head	1.1;
access;
symbols
	pkgsrc-2013Q2:1.1.0.12
	pkgsrc-2013Q2-base:1.1
	pkgsrc-2012Q4:1.1.0.10
	pkgsrc-2012Q4-base:1.1
	pkgsrc-2011Q4:1.1.0.8
	pkgsrc-2011Q4-base:1.1
	pkgsrc-2011Q2:1.1.0.6
	pkgsrc-2011Q2-base:1.1
	pkgsrc-2009Q4:1.1.0.4
	pkgsrc-2009Q4-base:1.1
	pkgsrc-2008Q4:1.1.0.2;
locks; strict;
comment	@# @;


1.1
date	2009.03.04.23.17.09;	author tron;	state dead;
branches
	1.1.2.1;
next	;

1.1.2.1
date	2009.03.04.23.17.09;	author tron;	state Exp;
branches;
next	;


desc
@@


1.1
log
@file patch-ai was initially added on branch pkgsrc-2008Q4.
@
text
@@


1.1.2.1
log
@Pullup ticket #2717 - requested by tnn
libsndfile: security patch

Add patch to fix the vulnerability reported in CVE-2009-0186.
@
text
@a0 18
$NetBSD$

Fix for CVE-2009-0186.

--- src/caf.c.orig	2006-08-31 11:22:07.000000000 +0200
+++ src/caf.c
@@@@ -282,6 +282,11 @@@@ caf_read_header (SF_PRIVATE *psf)
 			"  Frames / packet  : %u\n  Channels / frame : %u\n  Bits / channel   : %u\n",
 			desc.fmt_id, desc.fmt_flags, desc.pkt_bytes, desc.pkt_frames, desc.channels_per_frame, desc.bits_per_chan) ;
 
+	if (desc.channels_per_frame > 200)
+	{	psf_log_printf (psf, "**** Bad channels per frame value %u.\n", desc.channels_per_frame) ;
+		return SFE_MALFORMED_FILE ;
+		} ;
+
 	if (chunk_size > SIGNED_SIZEOF (DESC_CHUNK))
 		psf_binheader_readf (psf, "j", (int) (chunk_size - sizeof (DESC_CHUNK))) ;
 
@