Fix integer overflows (CVE-2007-4619) by backporting corresponding

fixes from FLAC 1.2.1.

Reviewed by:    miwi
Approved by:    portmgr (linimon)
Security: 	ff65eecb-91e4-11dc-bd6c-0016179b2dd5

audio/flac/Makefile

@@ -7,10 +7,13 @@
 
 PORTNAME=	flac
 PORTVERSION=	1.1.2
-PORTREVISION=	1
+PORTREVISION=	2
 CATEGORIES=	audio
-MASTER_SITES=	${MASTER_SITE_SOURCEFORGE}
-MASTER_SITE_SUBDIR=	${PORTNAME}
+MASTER_SITES=	${MASTER_SITE_SOURCEFORGE:S/$/:sf/} \
+		${MASTER_SITE_LOCAL:S/$/:local/}
+MASTER_SITE_SUBDIR=	${PORTNAME}/:sf naddy/:local
+DISTFILES=	${EXTRACT_ONLY}:sf flac-alloc.h:local
+EXTRACT_ONLY=	${DISTNAME}${EXTRACT_SUFX}
 
 MAINTAINER=	naddy@FreeBSD.org
 COMMENT=	Free lossless audio codec
@@ -42,6 +45,9 @@ MAN1=		flac.1 metaflac.1
 BUILD_DEPENDS=	nasm:${PORTSDIR}/devel/nasm
 .endif
 
+post-extract:
+	@${CP} ${DISTDIR}/flac-alloc.h ${WRKSRC}/include/share/alloc.h
+
 # "obj" is magic to our make(1)
 post-configure:
 	@${RM} -rf ${WRKSRC}/obj

audio/flac/distinfo

@@ -1,3 +1,6 @@
 MD5 (flac-1.1.2.tar.gz) = 2bfc127cdda02834d0491ab531a20960
 SHA256 (flac-1.1.2.tar.gz) = ce4f7d11b3c04a7368c916ca4abc284dd0c0256f461dfb7f07df1ab445e7a5c0
 SIZE (flac-1.1.2.tar.gz) = 1516235
+MD5 (flac-alloc.h) = 08891390039e2aee9bd4335f784467db
+SHA256 (flac-alloc.h) = da40afc663e5b3fe6dccd1a0f1c218b7ec02d3699d72b41d6978696896d7df98
+SIZE (flac-alloc.h) = 5697

audio/flac/files/patch-src_libFLAC++_metadata.cpp

@@ -0,0 +1,66 @@
+
+$FreeBSD$
+
+--- src/libFLAC++/metadata.cpp.orig
++++ src/libFLAC++/metadata.cpp
+@@ -33,6 +33,7 @@
+ #include "FLAC/assert.h"
+ #include <stdlib.h> // for malloc(), free()
+ #include <string.h> // for memcpy() etc.
++#include "share/alloc.h"
+ 
+ #ifdef _MSC_VER
+ // warning C4800: 'int' : forcing to bool 'true' or 'false' (performance warning)
+@@ -568,7 +569,7 @@
+ 
+ 			clear_entry();
+ 
+-			if(0 == (entry_.entry = (FLAC__byte*)malloc(field_length+1))) {
++			if(0 == (entry_.entry = (FLAC__byte*)safe_malloc_add_2op_(field_length, /*+*/1))) {
+ 				is_valid_ = false;
+ 			}
+ 			else {
+@@ -617,7 +618,7 @@
+ 
+ 			clear_field_value();
+ 
+-			if(0 == (field_value_ = (char *)malloc(field_value_length+1))) {
++			if(0 == (field_value_ = (char *)safe_malloc_add_2op_(field_value_length, /*+*/1))) {
+ 				is_valid_ = false;
+ 			}
+ 			else {
+@@ -707,7 +708,7 @@
+ 		{
+ 			clear_entry();
+ 
+-			if(0 == (entry_.entry = (FLAC__byte*)malloc(field_name_length_ + 1 + field_value_length_ + 1))) {
++			if(0 == (entry_.entry = (FLAC__byte*)safe_malloc_add_4op_(field_name_length_, /*+*/1, /*+*/field_value_length_, /*+*/1))) {
+ 				is_valid_ = false;
+ 			}
+ 			else {
+@@ -733,7 +734,7 @@
+ 				p = (const char *)entry_.entry + entry_.length;
+ 
+ 			field_name_length_ = p - (const char *)entry_.entry;
+-			if(0 == (field_name_ = (char *)malloc(field_name_length_ + 1))) { // +1 for the trailing \0
++			if(0 == (field_name_ = (char *)safe_malloc_add_2op_(field_name_length_, /*+*/1))) { // +1 for the trailing \0
+ 				is_valid_ = false;
+ 				return;
+ 			}
+@@ -742,14 +743,14 @@
+ 
+ 			if(entry_.length - field_name_length_ == 0) {
+ 				field_value_length_ = 0;
+-				if(0 == (field_value_ = (char *)malloc(0))) {
++				if(0 == (field_value_ = (char *)safe_malloc_(0))) {
+ 					is_valid_ = false;
+ 					return;
+ 				}
+ 			}
+ 			else {
+ 				field_value_length_ = entry_.length - field_name_length_ - 1;
+-				if(0 == (field_value_ = (char *)malloc(field_value_length_ + 1))) { // +1 for the trailing \0
++				if(0 == (field_value_ = (char *)safe_malloc_add_2op_(field_value_length_, /*+*/1))) { // +1 for the trailing \0
+ 					is_valid_ = false;
+ 					return;
+ 				}

