[vlc-commits] contrib: faad2: Fix a couple buffer overflows

[Hugo Beauzée-Luyssen]

vlc/vlc-3.0 | branch: master | Hugo Beauzée-Luyssen <h...@beauzee.fr> | Tue Mar 
26 10:23:22 2019 +0100| [46ba007cac64adc21ec9ab390ccf8c3a14ed6a19] | committer: 
Hugo Beauzée-Luyssen

contrib: faad2: Fix a couple buffer overflows

https://hackerone.com/reports/502816
https://hackerone.com/reports/507858

(cherry picked from commit 16d40d9f8a57b6bdd01b8ee0ecf5147547d5953c)
Signed-off-by: Hugo Beauzée-Luyssen <h...@beauzee.fr>

> http://git.videolan.org/gitweb.cgi/vlc/vlc-3.0.git/?a=commit;h=46ba007cac64adc21ec9ab390ccf8c3a14ed6a19
---

 contrib/src/faad2/faad2-fix-overflows.patch | 25 +++++++++++++++++++++++++
 contrib/src/faad2/rules.mak                 |  1 +
 2 files changed, 26 insertions(+)

diff --git a/contrib/src/faad2/faad2-fix-overflows.patch 
b/contrib/src/faad2/faad2-fix-overflows.patch
new file mode 100644
index 0000000000..5a198f8d8f
--- /dev/null
+++ b/contrib/src/faad2/faad2-fix-overflows.patch
@@ -0,0 +1,25 @@
+--- faad2/libfaad/bits.c       2007-11-01 13:33:29.000000000 +0100
++++ faad2.new/libfaad/bits.c   2019-03-25 17:29:26.134199188 +0100
+@@ -167,7 +167,10 @@
+     int words = bits >> 5;
+     int remainder = bits & 0x1F;
+ 
+-    ld->bytes_left = ld->buffer_size - words*4;
++    if (ld->buffer_size < words * 4)
++        ld->bytes_left = 0;
++    else
++        ld->bytes_left = ld->buffer_size - words*4;
+ 
+     if (ld->bytes_left >= 4)
+     {
+--- faad2/libfaad/syntax.c     2019-03-25 17:57:36.930937066 +0100
++++ faad2.new/libfaad/syntax.c 2019-03-25 17:49:26.135368525 +0100
+@@ -2292,6 +2292,8 @@
+     while ((drc->additional_excluded_chns[n-1] = faad_get1bit(ld
+         DEBUGVAR(1,104,"excluded_channels(): additional_excluded_chns"))) == 
1)
+     {
++        if (i >= MAX_CHANNELS - num_excl_chan - 7)
++            return n;
+         for (i = num_excl_chan; i < num_excl_chan+7; i++)
+         {
+             drc->exclude_mask[i] = faad_get1bit(ld
diff --git a/contrib/src/faad2/rules.mak b/contrib/src/faad2/rules.mak
index 39d4a98514..301ebd5d8e 100644
--- a/contrib/src/faad2/rules.mak
+++ b/contrib/src/faad2/rules.mak
@@ -24,6 +24,7 @@ endif
        $(APPLY) $(SRC)/faad2/faad2-fix-71wPCEmapping.patch
        $(APPLY) $(SRC)/faad2/faad2-fix-cpe-reconstruction.patch
        $(APPLY) $(SRC)/faad2/faad2-add-define.patch
+       $(APPLY) $(SRC)/faad2/faad2-fix-overflows.patch
        cd $(UNPACK_DIR) && $(CC) -iquote . -E - </dev/null || sed -i 
's/-iquote /-I/' libfaad/Makefile.am
        $(MOVE)
 

_______________________________________________
vlc-commits mailing list
vlc-commits@videolan.org
https://mailman.videolan.org/listinfo/vlc-commits