From 6fb63b583dbd5d5221f590add86caa4a49594759 Mon Sep 17 00:00:00 2001
From: Dominik Mierzejewski <dominik@greysector.net>
Date: Mon, 10 Nov 2008 22:34:49 +0000
Subject: [PATCH] - fix CVE-2008-4201

---
 faad2-cve-2008-4201.patch | 12 ++++++++++++
 faad2.spec                |  7 ++++++-
 2 files changed, 18 insertions(+), 1 deletion(-)
 create mode 100644 faad2-cve-2008-4201.patch

diff --git a/faad2-cve-2008-4201.patch b/faad2-cve-2008-4201.patch
new file mode 100644
index 0000000..ba5409d
--- /dev/null
+++ b/faad2-cve-2008-4201.patch
@@ -0,0 +1,12 @@
+diff -up faad2/frontend/main.c.cve faad2/frontend/main.c
+--- faad2/frontend/main.c.cve	2007-11-01 13:33:29.000000000 +0100
++++ faad2/frontend/main.c	2008-11-10 22:43:49.000000000 +0100
+@@ -914,6 +914,8 @@ int decodeMP4file(char *mp4file, char *s
+                 sample_count = frameInfo.samples;
+             } else {
+                 sample_count = (unsigned int)(dur * frameInfo.channels);
++                if (sample_count > frameInfo.samples)
++                    sample_count = frameInfo.samples;
+ 
+                 if (!useAacLength && !initial && (sampleId < numSamples/2) && (sample_count != frameInfo.samples))
+                 {
diff --git a/faad2.spec b/faad2.spec
index 6f4820e..e6982f5 100644
--- a/faad2.spec
+++ b/faad2.spec
@@ -12,11 +12,12 @@ Summary:	Library and frontend for decoding MPEG2/4 AAC
 Name:		faad2
 Epoch:		1
 Version:	2.6.1
-Release:	5%{?dist}
+Release:	6%{?dist}
 License:	GPLv2+
 Group:		Applications/Multimedia
 URL:		http://www.audiocoding.com/faad2.html
 Source:		http://download.sourceforge.net/faac/%{name}-%{version}.tar.gz
+Patch0:		%{name}-cve-2008-4201.patch
 BuildRoot:	%{_tmppath}/%{name}-%{version}-%{release}-root
 BuildRequires:	gcc-c++
 BuildRequires:	id3lib-devel
@@ -66,6 +67,7 @@ This package contains an input plugin for xmms.
 
 %prep
 %setup -q -n %{name}
+%patch0 -p1 -b .cve
 find . -name "*.c" -o -name "*.h" | xargs chmod 644
 
 for f in AUTHORS COPYING ChangeLog NEWS README* TODO ; do
@@ -117,6 +119,9 @@ autoreconf -vif
 %{xmmsinputplugindir}/libmp4.so
 
 %changelog
+* Mon Nov 10 2008 Dominik Mierzejewski <dominik [AT] greysector [DOT] net> 1:2.6.1-6
+- fix CVE-2008-4201
+
 * Sat Oct 18 2008 Dominik Mierzejewski <dominik [AT] greysector [DOT] net> 1:2.6.1-5
 - add Obsoletes: for xmms-aac to ensure smooth upgrade from Freshrpms
 - add some additional docs for xmms-faad2