audio/flac/files/patch-src_libFLAC_bitbuffer.c

@@ -0,0 +1,31 @@
+
+$FreeBSD$
+
+--- src/libFLAC/bitbuffer.c.orig
++++ src/libFLAC/bitbuffer.c
+@@ -35,6 +35,7 @@
+ #include "private/bitmath.h"
+ #include "private/crc.h"
+ #include "FLAC/assert.h"
++#include "share/alloc.h"
+ 
+ /*
+  * Along the way you will see two versions of some functions, selected
+@@ -193,7 +194,7 @@
+ 	if(bb->capacity == new_capacity)
+ 		return true;
+ 
+-	new_buffer = (FLAC__blurb*)calloc(new_capacity, sizeof(FLAC__blurb));
++	new_buffer = (FLAC__blurb*)safe_calloc_(new_capacity, sizeof(FLAC__blurb));
+ 	if(new_buffer == 0)
+ 		return false;
+ 	memcpy(new_buffer, bb->buffer, sizeof(FLAC__blurb)*min(bb->blurbs+(bb->bits?1:0), new_capacity));
+@@ -425,7 +426,7 @@
+ {
+ 	if(bb->buffer == 0) {
+ 		bb->capacity = FLAC__BITBUFFER_DEFAULT_CAPACITY;
+-		bb->buffer = (FLAC__blurb*)calloc(bb->capacity, sizeof(FLAC__blurb));
++		bb->buffer = (FLAC__blurb*)safe_calloc_(bb->capacity, sizeof(FLAC__blurb));
+ 		if(bb->buffer == 0)
+ 			return false;
+ 	}

audio/flac/files/patch-src_libFLAC_file__decoder.c

@@ -0,0 +1,22 @@
+
+$FreeBSD$
+
+--- src/libFLAC/file_decoder.c.orig
++++ src/libFLAC/file_decoder.c
+@@ -43,6 +43,7 @@
+ #include "FLAC/assert.h"
+ #include "protected/file_decoder.h"
+ #include "protected/seekable_stream_decoder.h"
++#include "share/alloc.h"
+ 
+ /***********************************************************************
+  *
+@@ -248,7 +249,7 @@
+ 		decoder->private_->filename = 0;
+ 	}
+ 	if(0 != strcmp(value, "-")) {
+-		if(0 == (decoder->private_->filename = (char*)malloc(strlen(value)+1))) {
++		if(0 == (decoder->private_->filename = (char*)safe_malloc_add_2op_(strlen(value), /*+*/1))) {
+ 			decoder->protected_->state = FLAC__FILE_DECODER_MEMORY_ALLOCATION_ERROR;
+ 			return false;
+ 		}

audio/flac/files/patch-src_libFLAC_file__encoder.c

@@ -0,0 +1,22 @@
+
+$FreeBSD$
+
+--- src/libFLAC/file_encoder.c.orig
++++ src/libFLAC/file_encoder.c
+@@ -34,6 +34,7 @@
+ #include <string.h> /* for strlen(), strcpy() */
+ #include "FLAC/assert.h"
+ #include "protected/file_encoder.h"
++#include "share/alloc.h"
+ 
+ #ifdef max
+ #undef max
+@@ -436,7 +437,7 @@
+ 		free(encoder->private_->filename);
+ 		encoder->private_->filename = 0;
+ 	}
+-	if(0 == (encoder->private_->filename = (char*)malloc(strlen(value)+1))) {
++	if(0 == (encoder->private_->filename = (char*)safe_malloc_add_2op_(strlen(value), /*+*/1))) {
+ 		encoder->protected_->state = FLAC__FILE_ENCODER_MEMORY_ALLOCATION_ERROR;
+ 		return false;
+ 	}

