2 files changed, 32 insertions, 0 deletions
diff --git a/meta-oe/recipes-multimedia/faad2/faad2/0001-Check-return-value-of-ltp_data.patch b/meta-oe/recipes-multimedia/faad2/faad2/0001-Check-return-value-of-ltp_data.patch
new file mode 100644
index 0000000000..3cd72baf79
--- /dev/null
+++ b/meta-oe/recipes-multimedia/faad2/faad2/0001-Check-return-value-of-ltp_data.patch
@@ -0,0 +1,31 @@
+From 4f8a793807d57d6a28aac3ab73ba0992efd5d828 Mon Sep 17 00:00:00 2001
+From: Andrew Wesie <awesie@gmail.com>
+Date: Mon, 5 Oct 2020 00:33:44 -0500
+Subject: [PATCH] Check return value of ltp_data.
+Fixes #62.
+CVE: CVE-2021-32278
+Upstream-Status: Backport [https://github.com/knik0/faad2/commit/e19a5e491354e0e4664d02b796dacee28fb2521e]
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ libfaad/syntax.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+diff --git a/libfaad/syntax.c b/libfaad/syntax.c
+index 462ba9e..4e57efd 100644
+--- a/libfaad/syntax.c
+++ b/libfaad/syntax.c
+@@ -872,7 +872,10 @@ static uint8_t ics_info(NeAACDecStruct *hDecoder, ic_stream *ics, bitfile *ld,
+                     if ((ics->ltp.data_present = faad_get1bit(ld
+                         DEBUGVAR(1,50,"ics_info(): ltp.data_present"))) & 1)
+                     {
+-                        ltp_data(hDecoder, ics, &(ics->ltp), ld);
+                        if ((retval = ltp_data(hDecoder, ics, &(ics->ltp), ld)) > 0)
+                        {
+                            return retval;
+                        }
+                     }
+                 }
+ #endif
diff --git a/meta-oe/recipes-multimedia/faad2/faad2_2.8.8.bb b/meta-oe/recipes-multimedia/faad2/faad2_2.8.8.bb
index 731600205a..f354c99d33 100644
--- a/meta-oe/recipes-multimedia/faad2/faad2_2.8.8.bb
+++ b/meta-oe/recipes-multimedia/faad2/faad2_2.8.8.bb
@@ -11,6 +11,7 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/faac/faad2-src/faad2-2.8.0/${BP}.tar.gz \
           file://0001-fix-heap-buffer-overflow-in-mp4read.c.patch \
           file://0001-mp4read.c-fix-stack-buffer-overflow-in-stringin-ftyp.patch \
           file://0001-Restrict-SBR-frame-length-to-960-and-1024-samples.patch \
+           file://0001-Check-return-value-of-ltp_data.patch \
           "
 SRC_URI[md5sum] = "28f6116efdbe9378269f8a6221767d1f"
 SRC_URI[sha256sum] = "985c3fadb9789d2815e50f4ff714511c79c2710ac27a4aaaf5c0c2662141426d"

diff --git a/meta-oe/recipes-multimedia/faad2/faad2/0001-Check-return-value-of-ltp_data.patch b/meta-oe/recipes-multimedia/faad2/faad2/0001-Check-return-value-of-ltp_data.patch new file mode 100644 index 0000000000..3cd72baf79 --- /dev/null +++ b/meta-oe/recipes-multimedia/faad2/faad2/0001-Check-return-value-of-ltp_data.patch
@@ -0,0 +1,31 @@
		1	From 4f8a793807d57d6a28aac3ab73ba0992efd5d828 Mon Sep 17 00:00:00 2001
		2	From: Andrew Wesie <awesie@gmail.com>
		3	Date: Mon, 5 Oct 2020 00:33:44 -0500
		4	Subject: [PATCH] Check return value of ltp_data.
		5
		6	Fixes #62.
		7
		8	CVE: CVE-2021-32278
		9	Upstream-Status: Backport [https://github.com/knik0/faad2/commit/e19a5e491354e0e4664d02b796dacee28fb2521e]
		10
		11	Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
		12	---
		13	libfaad/syntax.c \| 5 ++++-
		14	1 file changed, 4 insertions(+), 1 deletion(-)
		15
		16	diff --git a/libfaad/syntax.c b/libfaad/syntax.c
		17	index 462ba9e..4e57efd 100644
		18	--- a/libfaad/syntax.c
		19	+++ b/libfaad/syntax.c
		20	@@ -872,7 +872,10 @@ static uint8_t ics_info(NeAACDecStruct hDecoder, ic_stream ics, bitfile *ld,
		21	if ((ics->ltp.data_present = faad_get1bit(ld
		22	DEBUGVAR(1,50,"ics_info(): ltp.data_present"))) & 1)
		23	{
		24	- ltp_data(hDecoder, ics, &(ics->ltp), ld);
		25	+ if ((retval = ltp_data(hDecoder, ics, &(ics->ltp), ld)) > 0)
		26	+ {
		27	+ return retval;
		28	+ }
		29	}
		30	}
		31	#endif


diff --git a/meta-oe/recipes-multimedia/faad2/faad2_2.8.8.bb b/meta-oe/recipes-multimedia/faad2/faad2_2.8.8.bb index 731600205a..f354c99d33 100644 --- a/meta-oe/recipes-multimedia/faad2/faad2_2.8.8.bb +++ b/meta-oe/recipes-multimedia/faad2/faad2_2.8.8.bb
@@ -11,6 +11,7 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/faac/faad2-src/faad2-2.8.0/${BP}.tar.gz \
11	file://0001-fix-heap-buffer-overflow-in-mp4read.c.patch \	11	file://0001-fix-heap-buffer-overflow-in-mp4read.c.patch \
12	file://0001-mp4read.c-fix-stack-buffer-overflow-in-stringin-ftyp.patch \	12	file://0001-mp4read.c-fix-stack-buffer-overflow-in-stringin-ftyp.patch \
13	file://0001-Restrict-SBR-frame-length-to-960-and-1024-samples.patch \	13	file://0001-Restrict-SBR-frame-length-to-960-and-1024-samples.patch \
		14	file://0001-Check-return-value-of-ltp_data.patch \
14	"	15	"
15	SRC_URI[md5sum] = "28f6116efdbe9378269f8a6221767d1f"	16	SRC_URI[md5sum] = "28f6116efdbe9378269f8a6221767d1f"
16	SRC_URI[sha256sum] = "985c3fadb9789d2815e50f4ff714511c79c2710ac27a4aaaf5c0c2662141426d"	17	SRC_URI[sha256sum] = "985c3fadb9789d2815e50f4ff714511c79c2710ac27a4aaaf5c0c2662141426d"