head	1.2;
access;
symbols;
locks; strict;
comment	@# @;


1.2
date	2013.12.05.07.51.57;	author wiz;	state dead;
branches;
next	1.1;
commitid	nnJ9mPpRAO1OTUfx;

1.1
date	2013.10.01.14.50.38;	author drochner;	state Exp;
branches;
next	;
commitid	ZgdstKVtczeIiB7x;


desc
@@


1.2
log
@Remove patch after update (hi drochner)
@
text
@$NetBSD: patch-CVE-2013-4388,v 1.1 2013/10/01 14:50:38 drochner Exp $

upstream commit 9794ec1cd268c04c8bca13a5fae15df6594dff3e

--- modules/packetizer/mpeg4audio.c.orig	2012-04-27 17:14:57.000000000 +0000
+++ modules/packetizer/mpeg4audio.c
@@@@ -892,8 +892,11 @@@@ static int LOASParse( decoder_t *p_dec, 
                         continue;
 
                     /* FIXME that's slow (and a bit ugly to write in place) */
-                    for( i = 0; i < pi_payload[i_program][i_layer]; i++ )
+                    for( i = 0; i < pi_payload[i_program][i_layer]; i++ ) {
+			if (i_accumulated >= i_buffer)
+			    return 0;
                         p_buffer[i_accumulated++] = bs_read( &s, 8 );
+		    }
                 }
             }
         }
@


1.1
log
@add patch from upstream to fix buffer overflow in the mp4a packetizer
(CVE-2013-4388)
bump PKGREV
@
text
@d1 1
a1 1
$NetBSD$
@