audio/flac/files/patch-src_libFLAC_format.c

@@ -0,0 +1,25 @@
+
+$FreeBSD$
+
+--- src/libFLAC/format.c.orig
++++ src/libFLAC/format.c
+@@ -38,6 +38,7 @@
+ #ifdef HAVE_CONFIG_H
+ #include <config.h>
+ #endif
++#include "share/alloc.h"
+ 
+ #ifdef min
+ #undef min
+@@ -463,9 +464,9 @@
+ 	FLAC__ASSERT(object->capacity_by_order > 0 || (0 == object->parameters && 0 == object->raw_bits));
+ 
+ 	if(object->capacity_by_order < max_partition_order) {
+-		if(0 == (object->parameters = (unsigned*)realloc(object->parameters, sizeof(unsigned)*(1 << max_partition_order))))
++		if(0 == (object->parameters = (unsigned*)safe_realloc_mul_2op_(object->parameters, sizeof(unsigned), /*times*/(1 << max_partition_order))))
+ 			return false;
+-		if(0 == (object->raw_bits = (unsigned*)realloc(object->raw_bits, sizeof(unsigned)*(1 << max_partition_order))))
++		if(0 == (object->raw_bits = (unsigned*)safe_realloc_mul_2op_(object->raw_bits, sizeof(unsigned), /*times*/(1 << max_partition_order))))
+ 			return false;
+ 		object->capacity_by_order = max_partition_order;
+ 	}

audio/flac/files/patch-src_libFLAC_include_private_md5.h

@@ -0,0 +1,14 @@
+
+$FreeBSD$
+
+--- src/libFLAC/include/private/md5.h.orig
++++ src/libFLAC/include/private/md5.h
+@@ -41,7 +41,7 @@
+ 	FLAC__uint32 bytes[2];
+ 	FLAC__uint32 in[16];
+ 	FLAC__byte *internal_buf;
+-	unsigned capacity;
++	size_t capacity;
+ };
+ 
+ FLAC_API void FLAC__MD5Init(struct FLAC__MD5Context *context);

audio/flac/files/patch-src_libFLAC_md5.c

@@ -0,0 +1,35 @@
+
+$FreeBSD$
+
+--- src/libFLAC/md5.c.orig
++++ src/libFLAC/md5.c
+@@ -31,6 +31,7 @@
+ #ifdef HAVE_CONFIG_H
+ #include <config.h>
+ #endif
++#include "share/alloc.h"
+ 
+ #ifndef FLaC__INLINE
+ #define FLaC__INLINE
+@@ -230,13 +231,19 @@
+ 	unsigned channel, sample, a_byte;
+ 	FLAC__int32 a_word;
+ 	FLAC__byte *buf_;
+-	const unsigned bytes_needed = channels * samples * bytes_per_sample;
++	const size_t bytes_needed = (size_t)channels * (size_t)samples * (size_t)bytes_per_sample;
++
++	/* overflow check */
++	if((size_t)channels > SIZE_MAX / (size_t)bytes_per_sample)
++		return false;
++	if((size_t)channels * (size_t)bytes_per_sample > SIZE_MAX / (size_t)samples)
++		return false;
+ 
+ 	if(ctx->capacity < bytes_needed) {
+ 		FLAC__byte *tmp = (FLAC__byte*)realloc(ctx->internal_buf, bytes_needed);
+ 		if(0 == tmp) {
+ 			free(ctx->internal_buf);
+-			if(0 == (ctx->internal_buf = (FLAC__byte*)malloc(bytes_needed)))
++			if(0 == (ctx->internal_buf = (FLAC__byte*)safe_malloc_(bytes_needed)))
+ 				return false;
+ 		}
+ 		ctx->internal_buf = tmp;

