diff options
author | Pav Lucistnik <pav@FreeBSD.org> | 2008-11-12 16:31:27 +0000 |
---|---|---|
committer | Pav Lucistnik <pav@FreeBSD.org> | 2008-11-12 16:31:27 +0000 |
commit | ebcb4f8797a1bd129402fa3c4ceae4b756fc91a2 (patch) | |
tree | c93ff35768d8eba1f06bd53b7ff589b166fae030 /audio | |
parent | 50d3a2c1002c333cbf57fa8720be75660a4b2c9f (diff) | |
download | ports-ebcb4f8797a1bd129402fa3c4ceae4b756fc91a2.tar.gz ports-ebcb4f8797a1bd129402fa3c4ceae4b756fc91a2.zip |
- Fix a heap-based buffer overflow in the command-line frontend. It allows
remote attackers to cause a denial of service (crash) and possibly execute
arbitrary code via a crafted MPEG-4 (MP4) file.
PR: ports/128512
Submitted by: bf <bf2006a@yahoo.com>
Security: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4201
Notes
Notes:
svn path=/head/; revision=222775
Diffstat (limited to 'audio')
-rw-r--r-- | audio/faad/Makefile | 1 | ||||
-rw-r--r-- | audio/faad/files/patch-frontend_main.c | 17 |
2 files changed, 18 insertions, 0 deletions
diff --git a/audio/faad/Makefile b/audio/faad/Makefile index e65528d407e0..71f80a45b67b 100644 --- a/audio/faad/Makefile +++ b/audio/faad/Makefile @@ -7,6 +7,7 @@ PORTNAME= faad2 PORTVERSION= 2.6.1 +PORTREVISION= 1 PORTEPOCH= 1 CATEGORIES= audio MASTER_SITES= ${MASTER_SITE_SOURCEFORGE} diff --git a/audio/faad/files/patch-frontend_main.c b/audio/faad/files/patch-frontend_main.c new file mode 100644 index 000000000000..71dd8693de4e --- /dev/null +++ b/audio/faad/files/patch-frontend_main.c @@ -0,0 +1,17 @@ +--- frontend/main.c.orig 2007-11-01 13:33:30.000000000 -0700 ++++ frontend/main.c 2008-09-16 11:01:40.000000000 -0700 +@@ -911,12 +911,14 @@ + if (sampleId == 0) dur = 0; + + if (useAacLength || (timescale != samplerate)) { + sample_count = frameInfo.samples; + } else { + sample_count = (unsigned int)(dur * frameInfo.channels); ++ if (sample_count > frameInfo.samples) ++ sample_count = frameInfo.samples; + + if (!useAacLength && !initial && (sampleId < numSamples/2) && (sample_count != frameInfo.samples)) + { + faad_fprintf(stderr, "MP4 seems to have incorrect frame duration, using values from AAC data.\n"); + useAacLength = 1; + sample_count = frameInfo.samples; |