faad2: patch CVE-2021-32273

Details: https://nvd.nist.gov/vuln/detail/CVE-2021-32273 Pick the patch that resolved the issue linked in the nvd report. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
2026-06-14 05:49:57 +00:00 · 2025-10-16 11:29:15 +02:00
parent a84d373085
commit e06fe48896
2 changed files with 29 additions and 0 deletions
@@ -0,0 +1,28 @@
+From a58cf881b820bfb4544995192fe5992ae010f1d7 Mon Sep 17 00:00:00 2001
+From: Fabian Greffrath <fabian@greffrath.com>
+Date: Mon, 17 Aug 2020 07:37:09 +0200
+Subject: [PATCH] mp4read.c: fix stack-buffer-overflow in stringin()/ftypin()
+
+Terminate the string read into the stack buffer,
+fixes #56.
+
+CVE: CVE-2021-32273
+Upstream-Status: Backport [https://github.com/knik0/faad2/commit/1073aeef823cafd844704389e9a497c257768e2f]
+
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ frontend/mp4read.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/frontend/mp4read.c b/frontend/mp4read.c
+index 5dc36b7..a978e62 100644
+--- a/frontend/mp4read.c
+++ b/frontend/mp4read.c
+@@ -91,6 +91,7 @@ static int stringin(char *txt, int sizemax)
+         if (!txt[size])
+             break;
+     }
+    txt[sizemax-1] = '\0';
+ 
+     return size;
+ }
@@ -9,6 +9,7 @@ LICENSE_FLAGS = "commercial"

 SRC_URI = "${SOURCEFORGE_MIRROR}/faac/faad2-src/faad2-2.8.0/${BP}.tar.gz \
           file://0001-fix-heap-buffer-overflow-in-mp4read.c.patch \
+           file://0001-mp4read.c-fix-stack-buffer-overflow-in-stringin-ftyp.patch \
           "
 SRC_URI[md5sum] = "28f6116efdbe9378269f8a6221767d1f"
 SRC_URI[sha256sum] = "985c3fadb9789d2815e50f4ff714511c79c2710ac27a4aaaf5c0c2662141426d"