[SCM] faad2 packaging branch, master, updated. debian/2.7-4-7-gd562c29

fabian-guest at users.alioth.debian.org fabian-guest at users.alioth.debian.org
Tue Aug 17 07:17:51 UTC 2010 

The following commit has been merged in the master branch:
commit d562c2965f9e467a6d04c9b96ad26c5cd28fc996
Author: Fabian Greffrath <fabian at greffrath.com>
Date:   Tue Aug 17 09:19:40 2010 +0200

    ...and fix potential buffer overruns for even longer pathnames.

diff --git a/debian/patches/path_max.patch b/debian/patches/path_max.patch
index c606354..e5eba26 100644
--- a/debian/patches/path_max.patch
+++ b/debian/patches/path_max.patch
@@ -1,18 +1,23 @@
-Description: Extend file name buffers for longer path names.
+Description: Extend file name buffers for longer path names
+ and fix potential buffer overruns for even longer pathnames.
 Author: Fabian Greffrath <fabian+debian at greffrath.com>
 Forwarded: menno at audiocoding.com
 
 --- faad2.orig/frontend/main.c
 +++ faad2/frontend/main.c
-@@ -42,6 +42,7 @@
+@@ -42,6 +42,11 @@
  #include <stdlib.h>
  #include <string.h>
  #include <getopt.h>
 +#include <limits.h>
++
++#ifndef PATH_MAX
++#define PATH_MAX 254
++#endif
  
  #include <neaacdec.h>
  #include <mp4ff.h>
-@@ -1107,9 +1108,9 @@ int main(int argc, char *argv[])
+@@ -1107,9 +1112,9 @@ int main(int argc, char *argv[])
      int mp4file = 0;
      int noGapless = 0;
      char *fnp;
@@ -25,3 +30,46 @@ Forwarded: menno at audiocoding.com
      unsigned char header[8];
      float length = 0;
      FILE *hMP4File;
+@@ -1157,14 +1162,14 @@ int main(int argc, char *argv[])
+             if (optarg)
+             {
+                 outfile_set = 1;
+-                strcpy(audioFileName, optarg);
++                strncpy(audioFileName, optarg, PATH_MAX);
+             }
+             break;
+         case 'a':
+             if (optarg)
+             {
+                 adts_out = 1;
+-                strcpy(adtsFileName, optarg);
++                strncpy(adtsFileName, optarg, PATH_MAX);
+             }
+             break;
+         case 's':
+@@ -1284,7 +1289,7 @@ int main(int argc, char *argv[])
+ #endif
+ 
+     /* point to the specified file name */
+-    strcpy(aacFileName, argv[optind]);
++    strncpy(aacFileName, argv[optind], PATH_MAX);
+ 
+ #ifdef _WIN32
+     begin = GetTickCount();
+@@ -1297,14 +1302,14 @@ int main(int argc, char *argv[])
+      */
+     if(!writeToStdio && !outfile_set)
+     {
+-        strcpy(audioFileName, aacFileName);
++        strncpy(audioFileName, aacFileName, PATH_MAX);
+ 
+         fnp = (char *)strrchr(audioFileName,'.');
+ 
+         if (fnp)
+             fnp[0] = '\0';
+ 
+-        strcat(audioFileName, file_ext[format]);
++        strncat(audioFileName, file_ext[format], PATH_MAX - sizeof(file_ext[format]));
+     }
+ 
+     /* check for mp4 file */

-- 
faad2 packaging

More information about the pkg-multimedia-commits mailing list