audio/flac/files/patch-src_libFLAC_memory.c

@@ -0,0 +1,76 @@
+
+$FreeBSD$
+
+--- src/libFLAC/memory.c.orig
++++ src/libFLAC/memory.c
+@@ -35,6 +35,7 @@
+ #ifdef HAVE_CONFIG_H
+ #include <config.h>
+ #endif
++#include "share/alloc.h"
+ 
+ void *FLAC__memory_alloc_aligned(size_t bytes, void **aligned_address)
+ {
+@@ -44,10 +45,10 @@
+ 
+ #ifdef FLAC__ALIGN_MALLOC_DATA
+ 	/* align on 32-byte (256-bit) boundary */
+-	x = malloc(bytes+31);
++	x = safe_malloc_add_2op_(bytes, /*+*/31);
+ 	*aligned_address = (void*)(((unsigned)x + 31) & -32);
+ #else
+-	x = malloc(bytes);
++	x = safe_malloc_(bytes);
+ 	*aligned_address = x;
+ #endif
+ 	return x;
+@@ -66,6 +67,9 @@
+ 	FLAC__ASSERT(0 != aligned_pointer);
+ 	FLAC__ASSERT(unaligned_pointer != aligned_pointer);
+ 
++	if((size_t)elements > SIZE_MAX / sizeof(*pu)) /* overflow check */
++		return false;
++
+ 	pu = (FLAC__int32*)FLAC__memory_alloc_aligned(sizeof(FLAC__int32) * elements, &u.pv);
+ 	if(0 == pu) {
+ 		return false;
+@@ -92,6 +96,9 @@
+ 	FLAC__ASSERT(0 != aligned_pointer);
+ 	FLAC__ASSERT(unaligned_pointer != aligned_pointer);
+ 
++	if((size_t)elements > SIZE_MAX / sizeof(*pu)) /* overflow check */
++		return false;
++
+ 	pu = (FLAC__uint32*)FLAC__memory_alloc_aligned(sizeof(FLAC__uint32) * elements, &u.pv);
+ 	if(0 == pu) {
+ 		return false;
+@@ -118,6 +125,9 @@
+ 	FLAC__ASSERT(0 != aligned_pointer);
+ 	FLAC__ASSERT(unaligned_pointer != aligned_pointer);
+ 
++	if((size_t)elements > SIZE_MAX / sizeof(*pu)) /* overflow check */
++		return false;
++
+ 	pu = (FLAC__uint64*)FLAC__memory_alloc_aligned(sizeof(FLAC__uint64) * elements, &u.pv);
+ 	if(0 == pu) {
+ 		return false;
+@@ -144,6 +154,9 @@
+ 	FLAC__ASSERT(0 != aligned_pointer);
+ 	FLAC__ASSERT(unaligned_pointer != aligned_pointer);
+ 
++	if((size_t)elements > SIZE_MAX / sizeof(*pu)) /* overflow check */
++		return false;
++
+ 	pu = (unsigned*)FLAC__memory_alloc_aligned(sizeof(unsigned) * elements, &u.pv);
+ 	if(0 == pu) {
+ 		return false;
+@@ -171,6 +184,9 @@
+ 	FLAC__ASSERT(0 != unaligned_pointer);
+ 	FLAC__ASSERT(0 != aligned_pointer);
+ 	FLAC__ASSERT(unaligned_pointer != aligned_pointer);
++
++	if((size_t)elements > SIZE_MAX / sizeof(*pu)) /* overflow check */
++		return false;
+ 
+ 	pu = (FLAC__real*)FLAC__memory_alloc_aligned(sizeof(FLAC__real) * elements, &u.pv);
+ 	if(0 == pu) {

