summaryrefslogtreecommitdiff
path: root/user/faad2/overflow.patch
diff options
context:
space:
mode:
authorA. Wilcox <AWilcox@Wilcox-Tech.com>2019-06-15 01:31:48 +0000
committerA. Wilcox <AWilcox@Wilcox-Tech.com>2019-06-15 01:31:48 +0000
commite446ae4ed1741bfd70d0e19487246ccf1593ffe1 (patch)
tree52ef8c6da0f52f14b48a9193719956c3610479cd /user/faad2/overflow.patch
parent07ca42fc3e09b01a85e6c9afe7d71ea4a9bcb409 (diff)
downloadpackages-e446ae4ed1741bfd70d0e19487246ccf1593ffe1.tar.gz
packages-e446ae4ed1741bfd70d0e19487246ccf1593ffe1.tar.bz2
packages-e446ae4ed1741bfd70d0e19487246ccf1593ffe1.tar.xz
packages-e446ae4ed1741bfd70d0e19487246ccf1593ffe1.zip
user/faad2: [sec] fix buffer overflows, via VLC
Diffstat (limited to 'user/faad2/overflow.patch')
-rw-r--r--user/faad2/overflow.patch25
1 files changed, 25 insertions, 0 deletions
diff --git a/user/faad2/overflow.patch b/user/faad2/overflow.patch
new file mode 100644
index 000000000..5a198f8d8
--- /dev/null
+++ b/user/faad2/overflow.patch
@@ -0,0 +1,25 @@
+--- faad2/libfaad/bits.c 2007-11-01 13:33:29.000000000 +0100
++++ faad2.new/libfaad/bits.c 2019-03-25 17:29:26.134199188 +0100
+@@ -167,7 +167,10 @@
+ int words = bits >> 5;
+ int remainder = bits & 0x1F;
+
+- ld->bytes_left = ld->buffer_size - words*4;
++ if (ld->buffer_size < words * 4)
++ ld->bytes_left = 0;
++ else
++ ld->bytes_left = ld->buffer_size - words*4;
+
+ if (ld->bytes_left >= 4)
+ {
+--- faad2/libfaad/syntax.c 2019-03-25 17:57:36.930937066 +0100
++++ faad2.new/libfaad/syntax.c 2019-03-25 17:49:26.135368525 +0100
+@@ -2292,6 +2292,8 @@
+ while ((drc->additional_excluded_chns[n-1] = faad_get1bit(ld
+ DEBUGVAR(1,104,"excluded_channels(): additional_excluded_chns"))) == 1)
+ {
++ if (i >= MAX_CHANNELS - num_excl_chan - 7)
++ return n;
+ for (i = num_excl_chan; i < num_excl_chan+7; i++)
+ {
+ drc->exclude_mask[i] = faad_get1bit(ld
generated by cgit v1.2.3-60-g2f50 (git 2.42.0) at 2024-07-10 16:59:46 +0000