Fix four overflow/invalid memory access issues.

* CVE-2017-8361

  global buffer overflow in flac_buffer_copy

  https://blogs.gentoo.org/ago/2017/04/29/libsndfile-global-buffer-overflow-in-flac_buffer_copy-flac-c/

* CVE-2017-8362

  invalid memory read in flac_buffer_copy

  https://blogs.gentoo.org/ago/2017/04/29/libsndfile-invalid-memory-read-in-flac_buffer_copy-flac-c/

* CVE-2017-8363

  heap-based buffer overflow in flac_buffer_copy

  https://blogs.gentoo.org/ago/2017/04/29/libsndfile-heap-based-buffer-overflow-in-flac_buffer_copy-flac-c/

* CVE-2017-8365

  global buffer overflow in i2les_array (pcm_c)

  https://blogs.gentoo.org/ago/2017/04/29/libsndfile-global-buffer-overflow-in-i2les_array-pcm-c/

Upstream commits at:

  https://github.com/erikd/libsndfile/commit/fd0484aba8e51d16af1e3a880f9b8b857b385eb3

  https://github.com/erikd/libsndfile/commit/ef1dbb2df1c0e741486646de40bd638a9c4cd808

--- libsndfile-1.0.28/src/common.h.orig	2017-05-02 09:34:22.327230292 +0000

+++ libsndfile-1.0.28/src/common.h	2017-05-02 09:38:07.414347779 +0000

@@ -725,6 +725,7 @@

 	SFE_FLAC_INIT_DECODER,

 	SFE_FLAC_LOST_SYNC,

 	SFE_FLAC_BAD_SAMPLE_RATE,

+	SFE_FLAC_CHANNEL_COUNT_CHANGED,

 	SFE_FLAC_UNKOWN_ERROR,

 	SFE_WVE_NOT_WVE,

--- libsndfile-1.0.28/src/flac.c.orig	2017-05-02 09:34:40.424371952 +0000

+++ libsndfile-1.0.28/src/flac.c	2017-05-02 09:43:43.952685131 +0000

@@ -169,6 +169,14 @@

 	const int32_t* const *buffer = pflac->wbuffer ;

 	unsigned i = 0, j, offset, channels, len ;

+	if (psf->sf.channels != (int) frame->header.channels)

+	{	psf_log_printf (psf, "Error: FLAC frame changed from %d to %d channels\n"

+					"Nothing to do but to error out.\n" ,

+					psf->sf.channels, frame->header.channels) ;

+		psf->error = SFE_FLAC_CHANNEL_COUNT_CHANGED ;

+		return 0 ;

+		} ;

+

 	/*

 	**	frame->header.blocksize is variable and we're using a constant blocksize

 	**	of FLAC__MAX_BLOCK_SIZE.

@@ -202,7 +210,6 @@

 		return 0 ;

 		} ;

-

 	len = SF_MIN (pflac->len, frame->header.blocksize) ;

 	if (pflac->remain % channels != 0)

@@ -435,6 +442,19 @@

 	switch (metadata->type)

 	{	case FLAC__METADATA_TYPE_STREAMINFO :

+			if (psf->sf.channels > 0 && psf->sf.channels != (int) metadata->data.stream_info.channels)

+			{	psf_log_printf (psf, "Error: FLAC stream changed from %d to %d channels\n"

+							"Nothing to do but to error out.\n" ,

+							psf->sf.channels, metadata->data.stream_info.channels) ;

+				psf->error = SFE_FLAC_CHANNEL_COUNT_CHANGED ;

+				return ;

+				} ;

+

+			if (psf->sf.channels > 0 && psf->sf.samplerate != (int) metadata->data.stream_info.sample_rate)

+			{	psf_log_printf (psf, "Warning: FLAC stream changed sample rates from %d to %d.\n"

+							"Carrying on as if nothing happened.",

+							psf->sf.samplerate, metadata->data.stream_info.sample_rate) ;

+				} ;

 			psf->sf.channels = metadata->data.stream_info.channels ;

 			psf->sf.samplerate = metadata->data.stream_info.sample_rate ;

 			psf->sf.frames = metadata->data.stream_info.total_samples ;

--- libsndfile-1.0.28/src/sndfile.c.orig	2017-05-02 09:35:02.297609256 +0000

+++ libsndfile-1.0.28/src/sndfile.c	2017-05-02 09:41:54.139468824 +0000

@@ -245,6 +245,7 @@

 	{	SFE_FLAC_INIT_DECODER	, "Error : problem with initialization of the flac decoder." },

 	{	SFE_FLAC_LOST_SYNC		, "Error : flac decoder lost sync." },

 	{	SFE_FLAC_BAD_SAMPLE_RATE, "Error : flac does not support this sample rate." },

+	{	SFE_FLAC_CHANNEL_COUNT_CHANGED, "Error : flac channel changed mid stream." },

 	{	SFE_FLAC_UNKOWN_ERROR	, "Error : unknown error in flac decoder." },

 	{	SFE_WVE_NOT_WVE			, "Error : not a WVE file." },