head 1.2; access; symbols pkgsrc-2013Q2:1.2.0.10 pkgsrc-2013Q2-base:1.2 pkgsrc-2012Q4:1.2.0.8 pkgsrc-2012Q4-base:1.2 pkgsrc-2011Q4:1.2.0.6 pkgsrc-2011Q4-base:1.2 pkgsrc-2011Q2:1.2.0.4 pkgsrc-2011Q2-base:1.2 pkgsrc-2009Q4:1.2.0.2 pkgsrc-2009Q4-base:1.2 pkgsrc-2008Q4:1.1.0.14 pkgsrc-2008Q4-base:1.1 pkgsrc-2008Q3:1.1.0.12 pkgsrc-2008Q3-base:1.1 cube-native-xorg:1.1.0.10 cube-native-xorg-base:1.1 pkgsrc-2008Q2:1.1.0.8 pkgsrc-2008Q2-base:1.1 cwrapper:1.1.0.6 pkgsrc-2008Q1:1.1.0.4 pkgsrc-2008Q1-base:1.1 pkgsrc-2007Q4:1.1.0.2; locks; strict; comment @# @; 1.2 date 2009.02.21.13.20.45; author wiz; state dead; branches; next 1.1; 1.1 date 2008.01.07.17.34.37; author drochner; state Exp; branches 1.1.2.1; next ; 1.1.2.1 date 2008.01.07.17.34.37; author ghen; state dead; branches; next 1.1.2.2; 1.1.2.2 date 2008.01.29.14.05.51; author ghen; state Exp; branches; next ; desc @@ 1.2 log @Update to 1.0.18: Version 1.0.18 (2009-02-07) * Add Ogg/Vorbis support (thanks to John ffitch). * Remove captive FLAC library. * Many new features and bug fixes. * Generate Win32 and Win64 pre-compiled binaries. Add ogg and vorbis dependencies to bl3.mk and increase ABI depends. @ text @$NetBSD: patch-ba,v 1.1 2008/01/07 17:34:37 drochner Exp $ --- src/flac.c.orig 2008-01-03 17:13:00.000000000 +0100 +++ src/flac.c @@@@ -57,7 +57,7 @@@@ flac_open (SF_PRIVATE *psf) ** Private static functions. */ -#define ENC_BUFFER_SIZE 4096 +#define ENC_BUFFER_SIZE 8192 typedef enum { PFLAC_PCM_SHORT = 0, @@@@ -202,6 +202,17 @@@@ flac_buffer_copy (SF_PRIVATE *psf) const FLAC__int32* const *buffer = pflac->wbuffer ; unsigned i = 0, j, offset ; + /* + ** frame->header.blocksize is variable and we're using a constant blocksize + ** of FLAC__MAX_BLOCK_SIZE. + ** Check our assumptions here. + */ + if (frame->header.blocksize > FLAC__MAX_BLOCK_SIZE) + { psf_log_printf (psf, "Ooops : frame->header.blocksize (%d) > FLAC__MAX_BLOCK_SIZE (%d)\n", __func__, __LINE__, frame->header.blocksize, FLAC__MAX_BLOCK_SIZE) ; + psf->error = SFE_INTERNAL ; + return 0 ; + } ; + if (pflac->ptr == NULL) { /* ** Not sure why this code is here and not elsewhere. @@@@ -210,7 +221,7 @@@@ flac_buffer_copy (SF_PRIVATE *psf) pflac->bufferbackup = SF_TRUE ; for (i = 0 ; i < frame->header.channels ; i++) { if (pflac->rbuffer [i] == NULL) - pflac->rbuffer [i] = calloc (frame->header.blocksize, sizeof (FLAC__int32)) ; + pflac->rbuffer [i] = calloc (FLAC__MAX_BLOCK_SIZE, sizeof (FLAC__int32)) ; memcpy (pflac->rbuffer [i], buffer [i], frame->header.blocksize * sizeof (FLAC__int32)) ; } ; pflac->wbuffer = (const FLAC__int32* const*) pflac->rbuffer ; @ 1.1 log @fix CVE-2007-4974 (buffer overflow), patch from Gentoo bump PKGREVISION @ text @d1 1 a1 1 $NetBSD$ @ 1.1.2.1 log @file patch-ba was added on branch pkgsrc-2007Q4 on 2008-01-29 14:05:51 +0000 @ text @d1 40 @ 1.1.2.2 log @Pullup ticket 2281 - requested by drochner security fix for libsndfile - pkgsrc/audio/libsndfile/Makefile 1.44 - pkgsrc/audio/libsndfile/distinfo 1.23 - pkgsrc/audio/libsndfile/patches/patch-ba 1.1 Module Name: pkgsrc Committed By: drochner Date: Mon Jan 7 17:34:38 UTC 2008 Modified Files: pkgsrc/audio/libsndfile: Makefile distinfo Added Files: pkgsrc/audio/libsndfile/patches: patch-ba Log Message: fix CVE-2007-4974 (buffer overflow), patch from Gentoo bump PKGREVISION @ text @a0 40 $NetBSD$ --- src/flac.c.orig 2008-01-03 17:13:00.000000000 +0100 +++ src/flac.c @@@@ -57,7 +57,7 @@@@ flac_open (SF_PRIVATE *psf) ** Private static functions. */ -#define ENC_BUFFER_SIZE 4096 +#define ENC_BUFFER_SIZE 8192 typedef enum { PFLAC_PCM_SHORT = 0, @@@@ -202,6 +202,17 @@@@ flac_buffer_copy (SF_PRIVATE *psf) const FLAC__int32* const *buffer = pflac->wbuffer ; unsigned i = 0, j, offset ; + /* + ** frame->header.blocksize is variable and we're using a constant blocksize + ** of FLAC__MAX_BLOCK_SIZE. + ** Check our assumptions here. + */ + if (frame->header.blocksize > FLAC__MAX_BLOCK_SIZE) + { psf_log_printf (psf, "Ooops : frame->header.blocksize (%d) > FLAC__MAX_BLOCK_SIZE (%d)\n", __func__, __LINE__, frame->header.blocksize, FLAC__MAX_BLOCK_SIZE) ; + psf->error = SFE_INTERNAL ; + return 0 ; + } ; + if (pflac->ptr == NULL) { /* ** Not sure why this code is here and not elsewhere. @@@@ -210,7 +221,7 @@@@ flac_buffer_copy (SF_PRIVATE *psf) pflac->bufferbackup = SF_TRUE ; for (i = 0 ; i < frame->header.channels ; i++) { if (pflac->rbuffer [i] == NULL) - pflac->rbuffer [i] = calloc (frame->header.blocksize, sizeof (FLAC__int32)) ; + pflac->rbuffer [i] = calloc (FLAC__MAX_BLOCK_SIZE, sizeof (FLAC__int32)) ; memcpy (pflac->rbuffer [i], buffer [i], frame->header.blocksize * sizeof (FLAC__int32)) ; } ; pflac->wbuffer = (const FLAC__int32* const*) pflac->rbuffer ; @