From f3a0cc6e099c0b483cef3810baed0e67157fa145 Mon Sep 17 00:00:00 2001
From: Sunpoet Po-Chuan Hsieh <sunpoet@FreeBSD.org>
Date: Wed, 13 Nov 2019 23:24:54 +0000
Subject: Fix CVE-2017-8372, CVE-2017-8373 and CVE-2017-8374

- Bump PORTREVISION for package change

Differential Revision:	https://reviews.freebsd.org/D22300
Submitted by:	Daniel Engberg <daniel.engberg.lists@pyret.net>
Obtained from:	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508133#15
Security:	b48e7b14-052a-11ea-a1de-53b029d2b061
MFH:		2019Q4
---
 audio/libmad/files/patch-layer3.c | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)
 create mode 100644 audio/libmad/files/patch-layer3.c

(limited to 'audio/libmad/files/patch-layer3.c')

diff --git a/audio/libmad/files/patch-layer3.c b/audio/libmad/files/patch-layer3.c
new file mode 100644
index 000000000000..5f7455f5382b
--- /dev/null
+++ b/audio/libmad/files/patch-layer3.c
@@ -0,0 +1,17 @@
+Obtained from:	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508133#15
+
+--- layer3.c.orig	2004-01-23 09:41:32 UTC
++++ layer3.c
+@@ -2608,6 +2608,12 @@ int mad_layer_III(struct mad_stream *str
+     next_md_begin = 0;
+ 
+   md_len = si.main_data_begin + frame_space - next_md_begin;
++  if (md_len + MAD_BUFFER_GUARD > MAD_BUFFER_MDLEN)
++  {
++	stream->error = MAD_ERROR_LOSTSYNC;
++	stream->sync = 0;
++	return -1;
++  }
+ 
+   frame_used = 0;
+ 
-- 
cgit v1.2.3