main/libsndfile: update CVE-2018-19758 fix from upstream

The CVE-2018-19758.patch is now a merge of relevant bits from two upstream commits:
42132c543358cee9f7c3e9e9b15bb6c1063a608e
6d7ce94c020cc720a6b28719d1a7879181790008

Fixes #10108

2 files changed, 17 insertions, 1 deletions

diff --git a/main/libsndfile/APKBUILD b/main/libsndfile/APKBUILD
index d8b9f06781..6cc76e7dd2 100644
--- a/main/libsndfile/APKBUILD
+++ b/main/libsndfile/APKBUILD
@@ -2,7 +2,7 @@
 # Maintainer: Natanael Copa <ncopa@alpinelinux.org>
 pkgname=libsndfile
 pkgver=1.0.28
-pkgrel=5
+pkgrel=6
 pkgdesc="A C library for reading and writing files containing sampled sound"
 url="http://www.mega-nerd.com/libsndfile"
 arch="all"
@@ -22,6 +22,9 @@ source="http://www.mega-nerd.com/$pkgname/files/$pkgname-$pkgver.tar.gz
 [ "$CARCH" = "armhf" ] && options="!check"
 
 # secfixes:
+#   1.0.28-r6:
+#     - CVE-2018-19758
+#     - CVE-2019-3832
 #   1.0.28-r5:
 #     - CVE-2017-17456
 #     - CVE-2017-17457
diff --git a/main/libsndfile/CVE-2018-19758.patch b/main/libsndfile/CVE-2018-19758.patch
new file mode 100644
index 0000000000..7b4e9477bb
--- /dev/null
+++ b/main/libsndfile/CVE-2018-19758.patch
@@ -0,0 +1,13 @@
+--- a/src/wav.c.orig
++++ b/src/wav.c
+@@ -1094,6 +1094,10 @@
+ 		psf_binheader_writef (psf, "44", 0, 0) ; /* SMTPE format */
+ 		psf_binheader_writef (psf, "44", psf->instrument->loop_count, 0) ;
+ 
++		/* Make sure we don't read past the loops array end. */
++		if (psf->instrument->loop_count > ARRAY_LEN (psf->instrument->loops))
++			psf->instrument->loop_count = ARRAY_LEN (psf->instrument->loops) ;
++
+ 		for (tmp = 0 ; tmp < psf->instrument->loop_count ; tmp++)
+ 		{	int type ;
+