mirror of
https://git.FreeBSD.org/ports.git
synced 2024-12-25 04:43:33 +00:00
Add upstream patches for
CVE-2014-8962: Heap buffer read overflow CVE-2014-9028: Heap buffer write overflow Security: a33addf6-74e6-11e4-a615-f8b156b6dcc8
This commit is contained in:
parent
a3e895402b
commit
e3d2d609db
Notes:
svn2git
2021-03-31 03:12:20 +00:00
svn path=/head/; revision=373432
@ -3,7 +3,7 @@
|
||||
|
||||
PORTNAME= flac
|
||||
PORTVERSION= 1.3.0
|
||||
PORTREVISION= 2
|
||||
PORTREVISION= 3
|
||||
CATEGORIES= audio
|
||||
MASTER_SITES= http://downloads.xiph.org/releases/flac/
|
||||
|
||||
|
32
audio/flac/files/patch-src_libFLAC_stream__decoder.c
Normal file
32
audio/flac/files/patch-src_libFLAC_stream__decoder.c
Normal file
@ -0,0 +1,32 @@
|
||||
--- src/libFLAC/stream_decoder.c.orig 2013-05-26 09:30:33 UTC
|
||||
+++ src/libFLAC/stream_decoder.c
|
||||
@@ -71,7 +71,7 @@ FLAC_API int FLAC_API_SUPPORTS_OGG_FLAC
|
||||
*
|
||||
***********************************************************************/
|
||||
|
||||
-static FLAC__byte ID3V2_TAG_[3] = { 'I', 'D', '3' };
|
||||
+static const FLAC__byte ID3V2_TAG_[3] = { 'I', 'D', '3' };
|
||||
|
||||
/***********************************************************************
|
||||
*
|
||||
@@ -1365,6 +1365,10 @@ FLAC__bool find_metadata_(FLAC__StreamDe
|
||||
id = 0;
|
||||
continue;
|
||||
}
|
||||
+
|
||||
+ if(id >= 3)
|
||||
+ return false;
|
||||
+
|
||||
if(x == ID3V2_TAG_[id]) {
|
||||
id++;
|
||||
i = 0;
|
||||
@@ -2705,7 +2709,8 @@ FLAC__bool read_residual_partitioned_ric
|
||||
if(decoder->private_->frame.header.blocksize < predictor_order) {
|
||||
send_error_to_client_(decoder, FLAC__STREAM_DECODER_ERROR_STATUS_LOST_SYNC);
|
||||
decoder->protected_->state = FLAC__STREAM_DECODER_SEARCH_FOR_FRAME_SYNC;
|
||||
- return true;
|
||||
+ /* We have received a potentially malicious bt stream. All we can do is error out to avoid a heap overflow. */
|
||||
+ return false;
|
||||
}
|
||||
}
|
||||
else {
|
Loading…
Reference in New Issue
Block a user