diff options
author | martin <martin@pkgsrc.org> | 2018-10-12 13:51:59 +0000 |
---|---|---|
committer | martin <martin@pkgsrc.org> | 2018-10-12 13:51:59 +0000 |
commit | 45764639f27d583952bfc894e2f6d5cb86b8a2c7 (patch) | |
tree | 77fe49cdc98dd89115ae39f364277d980fb465da /audio | |
parent | 7f0d9cb69f187865031665695012828917e90390 (diff) | |
download | pkgsrc-45764639f27d583952bfc894e2f6d5cb86b8a2c7.tar.gz |
Fix a buffer overflow caused by miscalculation of the maximal
VBR header size. Bump revision.
Diffstat (limited to 'audio')
-rw-r--r-- | audio/id3lib/Makefile | 4 | ||||
-rw-r--r-- | audio/id3lib/distinfo | 3 | ||||
-rw-r--r-- | audio/id3lib/patches/patch-src__mp3_parse.cpp | 17 |
3 files changed, 21 insertions, 3 deletions
diff --git a/audio/id3lib/Makefile b/audio/id3lib/Makefile index 2f5f994c3c8..d5689a0064f 100644 --- a/audio/id3lib/Makefile +++ b/audio/id3lib/Makefile @@ -1,8 +1,8 @@ -# $NetBSD: Makefile,v 1.34 2018/01/26 10:32:36 jperkin Exp $ +# $NetBSD: Makefile,v 1.35 2018/10/12 13:51:59 martin Exp $ # DISTNAME= id3lib-3.8.3 -PKGREVISION= 5 +PKGREVISION= 6 CATEGORIES= audio MASTER_SITES= ${MASTER_SITE_SOURCEFORGE:=id3lib/} diff --git a/audio/id3lib/distinfo b/audio/id3lib/distinfo index b63ce552a27..dd45901ef43 100644 --- a/audio/id3lib/distinfo +++ b/audio/id3lib/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.21 2015/11/03 01:12:35 agc Exp $ +$NetBSD: distinfo,v 1.22 2018/10/12 13:51:59 martin Exp $ SHA1 (id3lib-3.8.3.tar.gz) = c92c880da41d1ec0b242745a901702ae87970838 RMD160 (id3lib-3.8.3.tar.gz) = bfa2499ec649ed40815ad0a370c78eb1517952c4 @@ -17,3 +17,4 @@ SHA1 (patch-as) = 50ca42926c603361864bf2891d6b4e01e7f59ade SHA1 (patch-at) = f5ab25d72d3d6e47c1710bbc17dd0cd0749a0b22 SHA1 (patch-au) = 2d96d6cadaf8b1055337da6a5f85070ea6222583 SHA1 (patch-av) = e54c0839ecfe4e3f70758e334666717b5a3b396f +SHA1 (patch-src__mp3_parse.cpp) = 874614302be7cdcb9b95e8b32e17b488cdf21359 diff --git a/audio/id3lib/patches/patch-src__mp3_parse.cpp b/audio/id3lib/patches/patch-src__mp3_parse.cpp new file mode 100644 index 00000000000..161a82a3b9b --- /dev/null +++ b/audio/id3lib/patches/patch-src__mp3_parse.cpp @@ -0,0 +1,17 @@ +$NetBSD: patch-src__mp3_parse.cpp,v 1.1 2018/10/12 13:51:59 martin Exp $ + +Fix a miscalculation of the VBR maximal header size, +upstream has already been notified (there is a user +review about this issue) + +--- src/mp3_parse.cpp.orig 2003-03-02 01:23:00.000000000 +0100 ++++ src/mp3_parse.cpp 2018-10-12 15:46:21.863323611 +0200 +@@ -465,7 +465,7 @@ bool Mp3Info::Parse(ID3_Reader& reader, + // from http://www.xingtech.com/developer/mp3/ + + const size_t VBR_HEADER_MIN_SIZE = 8; // "xing" + flags are fixed +- const size_t VBR_HEADER_MAX_SIZE = 116; // frames, bytes, toc and scale are optional ++ const size_t VBR_HEADER_MAX_SIZE = 120; // frames, bytes, toc and scale are optional + + if (mp3size >= vbr_header_offest + VBR_HEADER_MIN_SIZE) + { |