--- /dev/null
+Don't overrun output buffer in utf8_ascii() if source string contains embedded NUL
+--- mpg123-1.12.4/src/metaprint.c.orig 2010-08-22 14:09:17.000000000 +0200
++++ mpg123-1.12.4/src/metaprint.c 2010-10-03 09:39:15.851740205 +0200
+@@ -335,7 +335,7 @@
+ if(!mpg123_resize_string(dest, dlen+1)){ mpg123_free_string(dest); return; }
+ /* Just ASCII, we take it easy. */
+ p = dest->p;
+- for(spos=0; spos < source->fill; ++spos)
++ for(spos=0; (spos < source->fill) && (source->p[spos] != 0); ++spos)
+ {
+ /* UTF-8 continuation byte 0x10?????? */
+ if((source->p[spos] & 0xc0) == 0x80) continue;
Summary(uk.UTF-8): Програвач MPEG аудіофайлів
Name: mpg123
Version: 1.12.4
-Release: 1
+Release: 2
# some old parts are GPLed, but they are not included in package
License: LGPL v2.1
Group: Applications/Sound
# Source0-md5: 256ab49b228b334d18377e8485840391
Patch0: %{name}-am.patch
Patch1: %{name}-no-la.patch
+Patch2: %{name}-nul-overrun.patch
URL: http://www.mpg123.de/
%{?with_openal:BuildRequires: OpenAL-devel}
%{?with_sdl:BuildRequires: SDL-devel >= 1.2.11}
%setup -q
%patch0 -p1
%patch1 -p1
+%patch2 -p1
%build
%{__libtoolize}
%{__automake}
# select "0" optimization, which doesn't add any -O to CFLAGS
%configure \
- --disable-ltdl-install \
--enable-modules \
--enable-static \
--with-audio=%{?with_alsa:alsa,}oss%{?with_esd:,esd}%{?with_jack:,jack}%{?with_portaudio:,portaudio}%{?with_pulseaudio:,pulse}%{?with_sdl:,sdl}%{?with_nas:,nas}%{?with_arts:,arts}%{?with_openal:,openal} \
projects / packages / mpg123.git / commitdiff