audio/flac/files/patch-src_libFLAC_metadata__iterators.c

@@ -0,0 +1,67 @@
+
+$FreeBSD$
+
+--- src/libFLAC/metadata_iterators.c.orig
++++ src/libFLAC/metadata_iterators.c
+@@ -48,6 +48,7 @@
+ 
+ #include "FLAC/assert.h"
+ #include "FLAC/file_decoder.h"
++#include "share/alloc.h"
+ 
+ #ifdef max
+ #undef max
+@@ -1928,7 +1929,7 @@
+ 		block->data = 0;
+ 	}
+ 	else {
+-		if(0 == (block->data = (FLAC__byte*)malloc(block_length)))
++		if(0 == (block->data = (FLAC__byte*)safe_malloc_(block_length)))
+ 			return FLAC__METADATA_SIMPLE_ITERATOR_STATUS_MEMORY_ALLOCATION_ERROR;
+ 
+ 		if(read_cb(block->data, 1, block_length, handle) != block_length)
+@@ -1949,7 +1950,7 @@
+ 
+ 	if(block->num_points == 0)
+ 		block->points = 0;
+-	else if(0 == (block->points = (FLAC__StreamMetadata_SeekPoint*)malloc(block->num_points * sizeof(FLAC__StreamMetadata_SeekPoint))))
++	else if(0 == (block->points = (FLAC__StreamMetadata_SeekPoint*)safe_malloc_mul_2op_(block->num_points, /*times*/ sizeof(FLAC__StreamMetadata_SeekPoint))))
+ 		return FLAC__METADATA_SIMPLE_ITERATOR_STATUS_MEMORY_ALLOCATION_ERROR;
+ 
+ 	for(i = 0; i < block->num_points; i++) {
+@@ -1982,7 +1983,7 @@
+ 		entry->entry = 0;
+ 	}
+ 	else {
+-		if(0 == (entry->entry = (FLAC__byte*)malloc(entry->length+1)))
++		if(0 == (entry->entry = (FLAC__byte*)safe_malloc_add_2op_(entry->length, /*+*/1)))
+ 			return FLAC__METADATA_SIMPLE_ITERATOR_STATUS_MEMORY_ALLOCATION_ERROR;
+ 
+ 		if(read_cb(entry->entry, 1, entry->length, handle) != entry->length)
+@@ -2145,7 +2146,7 @@
+ 		block->data = 0;
+ 	}
+ 	else {
+-		if(0 == (block->data = (FLAC__byte*)malloc(block_length)))
++		if(0 == (block->data = (FLAC__byte*)safe_malloc_(block_length)))
+ 			return FLAC__METADATA_SIMPLE_ITERATOR_STATUS_MEMORY_ALLOCATION_ERROR;
+ 
+ 		if(read_cb(block->data, 1, block_length, handle) != block_length)
+@@ -2812,7 +2813,7 @@
+ {
+ 	static const char *tempfile_suffix = ".metadata_edit";
+ 	if(0 == tempfile_path_prefix) {
+-		if(0 == (*tempfilename = (char*)malloc(strlen(filename) + strlen(tempfile_suffix) + 1))) {
++		if(0 == (*tempfilename = (char*)safe_malloc_add_3op_(strlen(filename), /*+*/strlen(tempfile_suffix), /*+*/1))) {
+ 			*status = FLAC__METADATA_SIMPLE_ITERATOR_STATUS_MEMORY_ALLOCATION_ERROR;
+ 			return false;
+ 		}
+@@ -2826,7 +2827,7 @@
+ 		else
+ 			p++;
+ 
+-		if(0 == (*tempfilename = (char*)malloc(strlen(tempfile_path_prefix) + 1 + strlen(p) + strlen(tempfile_suffix) + 1))) {
++		if(0 == (*tempfilename = (char*)safe_malloc_add_4op_(strlen(tempfile_path_prefix), /*+*/strlen(p), /*+*/strlen(tempfile_suffix), /*+*/2))) {
+ 			*status = FLAC__METADATA_SIMPLE_ITERATOR_STATUS_MEMORY_ALLOCATION_ERROR;
+ 			return false;
+ 		}

