Package: faad2 / 2.8.8-3

Metadata

Package Version Patches format
faad2 2.8.8-3 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
reproducible build.patch | (download)

frontend/main.c | 1 0 + 1 - 0 !
1 file changed, 1 deletion(-)

 remove timestamps from cpp macros
 The C pre-processor macros '__DATE__' and '__TIME__' capture the current time
 and thus will obviously make a build unreproducible. Usage of these macros
 must simply be removed in order to make builds reproducible.
0009 syntax.c check for syntax element inconsistencies.patch | (download)

libfaad/syntax.c | 12 12 + 0 - 0 !
1 file changed, 12 insertions(+)

 [patch 09/10] syntax.c: check for syntax element inconsistencies

Implicit channel mapping reconfiguration is explicitely forbidden by
ISO/IEC 13818-7:2006 (8.5.3.3). Decoders should be able to detect such
files and reject them. FAAD2 does not perform any kind of checks
regarding this.

This leads to security vulnerabilities when processing crafted AAC
files performing such reconfigurations.

Add checks to decode_sce_lfe and decode_cpe to make sure such
inconsistencies are detected as early as possible.

These checks first read hDecoder->frame: if this is not the first
frame then we make sure that the syntax element at the same position
in the previous frame also had element_id id_syn_ele. If not, return
21 as this is a fatal file structure issue.

This patch addresses CVE-2018-20362 (fixes #26) and possibly other
related issues.

0010 sbr_hfadj sanitize frequency band borders.patch | (download)

libfaad/sbr_hfadj.c | 18 18 + 0 - 0 !
1 file changed, 18 insertions(+)

 [patch 10/10] sbr_hfadj: sanitize frequency band borders

user passed f_table_lim contains frequency band borders. Frequency
bands are groups of consecutive QMF channels. This means that their
bounds, as provided by f_table_lim, should never exceed MAX_M (maximum
number of QMF channels). c.f. ISO/IEC 14496-3:2001

FAAD2 does not verify this, leading to security issues when
processing files defining f_table_lim with values > MAX_M.

This patch sanitizes the values of f_table_lim so that they can be safely
used as index for Q_M_lim and G_lim arrays.

Fixes #21 (CVE-2018-20194).

0004 Fix a couple buffer overflows.patch | (download)

libfaad/bits.c | 5 4 + 1 - 0 !
libfaad/syntax.c | 2 2 + 0 - 0 !
2 files changed, 6 insertions(+), 1 deletion(-)

 fix a couple buffer overflows

https://hackerone.com/reports/502816
https://hackerone.com/reports/507858