--- /dev/null
+From d9a35ea0d5c64c19dd635ae578e0028df8f66d6a Mon Sep 17 00:00:00 2001
+From: Sisyphus-wang <43361974+Sisyphus-wang@users.noreply.github.com>
+Date: Fri, 11 Jul 2025 15:14:48 +0800
+Subject: [PATCH] Update mpeg_l3_encode.c
+
+fix memoryLeak bug
+
+CVE: CVE-2025-56226
+Upstream-Status: Backport [https://github.com/libsndfile/libsndfile/commit/d9a35ea0d5c64c19dd635ae578e0028df8f66d6a]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ src/mpeg_l3_encode.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/mpeg_l3_encode.c b/src/mpeg_l3_encode.c
+index 97324f79..04b1d501 100644
+--- a/src/mpeg_l3_encode.c
++++ b/src/mpeg_l3_encode.c
+@@ -87,7 +87,8 @@ mpeg_l3_encoder_init (SF_PRIVATE *psf, int info_tag)
+ if (! (pmpeg->lamef = lame_init ()))
+ return SFE_MALLOC_FAILED ;
+
+- pmpeg->compression = -1.0 ; /* Unset */
++ psf->codec_close = mpeg_l3_encoder_close ; /* Set psf->codec_close early*/
++ pmpeg->compression = -1.0 ; /* Unset */
+
+ lame_set_in_samplerate (pmpeg->lamef, psf->sf.samplerate) ;
+ lame_set_num_channels (pmpeg->lamef, psf->sf.channels) ;
+@@ -115,7 +116,6 @@ mpeg_l3_encoder_init (SF_PRIVATE *psf, int info_tag)
+ }
+
+ psf->sf.seekable = 0 ;
+- psf->codec_close = mpeg_l3_encoder_close ;
+ psf->byterate = mpeg_l3_encoder_byterate ;
+ psf->datalength = 0 ;
+
--- /dev/null
+From 68f6c16fe1407eff4cdde158566694c3ed666c2f Mon Sep 17 00:00:00 2001
+From: Sisyphus-wang <43361974+Sisyphus-wang@users.noreply.github.com>
+Date: Fri, 11 Jul 2025 15:26:24 +0800
+Subject: [PATCH] Update sndfile-convert.c
+
+fix memoryLeak in sndfile-conver.c
+
+CVE: CVE-2025-56226
+Upstream-Status: Backport [https://github.com/libsndfile/libsndfile/commit/68f6c16fe1407eff4cdde158566694c3ed666c2f]
+Signed-off-by: Peter Marko <peter.marko@siemens.com>
+---
+ programs/sndfile-convert.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/programs/sndfile-convert.c b/programs/sndfile-convert.c
+index 95f59d3c..a9f0cfac 100644
+--- a/programs/sndfile-convert.c
++++ b/programs/sndfile-convert.c
+@@ -301,6 +301,7 @@ main (int argc, char * argv [])
+
+ if ((sfinfo.format = sfe_file_type_of_ext (outfilename, sfinfo.format)) == 0)
+ { printf ("Error : Not able to determine output file type for %s.\n", outfilename) ;
++ sf_close (infile) ;
+ return 1 ;
+ } ;
+
+@@ -344,6 +345,7 @@ main (int argc, char * argv [])
+ /* Open the output file. */
+ if ((outfile = sf_open (outfilename, SFM_WRITE, &sfinfo)) == NULL)
+ { printf ("Not able to open output file %s : %s\n", outfilename, sf_strerror (NULL)) ;
++ sf_close (infile) ;
+ return 1 ;
+ } ;
+
+@@ -360,6 +362,8 @@ main (int argc, char * argv [])
+ || (infileminor == SF_FORMAT_MPEG_LAYER_III) || (outfileminor == SF_FORMAT_MPEG_LAYER_III))
+ { if (sfe_copy_data_fp (outfile, infile, sfinfo.channels, normalize) != 0)
+ { printf ("Error : Not able to decode input file %s.\n", infilename) ;
++ sf_close (infile) ;
++ sf_close (outfile) ;
+ return 1 ;
+ } ;
+ }
projects / thirdparty / openembedded / openembedded-core.git / commitdiff
