From 6e1f3704c257f236c83c29def8b4d103320c1efc Mon Sep 17 00:00:00 2001
From: Nicolas Chauvet <kwizart@gmail.com>
Date: Fri, 7 Jun 2019 09:52:52 +0200
Subject: [PATCH] Fix security issue

---
 faad2-fix-overflows.patch | 25 +++++++++++++++++++++++++
 faad2.spec                |  7 ++++++-
 2 files changed, 31 insertions(+), 1 deletion(-)
 create mode 100644 faad2-fix-overflows.patch

diff --git a/faad2-fix-overflows.patch b/faad2-fix-overflows.patch
new file mode 100644
index 0000000..5a198f8
--- /dev/null
+++ b/faad2-fix-overflows.patch
@@ -0,0 +1,25 @@
+--- faad2/libfaad/bits.c	2007-11-01 13:33:29.000000000 +0100
++++ faad2.new/libfaad/bits.c	2019-03-25 17:29:26.134199188 +0100
+@@ -167,7 +167,10 @@
+     int words = bits >> 5;
+     int remainder = bits & 0x1F;
+ 
+-    ld->bytes_left = ld->buffer_size - words*4;
++    if (ld->buffer_size < words * 4)
++        ld->bytes_left = 0;
++    else
++        ld->bytes_left = ld->buffer_size - words*4;
+ 
+     if (ld->bytes_left >= 4)
+     {
+--- faad2/libfaad/syntax.c	2019-03-25 17:57:36.930937066 +0100
++++ faad2.new/libfaad/syntax.c	2019-03-25 17:49:26.135368525 +0100
+@@ -2292,6 +2292,8 @@
+     while ((drc->additional_excluded_chns[n-1] = faad_get1bit(ld
+         DEBUGVAR(1,104,"excluded_channels(): additional_excluded_chns"))) == 1)
+     {
++        if (i >= MAX_CHANNELS - num_excl_chan - 7)
++            return n;
+         for (i = num_excl_chan; i < num_excl_chan+7; i++)
+         {
+             drc->exclude_mask[i] = faad_get1bit(ld
diff --git a/faad2.spec b/faad2.spec
index fd691c4..4eeda01 100644
--- a/faad2.spec
+++ b/faad2.spec
@@ -4,13 +4,15 @@ Summary:	Library and frontend for decoding MPEG2/4 AAC
 Name:		faad2
 Epoch:		1
 Version:	2.8.8
-Release:	5%{?dist}
+Release:	6%{?dist}
 License:	GPLv2+
 URL:		http://www.audiocoding.com/faad2.html
 Source:		http://downloads.sourceforge.net/sourceforge/faac/%{name}-%{version}.tar.gz
 # fix non-PIC objects in libmp4ff.a
 Patch0:		%{name}-pic.patch
 Patch1:		fix_undefined_version.patch
+# Security issue from videolan contribs
+Patch2:         faad2-fix-overflows.patch
 
 BuildRequires:	gcc-c++
 BuildRequires:	id3lib-devel
@@ -98,6 +100,9 @@ find $RPM_BUILD_ROOT -name '*.la' -or -name '*.a' | xargs rm -f
 %{xmmsinputplugindir}/libmp4.so
 
 %changelog
+* Fri Jun 07 2019 Nicolas Chauvet <kwizart@gmail.com> - 1:2.8.8-6
+- Fix overflows
+
 * Mon Mar 04 2019 RPM Fusion Release Engineering <leigh123linux@gmail.com> - 1:2.8.8-5
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild