From e06fe48896aee83cc8a5cb581b6e1c0c3ddcf563 Mon Sep 17 00:00:00 2001
From: Gyorgy Sarvari <skandigraun@gmail.com>
Date: Thu, 16 Oct 2025 11:29:15 +0200
Subject: faad2: patch CVE-2021-32273

Details: https://nvd.nist.gov/vuln/detail/CVE-2021-32273

Pick the patch that resolved the issue linked in the nvd report.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
 ...ix-stack-buffer-overflow-in-stringin-ftyp.patch | 28 ++++++++++++++++++++++
 meta-oe/recipes-multimedia/faad2/faad2_2.8.8.bb    |  1 +
 2 files changed, 29 insertions(+)
 create mode 100644 meta-oe/recipes-multimedia/faad2/faad2/0001-mp4read.c-fix-stack-buffer-overflow-in-stringin-ftyp.patch

diff --git a/meta-oe/recipes-multimedia/faad2/faad2/0001-mp4read.c-fix-stack-buffer-overflow-in-stringin-ftyp.patch b/meta-oe/recipes-multimedia/faad2/faad2/0001-mp4read.c-fix-stack-buffer-overflow-in-stringin-ftyp.patch
new file mode 100644
index 0000000000..3925cde545
--- /dev/null
+++ b/meta-oe/recipes-multimedia/faad2/faad2/0001-mp4read.c-fix-stack-buffer-overflow-in-stringin-ftyp.patch
@@ -0,0 +1,28 @@
+From a58cf881b820bfb4544995192fe5992ae010f1d7 Mon Sep 17 00:00:00 2001
+From: Fabian Greffrath <fabian@greffrath.com>
+Date: Mon, 17 Aug 2020 07:37:09 +0200
+Subject: [PATCH] mp4read.c: fix stack-buffer-overflow in stringin()/ftypin()
+
+Terminate the string read into the stack buffer,
+fixes #56.
+
+CVE: CVE-2021-32273
+Upstream-Status: Backport [https://github.com/knik0/faad2/commit/1073aeef823cafd844704389e9a497c257768e2f]
+
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ frontend/mp4read.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/frontend/mp4read.c b/frontend/mp4read.c
+index 5dc36b7..a978e62 100644
+--- a/frontend/mp4read.c
++++ b/frontend/mp4read.c
+@@ -91,6 +91,7 @@ static int stringin(char *txt, int sizemax)
+         if (!txt[size])
+             break;
+     }
++    txt[sizemax-1] = '\0';
+ 
+     return size;
+ }
diff --git a/meta-oe/recipes-multimedia/faad2/faad2_2.8.8.bb b/meta-oe/recipes-multimedia/faad2/faad2_2.8.8.bb
index d70c18f43d..6ac09c19ce 100644
--- a/meta-oe/recipes-multimedia/faad2/faad2_2.8.8.bb
+++ b/meta-oe/recipes-multimedia/faad2/faad2_2.8.8.bb
@@ -9,6 +9,7 @@ LICENSE_FLAGS = "commercial"
 
 SRC_URI = "${SOURCEFORGE_MIRROR}/faac/faad2-src/faad2-2.8.0/${BP}.tar.gz \
            file://0001-fix-heap-buffer-overflow-in-mp4read.c.patch \
+           file://0001-mp4read.c-fix-stack-buffer-overflow-in-stringin-ftyp.patch \
            "
 SRC_URI[md5sum] = "28f6116efdbe9378269f8a6221767d1f"
 SRC_URI[sha256sum] = "985c3fadb9789d2815e50f4ff714511c79c2710ac27a4aaaf5c0c2662141426d"
-- 
cgit v1.2.3-54-g00ecf