| From 942c3e0aee748ea6fe97cb2c1aa5893225316174 Mon Sep 17 00:00:00 2001 |
| From: Fabian Greffrath <fabian@greffrath.com> |
| Date: Mon, 10 Jun 2019 13:58:40 +0200 |
| Subject: [PATCH] Fix a couple buffer overflows |
| |
| https://hackerone.com/reports/502816 |
| https://hackerone.com/reports/507858 |
| |
| https://github.com/videolan/vlc/blob/master/contrib/src/faad2/faad2-fix-overflows.patch |
| |
| Signed-off-by: Baruch Siach <baruch@tkos.co.il> |
| --- |
| Upstream status: commit 942c3e0aee748ea6 |
| |
| libfaad/bits.c | 5 ++++- |
| libfaad/syntax.c | 2 ++ |
| 2 files changed, 6 insertions(+), 1 deletion(-) |
| |
| diff --git a/libfaad/bits.c b/libfaad/bits.c |
| index dc14d7a03952..4c0de24a5d9c 100644 |
| --- a/libfaad/bits.c |
| +++ b/libfaad/bits.c |
| @@ -167,7 +167,10 @@ void faad_resetbits(bitfile *ld, int bits) |
| int words = bits >> 5; |
| int remainder = bits & 0x1F; |
| |
| - ld->bytes_left = ld->buffer_size - words*4; |
| + if (ld->buffer_size < words * 4) |
| + ld->bytes_left = 0; |
| + else |
| + ld->bytes_left = ld->buffer_size - words*4; |
| |
| if (ld->bytes_left >= 4) |
| { |
| diff --git a/libfaad/syntax.c b/libfaad/syntax.c |
| index e7fb11381e46..c9925435dbd0 100644 |
| --- a/libfaad/syntax.c |
| +++ b/libfaad/syntax.c |
| @@ -2304,6 +2304,8 @@ static uint8_t excluded_channels(bitfile *ld, drc_info *drc) |
| while ((drc->additional_excluded_chns[n-1] = faad_get1bit(ld |
| DEBUGVAR(1,104,"excluded_channels(): additional_excluded_chns"))) == 1) |
| { |
| + if (i >= MAX_CHANNELS - num_excl_chan - 7) |
| + return n; |
| for (i = num_excl_chan; i < num_excl_chan+7; i++) |
| { |
| drc->exclude_mask[i] = faad_get1bit(ld |
| -- |
| 2.20.1 |
| |