git: 07dafd63cef5 - 2021Q2 - audio/flac: Fix out-of-bounds read
Christian Weisgerber
naddy at FreeBSD.org
Sat May 8 17:01:33 UTC 2021
The branch 2021Q2 has been updated by naddy:
URL: https://cgit.FreeBSD.org/ports/commit/?id=07dafd63cef5ed996f28d98ed9c8b5605b4a3997
commit 07dafd63cef5ed996f28d98ed9c8b5605b4a3997
Author: Christian Weisgerber <naddy at FreeBSD.org>
AuthorDate: 2021-05-08 16:56:07 +0000
Commit: Christian Weisgerber <naddy at FreeBSD.org>
CommitDate: 2021-05-08 17:01:09 +0000
audio/flac: Fix out-of-bounds read
Obtained from: https://github.com/xiph/flac/commit/2e7931c27eb15e387da440a37f12437e35b22dd4
Security: 49346de2-b015-11eb-9bdf-f8b156b6dcc8
Security: CVE-2020-0499
(cherry picked from commit 3984e6561a7ee7383c502456ae27ce48ee28a028)
---
audio/flac/Makefile | 1 +
audio/flac/files/patch-src_libFLAC_bitreader.c | 13 +++++++++++++
2 files changed, 14 insertions(+)
diff --git a/audio/flac/Makefile b/audio/flac/Makefile
index b3b04c9c9645..7ff50f5804a5 100644
--- a/audio/flac/Makefile
+++ b/audio/flac/Makefile
@@ -2,6 +2,7 @@
PORTNAME= flac
PORTVERSION= 1.3.3
+PORTREVISION= 1
CATEGORIES= audio
MASTER_SITES= https://downloads.xiph.org/releases/flac/
diff --git a/audio/flac/files/patch-src_libFLAC_bitreader.c b/audio/flac/files/patch-src_libFLAC_bitreader.c
new file mode 100644
index 000000000000..463343e0d428
--- /dev/null
+++ b/audio/flac/files/patch-src_libFLAC_bitreader.c
@@ -0,0 +1,13 @@
+https://github.com/xiph/flac/commit/2e7931c27eb15e387da440a37f12437e35b22dd4
+
+--- src/libFLAC/bitreader.c.orig 2021-05-08 16:06:17 UTC
++++ src/libFLAC/bitreader.c
+@@ -864,7 +864,7 @@ incomplete_lsbs:
+ cwords = br->consumed_words;
+ words = br->words;
+ ucbits = FLAC__BITS_PER_WORD - br->consumed_bits;
+- b = br->buffer[cwords] << br->consumed_bits;
++ b = cwords < br->capacity ? br->buffer[cwords] << br->consumed_bits : 0;
+ } while(cwords >= words && val < end);
+ }
+
More information about the dev-commits-ports-all
mailing list