Takashi Iwai <tiwai@suse.de>

---
 src/sfloader/fluid_defsfont.c |   24 ++++++++++++++++--------
 1 file changed, 16 insertions(+), 8 deletions(-)

--- a/src/sfloader/fluid_defsfont.c
+++ b/src/sfloader/fluid_defsfont.c
@@ -2706,7 +2706,7 @@ load_pmod (int size, SFData * sf, FILE *
 static int
 load_pgen (int size, SFData * sf, FILE * fd)
 {
-  fluid_list_t *p, *p2, *p3, *dup, **hz = NULL;
+  fluid_list_t *p, *p2, *p3, *dup, **hz = NULL, *start_of_zone_list;
   SFZone *z;
   SFGen *g;
   SFGenAmount genval;
@@ -2718,7 +2718,7 @@ load_pgen (int size, SFData * sf, FILE *
     {				/* traverse through all presets */
       gzone = FALSE;
       discarded = FALSE;
-      p2 = ((SFPreset *) (p->data))->zone;
+      start_of_zone_list = p2 = ((SFPreset *)(p->data))->zone;
       if (p2)
 	hz = &p2;
       while (p2)
@@ -2828,11 +2828,15 @@ load_pgen (int size, SFData * sf, FILE *
 		    }
 		}
 	      else
-		{		/* previous global zone exists, discard */
+		{
+		  p2 = fluid_list_next (p2); /* advance to next zone before deleting the current list element */
+		  /* previous global zone exists, discard */
 		  FLUID_LOG (FLUID_WARN,
 		    _("Preset \"%s\": Discarding invalid global zone"),
 		    ((SFPreset *) (p->data))->name);
-		  sfont_zone_delete (sf, hz, (SFZone *) (p2->data));
+		  fluid_list_remove (start_of_zone_list, z);
+		  sfont_zone_delete (sf, hz, z);
+		  continue;
 		}
 	    }
 
@@ -3057,7 +3061,7 @@ load_imod (int size, SFData * sf, FILE *
 static int
 load_igen (int size, SFData * sf, FILE * fd)
 {
-  fluid_list_t *p, *p2, *p3, *dup, **hz = NULL;
+  fluid_list_t *p, *p2, *p3, *dup, **hz = NULL, *start_of_zone_list;
   SFZone *z;
   SFGen *g;
   SFGenAmount genval;
@@ -3069,7 +3073,7 @@ load_igen (int size, SFData * sf, FILE *
     {				/* traverse through all instruments */
       gzone = FALSE;
       discarded = FALSE;
-      p2 = ((SFInst *) (p->data))->zone;
+      start_of_zone_list = p2 = ((SFInst *)(p->data))->zone;
       if (p2)
 	hz = &p2;
       while (p2)
@@ -3178,11 +3182,15 @@ load_igen (int size, SFData * sf, FILE *
 		    }
 		}
 	      else
-		{		/* previous global zone exists, discard */
+		{
+		  p2 = fluid_list_next (p2); /* advance to next zone before deleting the current list element */
+		  /* previous global zone exists, discard */
 		  FLUID_LOG (FLUID_WARN,
 		    _("Instrument \"%s\": Discarding invalid global zone"),
 		    ((SFInst *) (p->data))->name);
-		  sfont_zone_delete (sf, hz, (SFZone *) (p2->data));
+		  fluid_list_remove (start_of_zone_list, z);
+		  sfont_zone_delete (sf, hz, z);
+		  continue;
 		}
 	    }
 
openSUSE Build Service is sponsored by