Fix for faad2 decodeMP4file() heap overflow. If the sample count looks

insane, it may as well be insane. Also bump PKGREVISION.
author: tonnerre <tonnerre> 2008-09-24 22:25:14 +0000
committer: tonnerre <tonnerre> 2008-09-24 22:25:14 +0000
commit: 30593829bb20b80eb0522b6327e5d5aef9cb4613 (patch)
tree: c860c10cb926d74e820ef1aebf316e91979e0572 /audio/faad2/patches
parent: 5ca89eb828fab7fcbe3ddf349584b20d1e36214a (diff)
download: pkgsrc-30593829bb20b80eb0522b6327e5d5aef9cb4613.tar.gz
1 files changed, 12 insertions, 3 deletions
diff --git a/audio/faad2/patches/patch-at b/audio/faad2/patches/patch-at
index ee0daa51012..1822fd370f0 100644
--- a/audio/faad2/patches/patch-at
+++ b/audio/faad2/patches/patch-at
@@ -1,8 +1,17 @@
-$NetBSD: patch-at,v 1.1 2007/12/09 10:55:37 drochner Exp $
+$NetBSD: patch-at,v 1.2 2008/09/24 22:25:14 tonnerre Exp $
 
---- frontend/main.c.orig	2007-12-08 17:49:45.000000000 +0100
+--- frontend/main.c.orig	2007-11-01 13:33:29.000000000 +0100
 +++ frontend/main.c
-@@ -1189,11 +1189,13 @@ int main(int argc, char *argv[])
+@@ -914,6 +914,8 @@ int decodeMP4file(char *mp4file, char *s
+                 sample_count = frameInfo.samples;
+             } else {
+                 sample_count = (unsigned int)(dur * frameInfo.channels);
++		if (sample_count > frameInfo.samples)
++			sample_count = frameInfo.samples;
+ 
+                 if (!useAacLength && !initial && (sampleId < numSamples/2) && (sample_count != frameInfo.samples))
+                 {
+@@ -1189,11 +1191,13 @@ int main(int argc, char *argv[])
          return 1;
      }
author	tonnerre <tonnerre>	2008-09-24 22:25:14 +0000
committer	tonnerre <tonnerre>	2008-09-24 22:25:14 +0000
commit	30593829bb20b80eb0522b6327e5d5aef9cb4613 (patch)
tree	c860c10cb926d74e820ef1aebf316e91979e0572 /audio/faad2/patches
parent	5ca89eb828fab7fcbe3ddf349584b20d1e36214a (diff)
download	pkgsrc-30593829bb20b80eb0522b6327e5d5aef9cb4613.tar.gz