diff options
author | pav <pav@FreeBSD.org> | 2008-11-13 00:31:27 +0800 |
---|---|---|
committer | pav <pav@FreeBSD.org> | 2008-11-13 00:31:27 +0800 |
commit | 16436a15a23d6ea494413adfc4f6ddeaf9e0fb67 (patch) | |
tree | 68c0fb6da26a2430a1507e08aaa8293312c6f6d7 /audio | |
parent | 7851a491278f5961fa245790fd72ea5415975147 (diff) | |
download | freebsd-ports-gnome-16436a15a23d6ea494413adfc4f6ddeaf9e0fb67.tar.gz freebsd-ports-gnome-16436a15a23d6ea494413adfc4f6ddeaf9e0fb67.tar.zst freebsd-ports-gnome-16436a15a23d6ea494413adfc4f6ddeaf9e0fb67.zip |
- Fix a heap-based buffer overflow in the command-line frontend. It allows
remote attackers to cause a denial of service (crash) and possibly execute
arbitrary code via a crafted MPEG-4 (MP4) file.
PR: ports/128512
Submitted by: bf <bf2006a@yahoo.com>
Security: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4201
Diffstat (limited to 'audio')
-rw-r--r-- | audio/faad/Makefile | 1 | ||||
-rw-r--r-- | audio/faad/files/patch-frontend_main.c | 17 |
2 files changed, 18 insertions, 0 deletions
diff --git a/audio/faad/Makefile b/audio/faad/Makefile index e65528d407e0..71f80a45b67b 100644 --- a/audio/faad/Makefile +++ b/audio/faad/Makefile @@ -7,6 +7,7 @@ PORTNAME= faad2 PORTVERSION= 2.6.1 +PORTREVISION= 1 PORTEPOCH= 1 CATEGORIES= audio MASTER_SITES= ${MASTER_SITE_SOURCEFORGE} diff --git a/audio/faad/files/patch-frontend_main.c b/audio/faad/files/patch-frontend_main.c new file mode 100644 index 000000000000..71dd8693de4e --- /dev/null +++ b/audio/faad/files/patch-frontend_main.c @@ -0,0 +1,17 @@ +--- frontend/main.c.orig 2007-11-01 13:33:30.000000000 -0700 ++++ frontend/main.c 2008-09-16 11:01:40.000000000 -0700 +@@ -911,12 +911,14 @@ + if (sampleId == 0) dur = 0; + + if (useAacLength || (timescale != samplerate)) { + sample_count = frameInfo.samples; + } else { + sample_count = (unsigned int)(dur * frameInfo.channels); ++ if (sample_count > frameInfo.samples) ++ sample_count = frameInfo.samples; + + if (!useAacLength && !initial && (sampleId < numSamples/2) && (sample_count != frameInfo.samples)) + { + faad_fprintf(stderr, "MP4 seems to have incorrect frame duration, using values from AAC data.\n"); + useAacLength = 1; + sample_count = frameInfo.samples; |