From ebcb4f8797a1bd129402fa3c4ceae4b756fc91a2 Mon Sep 17 00:00:00 2001 From: Pav Lucistnik Date: Wed, 12 Nov 2008 16:31:27 +0000 Subject: - Fix a heap-based buffer overflow in the command-line frontend. It allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MPEG-4 (MP4) file. PR: ports/128512 Submitted by: bf Security: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4201 --- audio/faad/Makefile | 1 + audio/faad/files/patch-frontend_main.c | 17 +++++++++++++++++ 2 files changed, 18 insertions(+) create mode 100644 audio/faad/files/patch-frontend_main.c (limited to 'audio') diff --git a/audio/faad/Makefile b/audio/faad/Makefile index e65528d407e0..71f80a45b67b 100644 --- a/audio/faad/Makefile +++ b/audio/faad/Makefile @@ -7,6 +7,7 @@ PORTNAME= faad2 PORTVERSION= 2.6.1 +PORTREVISION= 1 PORTEPOCH= 1 CATEGORIES= audio MASTER_SITES= ${MASTER_SITE_SOURCEFORGE} diff --git a/audio/faad/files/patch-frontend_main.c b/audio/faad/files/patch-frontend_main.c new file mode 100644 index 000000000000..71dd8693de4e --- /dev/null +++ b/audio/faad/files/patch-frontend_main.c @@ -0,0 +1,17 @@ +--- frontend/main.c.orig 2007-11-01 13:33:30.000000000 -0700 ++++ frontend/main.c 2008-09-16 11:01:40.000000000 -0700 +@@ -911,12 +911,14 @@ + if (sampleId == 0) dur = 0; + + if (useAacLength || (timescale != samplerate)) { + sample_count = frameInfo.samples; + } else { + sample_count = (unsigned int)(dur * frameInfo.channels); ++ if (sample_count > frameInfo.samples) ++ sample_count = frameInfo.samples; + + if (!useAacLength && !initial && (sampleId < numSamples/2) && (sample_count != frameInfo.samples)) + { + faad_fprintf(stderr, "MP4 seems to have incorrect frame duration, using values from AAC data.\n"); + useAacLength = 1; + sample_count = frameInfo.samples; -- cgit v1.2.3