From 30593829bb20b80eb0522b6327e5d5aef9cb4613 Mon Sep 17 00:00:00 2001
From: tonnerre <tonnerre>
Date: Wed, 24 Sep 2008 22:25:14 +0000
Subject: Fix for faad2 decodeMP4file() heap overflow. If the sample count
 looks insane, it may as well be insane. Also bump PKGREVISION.

---
 audio/faad2/patches/patch-at | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

(limited to 'audio/faad2/patches')

diff --git a/audio/faad2/patches/patch-at b/audio/faad2/patches/patch-at
index ee0daa51012..1822fd370f0 100644
--- a/audio/faad2/patches/patch-at
+++ b/audio/faad2/patches/patch-at
@@ -1,8 +1,17 @@
-$NetBSD: patch-at,v 1.1 2007/12/09 10:55:37 drochner Exp $
+$NetBSD: patch-at,v 1.2 2008/09/24 22:25:14 tonnerre Exp $
 
---- frontend/main.c.orig	2007-12-08 17:49:45.000000000 +0100
+--- frontend/main.c.orig	2007-11-01 13:33:29.000000000 +0100
 +++ frontend/main.c
-@@ -1189,11 +1189,13 @@ int main(int argc, char *argv[])
+@@ -914,6 +914,8 @@ int decodeMP4file(char *mp4file, char *s
+                 sample_count = frameInfo.samples;
+             } else {
+                 sample_count = (unsigned int)(dur * frameInfo.channels);
++		if (sample_count > frameInfo.samples)
++			sample_count = frameInfo.samples;
+ 
+                 if (!useAacLength && !initial && (sampleId < numSamples/2) && (sample_count != frameInfo.samples))
+                 {
+@@ -1189,11 +1191,13 @@ int main(int argc, char *argv[])
          return 1;
      }
  
-- 
cgit v1.2.3