src/patches/mpg123-0.59r-security-1.patch

   1 Submitted By: David Jensen (djensen at linuxfromscratch dot org)
   2 Date: 2005-07-23
   3 Initial Package Version: 0.59r
   4 Origin: Debian
   5 Upstream Status: not maintained
   6 Description: Fixes buffer overflow vulnerablity (CAN-2004-0805)
   7
   8 $LastChangedBy: djensen $
   9 $Date: 2005-07-26 21:17:28 -0600 (Tue, 26 Jul 2005) $
  10
  11 diff -Naur mpg123-0.59r.orig/layer2.c mpg123-0.59r/layer2.c
  12 --- mpg123-0.59r.orig/layer2.c  1999-02-10 06:13:06.000000000 -0600
  13 +++ mpg123-0.59r/layer2.c       2005-07-23 16:44:07.000000000 -0500
  14 @@ -265,6 +265,11 @@
  15    fr->jsbound = (fr->mode == MPG_MD_JOINT_STEREO) ?
  16       (fr->mode_ext<<2)+4 : fr->II_sblimit;
  17
  18 +  if (fr->jsbound > fr->II_sblimit) {
  19 +         fprintf(stderr, "Truncating stereo boundary to sideband limit.\n");
  20 +         fr->jsbound=fr->II_sblimit;
  21 +  }
  22 +
  23    if(stereo == 1 || single == 3)
  24      single = 0;
  25