diff options
| author | ghen <ghen@pkgsrc.org> | 2008-01-29 14:05:51 +0000 |
|---|---|---|
| committer | ghen <ghen@pkgsrc.org> | 2008-01-29 14:05:51 +0000 |
| commit | 1091d842e8b8385962f933c677c7756fb62e5117 (patch) | |
| tree | d580d23148ed2031cb64a14637d149c29b11ce2e /audio/libsndfile/patches/patch-ba | |
| parent | af0f09ed1d5c26828a3f32c4e7f57ff6b86c9def (diff) | |
| download | pkgsrc-1091d842e8b8385962f933c677c7756fb62e5117.tar.gz | |
Pullup ticket 2281 - requested by drochner
security fix for libsndfile
- pkgsrc/audio/libsndfile/Makefile 1.44
- pkgsrc/audio/libsndfile/distinfo 1.23
- pkgsrc/audio/libsndfile/patches/patch-ba 1.1
Module Name: pkgsrc
Committed By: drochner
Date: Mon Jan 7 17:34:38 UTC 2008
Modified Files:
pkgsrc/audio/libsndfile: Makefile distinfo
Added Files:
pkgsrc/audio/libsndfile/patches: patch-ba
Log Message:
fix CVE-2007-4974 (buffer overflow), patch from Gentoo
bump PKGREVISION
Diffstat (limited to 'audio/libsndfile/patches/patch-ba')
| -rw-r--r-- | audio/libsndfile/patches/patch-ba | 40 |
1 files changed, 40 insertions, 0 deletions
diff --git a/audio/libsndfile/patches/patch-ba b/audio/libsndfile/patches/patch-ba new file mode 100644 index 00000000000..916f77f8614 --- /dev/null +++ b/audio/libsndfile/patches/patch-ba @@ -0,0 +1,40 @@ +$NetBSD: patch-ba,v 1.1.2.2 2008/01/29 14:05:51 ghen Exp $ + +--- src/flac.c.orig 2008-01-03 17:13:00.000000000 +0100 ++++ src/flac.c +@@ -57,7 +57,7 @@ flac_open (SF_PRIVATE *psf) + ** Private static functions. + */ + +-#define ENC_BUFFER_SIZE 4096 ++#define ENC_BUFFER_SIZE 8192 + + typedef enum + { PFLAC_PCM_SHORT = 0, +@@ -202,6 +202,17 @@ flac_buffer_copy (SF_PRIVATE *psf) + const FLAC__int32* const *buffer = pflac->wbuffer ; + unsigned i = 0, j, offset ; + ++ /* ++ ** frame->header.blocksize is variable and we're using a constant blocksize ++ ** of FLAC__MAX_BLOCK_SIZE. ++ ** Check our assumptions here. ++ */ ++ if (frame->header.blocksize > FLAC__MAX_BLOCK_SIZE) ++ { psf_log_printf (psf, "Ooops : frame->header.blocksize (%d) > FLAC__MAX_BLOCK_SIZE (%d)\n", __func__, __LINE__, frame->header.blocksize, FLAC__MAX_BLOCK_SIZE) ; ++ psf->error = SFE_INTERNAL ; ++ return 0 ; ++ } ; ++ + if (pflac->ptr == NULL) + { /* + ** Not sure why this code is here and not elsewhere. +@@ -210,7 +221,7 @@ flac_buffer_copy (SF_PRIVATE *psf) + pflac->bufferbackup = SF_TRUE ; + for (i = 0 ; i < frame->header.channels ; i++) + { if (pflac->rbuffer [i] == NULL) +- pflac->rbuffer [i] = calloc (frame->header.blocksize, sizeof (FLAC__int32)) ; ++ pflac->rbuffer [i] = calloc (FLAC__MAX_BLOCK_SIZE, sizeof (FLAC__int32)) ; + memcpy (pflac->rbuffer [i], buffer [i], frame->header.blocksize * sizeof (FLAC__int32)) ; + } ; + pflac->wbuffer = (const FLAC__int32* const*) pflac->rbuffer ; |