Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 1 Nov 2008 03:08:16 GMT
From:      bf <bf2006a@yahoo.com>
To:        freebsd-gnats-submit@FreeBSD.org
Subject:   ports/128512: [PATCH]audio/faad: fix buffer overflow in command-line frontend
Message-ID:  <200811010308.mA138GE6090589@www.freebsd.org>
Resent-Message-ID: <200811010310.mA13A1Di090464@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 

>Number:         128512
>Category:       ports
>Synopsis:       [PATCH]audio/faad: fix buffer overflow in command-line frontend
>Confidential:   no
>Severity:       serious
>Priority:       low
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sat Nov 01 03:10:00 UTC 2008
>Closed-Date:
>Last-Modified:
>Originator:     bf
>Release:        7-STABLE i386
>Organization:
-
>Environment:
>Description:
Add an upstream patch for CVE-2008-4201, and bump portrevision:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4201
>How-To-Repeat:

>Fix:


Patch attached with submission follows:

diff -ruN faad.orig/Makefile faad/Makefile
--- faad.orig/Makefile	2008-08-21 02:16:16.000000000 -0400
+++ faad/Makefile	2008-09-30 03:22:44.810871000 -0400
@@ -7,6 +7,7 @@
 
 PORTNAME=	faad2
 PORTVERSION=	2.6.1
+PORTREVISION=	1
 PORTEPOCH=	1
 CATEGORIES=	audio
 MASTER_SITES=	${MASTER_SITE_SOURCEFORGE}
diff -ruN faad.orig/files/patch-frontend_main.c faad/files/patch-frontend_main.c
--- faad.orig/files/patch-frontend_main.c	1969-12-31 19:00:00.000000000 -0500
+++ faad/files/patch-frontend_main.c	2008-09-30 03:29:10.586802000 -0400
@@ -0,0 +1,17 @@
+--- frontend/main.c.orig	2007-11-01 13:33:30.000000000 -0700
++++ frontend/main.c	2008-09-16 11:01:40.000000000 -0700
+@@ -911,12 +911,14 @@
+             if (sampleId == 0) dur = 0;
+ 
+             if (useAacLength || (timescale != samplerate)) {
+                 sample_count = frameInfo.samples;
+             } else {
+                 sample_count = (unsigned int)(dur * frameInfo.channels);
++                if (sample_count > frameInfo.samples)
++                    sample_count = frameInfo.samples;
+ 
+                 if (!useAacLength && !initial && (sampleId < numSamples/2) && (sample_count != frameInfo.samples))
+                 {
+                     faad_fprintf(stderr, "MP4 seems to have incorrect frame duration, using values from AAC data.\n");
+                     useAacLength = 1;
+                     sample_count = frameInfo.samples;


>Release-Note:
>Audit-Trail:
>Unformatted:

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200811010308.mA138GE6090589>