[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#930153: unblock: faad2/2.8.8-3

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Please unblock package faad2. The new version includes a fix for some
buffer overflows. See
http://www.jbkempf.com/blog/post/2019/VLC-3.0.7-and-security for the
details.

unblock faad2/2.8.8-3

The full debdiff is attached.

Cheers
-- 
Sebastian Ramacher

diff -Nru faad2-2.8.8/debian/changelog faad2-2.8.8/debian/changelog
--- faad2-2.8.8/debian/changelog	2019-04-17 11:50:29.000000000 +0200
+++ faad2-2.8.8/debian/changelog	2019-06-07 20:07:34.000000000 +0200
@@ -1,3 +1,10 @@
+faad2 (2.8.8-3) unstable; urgency=high
+
+  * Team upload.
+  * debian/patches: Cherry-pick patch to fix buffer overflows from VLC.
+
+ -- Sebastian Ramacher <sramacher@debian.org>  Fri, 07 Jun 2019 20:07:34 +0200
+
 faad2 (2.8.8-2) unstable; urgency=medium
 
   [ Ondřej Nový ]
diff -Nru faad2-2.8.8/debian/patches/0004-Fix-a-couple-buffer-overflows.patch faad2-2.8.8/debian/patches/0004-Fix-a-couple-buffer-overflows.patch
--- faad2-2.8.8/debian/patches/0004-Fix-a-couple-buffer-overflows.patch	1970-01-01 01:00:00.000000000 +0100
+++ faad2-2.8.8/debian/patches/0004-Fix-a-couple-buffer-overflows.patch	2019-06-07 20:03:24.000000000 +0200
@@ -0,0 +1,40 @@
+From: =?utf-8?q?Hugo_Beauz=C3=A9e-Luyssen?= <hugo@beauzee.fr>
+Date: Fri, 7 Jun 2019 20:02:57 +0200
+Subject: Fix a couple buffer overflows
+
+https://hackerone.com/reports/502816
+https://hackerone.com/reports/507858
+---
+ libfaad/bits.c   | 5 ++++-
+ libfaad/syntax.c | 2 ++
+ 2 files changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/libfaad/bits.c b/libfaad/bits.c
+index dc14d7a..4c0de24 100644
+--- a/libfaad/bits.c
++++ b/libfaad/bits.c
+@@ -167,7 +167,10 @@ void faad_resetbits(bitfile *ld, int bits)
+     int words = bits >> 5;
+     int remainder = bits & 0x1F;
+ 
+-    ld->bytes_left = ld->buffer_size - words*4;
++    if (ld->buffer_size < words * 4)
++        ld->bytes_left = 0;
++    else
++        ld->bytes_left = ld->buffer_size - words*4;
+ 
+     if (ld->bytes_left >= 4)
+     {
+diff --git a/libfaad/syntax.c b/libfaad/syntax.c
+index e7fb113..c992543 100644
+--- a/libfaad/syntax.c
++++ b/libfaad/syntax.c
+@@ -2304,6 +2304,8 @@ static uint8_t excluded_channels(bitfile *ld, drc_info *drc)
+     while ((drc->additional_excluded_chns[n-1] = faad_get1bit(ld
+         DEBUGVAR(1,104,"excluded_channels(): additional_excluded_chns"))) == 1)
+     {
++        if (i >= MAX_CHANNELS - num_excl_chan - 7)
++            return n;
+         for (i = num_excl_chan; i < num_excl_chan+7; i++)
+         {
+             drc->exclude_mask[i] = faad_get1bit(ld
diff -Nru faad2-2.8.8/debian/patches/series faad2-2.8.8/debian/patches/series
--- faad2-2.8.8/debian/patches/series	2019-04-17 11:47:12.000000000 +0200
+++ faad2-2.8.8/debian/patches/series	2019-06-07 20:03:24.000000000 +0200
@@ -1,3 +1,4 @@
 reproducible-build.patch
 0009-syntax.c-check-for-syntax-element-inconsistencies.patch
 0010-sbr_hfadj-sanitize-frequency-band-borders.patch
+0004-Fix-a-couple-buffer-overflows.patch

Attachment: signature.asc
Description: PGP signature

Reply to: