aboutsummaryrefslogtreecommitdiff
path: root/audio
diff options
context:
space:
mode:
authorPav Lucistnik <pav@FreeBSD.org>2008-11-12 16:31:27 +0000
committerPav Lucistnik <pav@FreeBSD.org>2008-11-12 16:31:27 +0000
commitebcb4f8797a1bd129402fa3c4ceae4b756fc91a2 (patch)
treec93ff35768d8eba1f06bd53b7ff589b166fae030 /audio
parent50d3a2c1002c333cbf57fa8720be75660a4b2c9f (diff)
downloadports-ebcb4f8797a1bd129402fa3c4ceae4b756fc91a2.tar.gz
ports-ebcb4f8797a1bd129402fa3c4ceae4b756fc91a2.zip
- Fix a heap-based buffer overflow in the command-line frontend. It allows
remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MPEG-4 (MP4) file. PR: ports/128512 Submitted by: bf <bf2006a@yahoo.com> Security: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4201
Notes
Notes: svn path=/head/; revision=222775
Diffstat (limited to 'audio')
-rw-r--r--audio/faad/Makefile1
-rw-r--r--audio/faad/files/patch-frontend_main.c17
2 files changed, 18 insertions, 0 deletions
diff --git a/audio/faad/Makefile b/audio/faad/Makefile
index e65528d407e0..71f80a45b67b 100644
--- a/audio/faad/Makefile
+++ b/audio/faad/Makefile
@@ -7,6 +7,7 @@
PORTNAME= faad2
PORTVERSION= 2.6.1
+PORTREVISION= 1
PORTEPOCH= 1
CATEGORIES= audio
MASTER_SITES= ${MASTER_SITE_SOURCEFORGE}
diff --git a/audio/faad/files/patch-frontend_main.c b/audio/faad/files/patch-frontend_main.c
new file mode 100644
index 000000000000..71dd8693de4e
--- /dev/null
+++ b/audio/faad/files/patch-frontend_main.c
@@ -0,0 +1,17 @@
+--- frontend/main.c.orig 2007-11-01 13:33:30.000000000 -0700
++++ frontend/main.c 2008-09-16 11:01:40.000000000 -0700
+@@ -911,12 +911,14 @@
+ if (sampleId == 0) dur = 0;
+
+ if (useAacLength || (timescale != samplerate)) {
+ sample_count = frameInfo.samples;
+ } else {
+ sample_count = (unsigned int)(dur * frameInfo.channels);
++ if (sample_count > frameInfo.samples)
++ sample_count = frameInfo.samples;
+
+ if (!useAacLength && !initial && (sampleId < numSamples/2) && (sample_count != frameInfo.samples))
+ {
+ faad_fprintf(stderr, "MP4 seems to have incorrect frame duration, using values from AAC data.\n");
+ useAacLength = 1;
+ sample_count = frameInfo.samples;