audio/flac/files/patch-src_libFLAC_metadata__object.c

@@ -0,0 +1,176 @@
+
+$FreeBSD$
+
+--- src/libFLAC/metadata_object.c.orig
++++ src/libFLAC/metadata_object.c
+@@ -35,6 +35,7 @@
+ #include "private/metadata.h"
+ 
+ #include "FLAC/assert.h"
++#include "share/alloc.h"
+ 
+ 
+ /****************************************************************************
+@@ -47,7 +48,7 @@
+ {
+ 	if(bytes > 0 && 0 != from) {
+ 		FLAC__byte *x;
+-		if(0 == (x = (FLAC__byte*)malloc(bytes)))
++		if(0 == (x = (FLAC__byte*)safe_malloc_(bytes)))
+ 			return false;
+ 		memcpy(x, from, bytes);
+ 		*to = x;
+@@ -62,7 +63,7 @@
+ 
+ static FLAC__bool ensure_null_terminated_(FLAC__byte **entry, unsigned length)
+ {
+-	FLAC__byte *x = (FLAC__byte*)realloc(*entry, length+1);
++	FLAC__byte *x = (FLAC__byte*)safe_realloc_add_2op_(*entry, length, /*+*/1);
+ 	if(0 != x) {
+ 		x[length] = '\0';
+ 		*entry = x;
+@@ -82,7 +83,7 @@
+ 	else {
+ 		FLAC__byte *x;
+ 		FLAC__ASSERT(from->length > 0);
+-		if(0 == (x = (FLAC__byte*)malloc(from->length+1)))
++		if(0 == (x = (FLAC__byte*)safe_malloc_add_2op_(from->length, /*+*/1)))
+ 			return false;
+ 		memcpy(x, from->entry, from->length);
+ 		x[from->length] = '\0';
+@@ -100,7 +101,7 @@
+ 	else {
+ 		FLAC__StreamMetadata_CueSheet_Index *x;
+ 		FLAC__ASSERT(from->num_indices > 0);
+-		if(0 == (x = (FLAC__StreamMetadata_CueSheet_Index*)malloc(from->num_indices * sizeof(FLAC__StreamMetadata_CueSheet_Index))))
++		if(0 == (x = (FLAC__StreamMetadata_CueSheet_Index*)safe_malloc_mul_2op_(from->num_indices, /*times*/sizeof(FLAC__StreamMetadata_CueSheet_Index))))
+ 			return false;
+ 		memcpy(x, from->indices, from->num_indices * sizeof(FLAC__StreamMetadata_CueSheet_Index));
+ 		to->indices = x;
+@@ -122,7 +123,7 @@
+ 
+ 	FLAC__ASSERT(num_points > 0);
+ 
+-	object_array = (FLAC__StreamMetadata_SeekPoint*)malloc(num_points * sizeof(FLAC__StreamMetadata_SeekPoint));
++	object_array = (FLAC__StreamMetadata_SeekPoint*)safe_malloc_mul_2op_(num_points, /*times*/sizeof(FLAC__StreamMetadata_SeekPoint));
+ 
+ 	if(0 != object_array) {
+ 		unsigned i;
+@@ -155,7 +156,7 @@
+ {
+ 	FLAC__ASSERT(num_comments > 0);
+ 
+-	return (FLAC__StreamMetadata_VorbisComment_Entry*)calloc(num_comments, sizeof(FLAC__StreamMetadata_VorbisComment_Entry));
++	return (FLAC__StreamMetadata_VorbisComment_Entry*)safe_calloc_(num_comments, sizeof(FLAC__StreamMetadata_VorbisComment_Entry));
+ }
+ 
+ static void vorbiscomment_entry_array_delete_(FLAC__StreamMetadata_VorbisComment_Entry *object_array, unsigned num_comments)
+@@ -294,14 +295,14 @@
+ {
+ 	FLAC__ASSERT(num_indices > 0);
+ 
+-	return (FLAC__StreamMetadata_CueSheet_Index*)calloc(num_indices, sizeof(FLAC__StreamMetadata_CueSheet_Index));
++	return (FLAC__StreamMetadata_CueSheet_Index*)safe_calloc_(num_indices, sizeof(FLAC__StreamMetadata_CueSheet_Index));
+ }
+ 
+ static FLAC__StreamMetadata_CueSheet_Track *cuesheet_track_array_new_(unsigned num_tracks)
+ {
+ 	FLAC__ASSERT(num_tracks > 0);
+ 
+-	return (FLAC__StreamMetadata_CueSheet_Track*)calloc(num_tracks, sizeof(FLAC__StreamMetadata_CueSheet_Track));
++	return (FLAC__StreamMetadata_CueSheet_Track*)safe_calloc_(num_tracks, sizeof(FLAC__StreamMetadata_CueSheet_Track));
+ }
+ 
+ static void cuesheet_track_array_delete_(FLAC__StreamMetadata_CueSheet_Track *object_array, unsigned num_tracks)
+@@ -462,6 +463,10 @@
+ 				break;
+ 			case FLAC__METADATA_TYPE_SEEKTABLE:
+ 				to->data.seek_table.num_points = object->data.seek_table.num_points;
++				if(to->data.seek_table.num_points > SIZE_MAX / sizeof(FLAC__StreamMetadata_SeekPoint)) { /* overflow check */
++					FLAC__metadata_object_delete(to);
++					return 0;
++				}
