pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/audio/libsndfile fix CVE-2007-4974 (buffer overflow), ...
details: https://anonhg.NetBSD.org/pkgsrc/rev/eeae3a563611
branches: trunk
changeset: 537379:eeae3a563611
user: drochner <drochner%pkgsrc.org@localhost>
date: Mon Jan 07 17:34:37 2008 +0000
description:
fix CVE-2007-4974 (buffer overflow), patch from Gentoo
bump PKGREVISION
diffstat:
audio/libsndfile/Makefile | 4 +-
audio/libsndfile/distinfo | 3 +-
audio/libsndfile/patches/patch-ba | 40 +++++++++++++++++++++++++++++++++++++++
3 files changed, 44 insertions(+), 3 deletions(-)
diffs (71 lines):
diff -r 5cf66d781905 -r eeae3a563611 audio/libsndfile/Makefile
--- a/audio/libsndfile/Makefile Mon Jan 07 15:51:08 2008 +0000
+++ b/audio/libsndfile/Makefile Mon Jan 07 17:34:37 2008 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.43 2007/11/04 16:00:02 agc Exp $
+# $NetBSD: Makefile,v 1.44 2008/01/07 17:34:37 drochner Exp $
DISTNAME= libsndfile-1.0.17
-PKGREVISION= 1
+PKGREVISION= 2
CATEGORIES= audio
MASTER_SITES= http://www.mega-nerd.com/libsndfile/
diff -r 5cf66d781905 -r eeae3a563611 audio/libsndfile/distinfo
--- a/audio/libsndfile/distinfo Mon Jan 07 15:51:08 2008 +0000
+++ b/audio/libsndfile/distinfo Mon Jan 07 17:34:37 2008 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.22 2007/01/07 15:02:16 wiz Exp $
+$NetBSD: distinfo,v 1.23 2008/01/07 17:34:37 drochner Exp $
SHA1 (libsndfile-1.0.17+flac-1.1.3.patch.bz2) = 10e0d19dfc8cf2a6bf499e0fa0d1ab17dca4c519
RMD160 (libsndfile-1.0.17+flac-1.1.3.patch.bz2) = fc6e6f03069c1ad8ee43f600f6ac2aa6e97bb1f5
@@ -14,3 +14,4 @@
SHA1 (patch-af) = 9ac0dd446a2f24c2d39e20063489a3b778fcda36
SHA1 (patch-ag) = 10d0fcda9377fc6afa2dce9e4782f49889a4f4a3
SHA1 (patch-ah) = 8c936316ca1191f8893579a562ff705c8dde6f92
+SHA1 (patch-ba) = 92ec08d4e021f121d2255760d601625df71e3805
diff -r 5cf66d781905 -r eeae3a563611 audio/libsndfile/patches/patch-ba
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/audio/libsndfile/patches/patch-ba Mon Jan 07 17:34:37 2008 +0000
@@ -0,0 +1,40 @@
+$NetBSD: patch-ba,v 1.1 2008/01/07 17:34:37 drochner Exp $
+
+--- src/flac.c.orig 2008-01-03 17:13:00.000000000 +0100
++++ src/flac.c
+@@ -57,7 +57,7 @@ flac_open (SF_PRIVATE *psf)
+ ** Private static functions.
+ */
+
+-#define ENC_BUFFER_SIZE 4096
++#define ENC_BUFFER_SIZE 8192
+
+ typedef enum
+ { PFLAC_PCM_SHORT = 0,
+@@ -202,6 +202,17 @@ flac_buffer_copy (SF_PRIVATE *psf)
+ const FLAC__int32* const *buffer = pflac->wbuffer ;
+ unsigned i = 0, j, offset ;
+
++ /*
++ ** frame->header.blocksize is variable and we're using a constant blocksize
++ ** of FLAC__MAX_BLOCK_SIZE.
++ ** Check our assumptions here.
++ */
++ if (frame->header.blocksize > FLAC__MAX_BLOCK_SIZE)
++ { psf_log_printf (psf, "Ooops : frame->header.blocksize (%d) > FLAC__MAX_BLOCK_SIZE (%d)\n", __func__, __LINE__, frame->header.blocksize, FLAC__MAX_BLOCK_SIZE) ;
++ psf->error = SFE_INTERNAL ;
++ return 0 ;
++ } ;
++
+ if (pflac->ptr == NULL)
+ { /*
+ ** Not sure why this code is here and not elsewhere.
+@@ -210,7 +221,7 @@ flac_buffer_copy (SF_PRIVATE *psf)
+ pflac->bufferbackup = SF_TRUE ;
+ for (i = 0 ; i < frame->header.channels ; i++)
+ { if (pflac->rbuffer [i] == NULL)
+- pflac->rbuffer [i] = calloc (frame->header.blocksize, sizeof (FLAC__int32)) ;
++ pflac->rbuffer [i] = calloc (FLAC__MAX_BLOCK_SIZE, sizeof (FLAC__int32)) ;
+ memcpy (pflac->rbuffer [i], buffer [i], frame->header.blocksize * sizeof (FLAC__int32)) ;
+ } ;
+ pflac->wbuffer = (const FLAC__int32* const*) pflac->rbuffer ;
Home |
Main Index |
Thread Index |
Old Index