From 1fc68b901cf6804f0ebc112bc13450971a693542 Mon Sep 17 00:00:00 2001 From: tron Date: Thu, 6 Jan 2005 12:04:08 +0000 Subject: Fix buffer overflow reported in CAN-2004-1300, bump package revision. --- multimedia/xine-lib/patches/patch-aj | 14 ++++++++++++++ 1 file changed, 14 insertions(+) create mode 100644 multimedia/xine-lib/patches/patch-aj (limited to 'multimedia/xine-lib/patches') diff --git a/multimedia/xine-lib/patches/patch-aj b/multimedia/xine-lib/patches/patch-aj new file mode 100644 index 00000000000..db322b5b108 --- /dev/null +++ b/multimedia/xine-lib/patches/patch-aj @@ -0,0 +1,14 @@ +$NetBSD: patch-aj,v 1.3 2005/01/06 12:04:08 tron Exp $ + +--- src/demuxers/demux_aiff.c.orig 2004-06-13 22:28:52.000000000 +0100 ++++ src/demuxers/demux_aiff.c 2005-01-06 11:38:44.000000000 +0000 +@@ -122,7 +122,8 @@ + chunk_size = BE_32(&preamble[4]); + + if (chunk_type == COMM_TAG) { +- if (this->input->read(this->input, buffer, chunk_size) != ++ if (chunk_size > sizeof (buffer) || ++ this->input->read(this->input, buffer, chunk_size) != + chunk_size) { + this->status = DEMUX_FINISHED; + return 0; -- cgit v1.2.3