+ 				if(!copy_bytes_((FLAC__byte**)&to->data.seek_table.points, (FLAC__byte*)object->data.seek_table.points, object->data.seek_table.num_points * sizeof(FLAC__StreamMetadata_SeekPoint))) {
+ 					FLAC__metadata_object_delete(to);
+ 					return 0;
+@@ -788,8 +793,12 @@
+ 			return false;
+ 	}
+ 	else {
+-		const unsigned old_size = object->data.seek_table.num_points * sizeof(FLAC__StreamMetadata_SeekPoint);
+-		const unsigned new_size = new_num_points * sizeof(FLAC__StreamMetadata_SeekPoint);
++		const size_t old_size = object->data.seek_table.num_points * sizeof(FLAC__StreamMetadata_SeekPoint);
++		const size_t new_size = new_num_points * sizeof(FLAC__StreamMetadata_SeekPoint);
++
++		/* overflow check */
++		if((size_t)new_num_points > SIZE_MAX / sizeof(FLAC__StreamMetadata_SeekPoint))
++			return false;
+ 
+ 		FLAC__ASSERT(object->data.seek_table.num_points > 0);
+ 
+@@ -982,8 +991,12 @@
+ 			return false;
+ 	}
+ 	else {
+-		const unsigned old_size = object->data.vorbis_comment.num_comments * sizeof(FLAC__StreamMetadata_VorbisComment_Entry);
+-		const unsigned new_size = new_num_comments * sizeof(FLAC__StreamMetadata_VorbisComment_Entry);
++		const size_t old_size = object->data.vorbis_comment.num_comments * sizeof(FLAC__StreamMetadata_VorbisComment_Entry);
++		const size_t new_size = new_num_comments * sizeof(FLAC__StreamMetadata_VorbisComment_Entry);
++
++		/* overflow check */
++		if((size_t)new_num_comments > SIZE_MAX / sizeof(FLAC__StreamMetadata_VorbisComment_Entry))
++			return false;
+ 
+ 		FLAC__ASSERT(object->data.vorbis_comment.num_comments > 0);
+ 
+@@ -1131,7 +1144,7 @@
+ 		const size_t nn = strlen(field_name);
+ 		const size_t nv = strlen(field_value);
+ 		entry->length = nn + 1 /*=*/ + nv;
+-		if(0 == (entry->entry = (FLAC__byte*)malloc(entry->length+1)))
++		if(0 == (entry->entry = (FLAC__byte*)safe_malloc_add_2op_(entry->length, /*+*/1)))
+ 			return false;
+ 		memcpy(entry->entry, field_name, nn);
+ 		entry->entry[nn] = '=';
+@@ -1158,9 +1171,9 @@
+ 		FLAC__ASSERT(0 != eq);
+ 		if(0 == eq)
+ 			return false; /* double protection */
+-		if(0 == (*field_name = (char*)malloc(nn+1)))
++		if(0 == (*field_name = (char*)safe_malloc_add_2op_(nn, /*+*/1)))
+ 			return false;
+-		if(0 == (*field_value = (char*)malloc(nv+1))) {
++		if(0 == (*field_value = (char*)safe_malloc_add_2op_(nv, /*+*/1))) {
+ 			free(*field_name);
+ 			return false;
+ 		}
+@@ -1290,8 +1303,12 @@
+ 			return false;
+ 	}
+ 	else {
+-		const unsigned old_size = track->num_indices * sizeof(FLAC__StreamMetadata_CueSheet_Index);
+-		const unsigned new_size = new_num_indices * sizeof(FLAC__StreamMetadata_CueSheet_Index);
++		const size_t old_size = track->num_indices * sizeof(FLAC__StreamMetadata_CueSheet_Index);
++		const size_t new_size = new_num_indices * sizeof(FLAC__StreamMetadata_CueSheet_Index);
++
++		/* overflow check */
++		if((size_t)new_num_indices > SIZE_MAX / sizeof(FLAC__StreamMetadata_CueSheet_Index))
++			return false;
+ 
+ 		FLAC__ASSERT(track->num_indices > 0);
+ 
+@@ -1374,8 +1391,12 @@
+ 			return false;
+ 	}
+ 	else {
+-		const unsigned old_size = object->data.cue_sheet.num_tracks * sizeof(FLAC__StreamMetadata_CueSheet_Track);
+-		const unsigned new_size = new_num_tracks * sizeof(FLAC__StreamMetadata_CueSheet_Track);
++		const size_t old_size = object->data.cue_sheet.num_tracks * sizeof(FLAC__StreamMetadata_CueSheet_Track);
++		const size_t new_size = new_num_tracks * sizeof(FLAC__StreamMetadata_CueSheet_Track);
++
++		/* overflow check */
++		if((size_t)new_num_tracks > SIZE_MAX / sizeof(FLAC__StreamMetadata_CueSheet_Track))
++			return false;
+ 
+ 		FLAC__ASSERT(object->data.cue_sheet.num_tracks > 0);
+ 

