aboutsummaryrefslogtreecommitdiffstats
path: root/audio
diff options
context:
space:
mode:
authorpav <pav@FreeBSD.org>2008-11-13 00:31:27 +0800
committerpav <pav@FreeBSD.org>2008-11-13 00:31:27 +0800
commit16436a15a23d6ea494413adfc4f6ddeaf9e0fb67 (patch)
tree68c0fb6da26a2430a1507e08aaa8293312c6f6d7 /audio
parent7851a491278f5961fa245790fd72ea5415975147 (diff)
downloadfreebsd-ports-gnome-16436a15a23d6ea494413adfc4f6ddeaf9e0fb67.tar.gz
freebsd-ports-gnome-16436a15a23d6ea494413adfc4f6ddeaf9e0fb67.tar.zst
freebsd-ports-gnome-16436a15a23d6ea494413adfc4f6ddeaf9e0fb67.zip
- Fix a heap-based buffer overflow in the command-line frontend. It allows
remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MPEG-4 (MP4) file. PR: ports/128512 Submitted by: bf <bf2006a@yahoo.com> Security: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4201
Diffstat (limited to 'audio')
-rw-r--r--audio/faad/Makefile1
-rw-r--r--audio/faad/files/patch-frontend_main.c17
2 files changed, 18 insertions, 0 deletions
diff --git a/audio/faad/Makefile b/audio/faad/Makefile
index e65528d407e0..71f80a45b67b 100644
--- a/audio/faad/Makefile
+++ b/audio/faad/Makefile
@@ -7,6 +7,7 @@
PORTNAME= faad2
PORTVERSION= 2.6.1
+PORTREVISION= 1
PORTEPOCH= 1
CATEGORIES= audio
MASTER_SITES= ${MASTER_SITE_SOURCEFORGE}
diff --git a/audio/faad/files/patch-frontend_main.c b/audio/faad/files/patch-frontend_main.c
new file mode 100644
index 000000000000..71dd8693de4e
--- /dev/null
+++ b/audio/faad/files/patch-frontend_main.c
@@ -0,0 +1,17 @@
+--- frontend/main.c.orig 2007-11-01 13:33:30.000000000 -0700
++++ frontend/main.c 2008-09-16 11:01:40.000000000 -0700
+@@ -911,12 +911,14 @@
+ if (sampleId == 0) dur = 0;
+
+ if (useAacLength || (timescale != samplerate)) {
+ sample_count = frameInfo.samples;
+ } else {
+ sample_count = (unsigned int)(dur * frameInfo.channels);
++ if (sample_count > frameInfo.samples)
++ sample_count = frameInfo.samples;
+
+ if (!useAacLength && !initial && (sampleId < numSamples/2) && (sample_count != frameInfo.samples))
+ {
+ faad_fprintf(stderr, "MP4 seems to have incorrect frame duration, using values from AAC data.\n");
+ useAacLength = 1;
+ sample_count = frameInfo.samples;