2 files changed, 29 insertions, 0 deletions
diff --git a/meta-oe/recipes-multimedia/faad2/faad2/0001-mp4read.c-fix-stack-buffer-overflow-in-stringin-ftyp.patch b/meta-oe/recipes-multimedia/faad2/faad2/0001-mp4read.c-fix-stack-buffer-overflow-in-stringin-ftyp.patch
new file mode 100644
index 0000000000..3925cde545
--- /dev/null
+++ b/meta-oe/recipes-multimedia/faad2/faad2/0001-mp4read.c-fix-stack-buffer-overflow-in-stringin-ftyp.patch
@@ -0,0 +1,28 @@
+From a58cf881b820bfb4544995192fe5992ae010f1d7 Mon Sep 17 00:00:00 2001
+From: Fabian Greffrath <fabian@greffrath.com>
+Date: Mon, 17 Aug 2020 07:37:09 +0200
+Subject: [PATCH] mp4read.c: fix stack-buffer-overflow in stringin()/ftypin()
+Terminate the string read into the stack buffer,
+fixes #56.
+CVE: CVE-2021-32273
+Upstream-Status: Backport [https://github.com/knik0/faad2/commit/1073aeef823cafd844704389e9a497c257768e2f]
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ frontend/mp4read.c | 1 +
+ 1 file changed, 1 insertion(+)
+diff --git a/frontend/mp4read.c b/frontend/mp4read.c
+index 5dc36b7..a978e62 100644
+--- a/frontend/mp4read.c
+++ b/frontend/mp4read.c
+@@ -91,6 +91,7 @@ static int stringin(char *txt, int sizemax)
+         if (!txt[size])
+             break;
+     }
+    txt[sizemax-1] = '\0';
+ 
+     return size;
+ }
diff --git a/meta-oe/recipes-multimedia/faad2/faad2_2.8.8.bb b/meta-oe/recipes-multimedia/faad2/faad2_2.8.8.bb
index d70c18f43d..6ac09c19ce 100644
--- a/meta-oe/recipes-multimedia/faad2/faad2_2.8.8.bb
+++ b/meta-oe/recipes-multimedia/faad2/faad2_2.8.8.bb
@@ -9,6 +9,7 @@ LICENSE_FLAGS = "commercial"
 SRC_URI = "${SOURCEFORGE_MIRROR}/faac/faad2-src/faad2-2.8.0/${BP}.tar.gz \
           file://0001-fix-heap-buffer-overflow-in-mp4read.c.patch \
+           file://0001-mp4read.c-fix-stack-buffer-overflow-in-stringin-ftyp.patch \
           "
 SRC_URI[md5sum] = "28f6116efdbe9378269f8a6221767d1f"
 SRC_URI[sha256sum] = "985c3fadb9789d2815e50f4ff714511c79c2710ac27a4aaaf5c0c2662141426d"

diff --git a/meta-oe/recipes-multimedia/faad2/faad2/0001-mp4read.c-fix-stack-buffer-overflow-in-stringin-ftyp.patch b/meta-oe/recipes-multimedia/faad2/faad2/0001-mp4read.c-fix-stack-buffer-overflow-in-stringin-ftyp.patch new file mode 100644 index 0000000000..3925cde545 --- /dev/null +++ b/meta-oe/recipes-multimedia/faad2/faad2/0001-mp4read.c-fix-stack-buffer-overflow-in-stringin-ftyp.patch
@@ -0,0 +1,28 @@
		1	From a58cf881b820bfb4544995192fe5992ae010f1d7 Mon Sep 17 00:00:00 2001
		2	From: Fabian Greffrath <fabian@greffrath.com>
		3	Date: Mon, 17 Aug 2020 07:37:09 +0200
		4	Subject: [PATCH] mp4read.c: fix stack-buffer-overflow in stringin()/ftypin()
		5
		6	Terminate the string read into the stack buffer,
		7	fixes #56.
		8
		9	CVE: CVE-2021-32273
		10	Upstream-Status: Backport [https://github.com/knik0/faad2/commit/1073aeef823cafd844704389e9a497c257768e2f]
		11
		12	Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
		13	---
		14	frontend/mp4read.c \| 1 +
		15	1 file changed, 1 insertion(+)
		16
		17	diff --git a/frontend/mp4read.c b/frontend/mp4read.c
		18	index 5dc36b7..a978e62 100644
		19	--- a/frontend/mp4read.c
		20	+++ b/frontend/mp4read.c
		21	@@ -91,6 +91,7 @@ static int stringin(char *txt, int sizemax)
		22	if (!txt[size])
		23	break;
		24	}
		25	+ txt[sizemax-1] = '\0';
		26
		27	return size;
		28	}


diff --git a/meta-oe/recipes-multimedia/faad2/faad2_2.8.8.bb b/meta-oe/recipes-multimedia/faad2/faad2_2.8.8.bb index d70c18f43d..6ac09c19ce 100644 --- a/meta-oe/recipes-multimedia/faad2/faad2_2.8.8.bb +++ b/meta-oe/recipes-multimedia/faad2/faad2_2.8.8.bb
@@ -9,6 +9,7 @@ LICENSE_FLAGS = "commercial"
9		9
10	SRC_URI = "${SOURCEFORGE_MIRROR}/faac/faad2-src/faad2-2.8.0/${BP}.tar.gz \	10	SRC_URI = "${SOURCEFORGE_MIRROR}/faac/faad2-src/faad2-2.8.0/${BP}.tar.gz \
11	file://0001-fix-heap-buffer-overflow-in-mp4read.c.patch \	11	file://0001-fix-heap-buffer-overflow-in-mp4read.c.patch \
		12	file://0001-mp4read.c-fix-stack-buffer-overflow-in-stringin-ftyp.patch \
12	"	13	"
13	SRC_URI[md5sum] = "28f6116efdbe9378269f8a6221767d1f"	14	SRC_URI[md5sum] = "28f6116efdbe9378269f8a6221767d1f"
14	SRC_URI[sha256sum] = "985c3fadb9789d2815e50f4ff714511c79c2710ac27a4aaaf5c0c2662141426d"	15	SRC_URI[sha256sum] = "985c3fadb9789d2815e50f4ff714511c79c2710ac27a4aaaf5c0c2662141426d"