main/libsndfile: update CVE-2018-19758 fix from upstream

The CVE-2018-19758.patch is now a merge of relevant bits from two upstream commits:
42132c543358cee9f7c3e9e9b15bb6c1063a608e
6d7ce94c020cc720a6b28719d1a7879181790008

1 files changed, 8 insertions, 18 deletions

diff --git a/main/libsndfile/CVE-2018-19758.patch b/main/libsndfile/CVE-2018-19758.patch
index ead28f6fd2..7b4e9477bb 100644
--- a/main/libsndfile/CVE-2018-19758.patch
+++ b/main/libsndfile/CVE-2018-19758.patch
@@ -1,23 +1,13 @@
-commit 42132c543358cee9f7c3e9e9b15bb6c1063a608e
-Author: Erik de Castro Lopo <erikd@mega-nerd.com>
-Date:   Tue Jan 1 20:11:46 2019 +1100
-
-    src/wav.c: Fix heap read overflow
-    
-    This is CVE-2018-19758.
-    
-    Closes: https://github.com/erikd/libsndfile/issues/435
-
-diff --git a/src/wav.c b/src/wav.c
-index 9d71aadb..5c825f2a 100644
---- a/src/wav.c
+--- a/src/wav.c.orig
 +++ b/src/wav.c
-@@ -1146,6 +1146,8 @@ wav_write_header (SF_PRIVATE *psf, int calc_length)
- 		psf_binheader_writef (psf, "44", BHW4 (0), BHW4 (0)) ; /* SMTPE format */
- 		psf_binheader_writef (psf, "44", BHW4 (psf->instrument->loop_count), BHW4 (0)) ;
+@@ -1094,6 +1094,10 @@
+ 		psf_binheader_writef (psf, "44", 0, 0) ; /* SMTPE format */
+ 		psf_binheader_writef (psf, "44", psf->instrument->loop_count, 0) ;
  
-+		/* Loop count is signed 16 bit number so we limit it range to something sensible. */
-+		psf->instrument->loop_count &= 0x7fff ;
++		/* Make sure we don't read past the loops array end. */
++		if (psf->instrument->loop_count > ARRAY_LEN (psf->instrument->loops))
++			psf->instrument->loop_count = ARRAY_LEN (psf->instrument->loops) ;
++
  		for (tmp = 0 ; tmp < psf->instrument->loop_count ; tmp++)
  		{	int type ;