Fix CVE-2017-8372, CVE-2017-8373 and CVE-2017-8374

- Bump PORTREVISION for package change Differential Revision: https://reviews.freebsd.org/D22300 Submitted by: Daniel Engberg <daniel.engberg.lists@pyret.net> Obtained from: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508133#15 Security: b48e7b14-052a-11ea-a1de-53b029d2b061 MFH: 2019Q4
author: Sunpoet Po-Chuan Hsieh <sunpoet@FreeBSD.org> 2019-11-13 23:24:54 +0000
committer: Sunpoet Po-Chuan Hsieh <sunpoet@FreeBSD.org> 2019-11-13 23:24:54 +0000
commit: f3a0cc6e099c0b483cef3810baed0e67157fa145 (patch)
tree: eca942e10fa4a2a28d8bd45085b02bbc9b2663b1 /audio/libmad/files/patch-layer3.c
parent: Update to 1.4.4 (diff)
1 files changed, 17 insertions, 0 deletions
diff --git a/audio/libmad/files/patch-layer3.c b/audio/libmad/files/patch-layer3.c
new file mode 100644
index 000000000000..5f7455f5382b
--- /dev/null
+++ b/audio/libmad/files/patch-layer3.c
@@ -0,0 +1,17 @@
+Obtained from:	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508133#15
+
+--- layer3.c.orig	2004-01-23 09:41:32 UTC
++++ layer3.c
+@@ -2608,6 +2608,12 @@ int mad_layer_III(struct mad_stream *str
+     next_md_begin = 0;
+ 
+   md_len = si.main_data_begin + frame_space - next_md_begin;
++  if (md_len + MAD_BUFFER_GUARD > MAD_BUFFER_MDLEN)
++  {
++	stream->error = MAD_ERROR_LOSTSYNC;
++	stream->sync = 0;
++	return -1;
++  }
+ 
+   frame_used = 0;
+
author	Sunpoet Po-Chuan Hsieh <sunpoet@FreeBSD.org>	2019-11-13 23:24:54 +0000
committer	Sunpoet Po-Chuan Hsieh <sunpoet@FreeBSD.org>	2019-11-13 23:24:54 +0000
commit	f3a0cc6e099c0b483cef3810baed0e67157fa145 (patch)
tree	eca942e10fa4a2a28d8bd45085b02bbc9b2663b1 /audio/libmad/files/patch-layer3.c
parent	Update to 1.4.4 (diff)