audio/flac/files/patch-src_libFLAC_stream__decoder.c

@@ -0,0 +1,121 @@
+
+$FreeBSD$
+
+--- src/libFLAC/stream_decoder.c.orig
++++ src/libFLAC/stream_decoder.c
+@@ -46,6 +46,7 @@
+ #ifdef HAVE_CONFIG_H
+ #include <config.h>
+ #endif
++#include "share/alloc.h"
+ 
+ #ifdef max
+ #undef max
+@@ -214,7 +215,7 @@
+ 	}
+ 
+ 	decoder->private_->metadata_filter_ids_capacity = 16;
+-	if(0 == (decoder->private_->metadata_filter_ids = (FLAC__byte*)malloc((FLAC__STREAM_METADATA_APPLICATION_ID_LEN/8) * decoder->private_->metadata_filter_ids_capacity))) {
++	if(0 == (decoder->private_->metadata_filter_ids = (FLAC__byte*)safe_malloc_mul_2op_((FLAC__STREAM_METADATA_APPLICATION_ID_LEN/8), /*times*/decoder->private_->metadata_filter_ids_capacity))) {
+ 		FLAC__bitbuffer_delete(decoder->private_->input);
+ 		free(decoder->private_);
+ 		free(decoder->protected_);
+@@ -455,7 +456,7 @@
+ 	FLAC__ASSERT(0 != decoder->private_->metadata_filter_ids);
+ 
+ 	if(decoder->private_->metadata_filter_ids_count == decoder->private_->metadata_filter_ids_capacity) {
+-		if(0 == (decoder->private_->metadata_filter_ids = (FLAC__byte*)realloc(decoder->private_->metadata_filter_ids, decoder->private_->metadata_filter_ids_capacity * 2)))
++		if(0 == (decoder->private_->metadata_filter_ids = (FLAC__byte*)safe_realloc_mul_2op_(decoder->private_->metadata_filter_ids, decoder->private_->metadata_filter_ids_capacity, /*times*/2)))
+ 			return decoder->protected_->state = FLAC__STREAM_DECODER_MEMORY_ALLOCATION_ERROR;
+ 		decoder->private_->metadata_filter_ids_capacity *= 2;
+ 	}
+@@ -512,7 +513,7 @@
+ 	FLAC__ASSERT(0 != decoder->private_->metadata_filter_ids);
+ 
+ 	if(decoder->private_->metadata_filter_ids_count == decoder->private_->metadata_filter_ids_capacity) {
+-		if(0 == (decoder->private_->metadata_filter_ids = (FLAC__byte*)realloc(decoder->private_->metadata_filter_ids, decoder->private_->metadata_filter_ids_capacity * 2)))
++		if(0 == (decoder->private_->metadata_filter_ids = (FLAC__byte*)safe_realloc_mul_2op_(decoder->private_->metadata_filter_ids, decoder->private_->metadata_filter_ids_capacity, /*times*/2)))
+ 			return decoder->protected_->state = FLAC__STREAM_DECODER_MEMORY_ALLOCATION_ERROR;
+ 		decoder->private_->metadata_filter_ids_capacity *= 2;
+ 	}
+@@ -804,7 +805,7 @@
+ 		 * (at negative indices) for alignment purposes; we use 4
+ 		 * to keep the data well-aligned.
+ 		 */
+-		tmp = (FLAC__int32*)malloc(sizeof(FLAC__int32)*(size+4));
++		tmp = (FLAC__int32*)safe_malloc_mul_2op_(sizeof(FLAC__int32), /*times*/(size+4));
+ 		if(tmp == 0) {
+ 			decoder->protected_->state = FLAC__STREAM_DECODER_MEMORY_ALLOCATION_ERROR;
+ 			return false;
+@@ -967,7 +968,7 @@
+ 				case FLAC__METADATA_TYPE_APPLICATION:
+ 					/* remember, we read the ID already */
+ 					if(real_length > 0) {
+-						if(0 == (block.data.application.data = (FLAC__byte*)malloc(real_length))) {
++						if(0 == (block.data.application.data = (FLAC__byte*)safe_malloc_(real_length))) {
+ 							decoder->protected_->state = FLAC__STREAM_DECODER_MEMORY_ALLOCATION_ERROR;
+ 							return false;
+ 						}
+@@ -991,7 +992,7 @@
+ 					break;
+ 				default:
+ 					if(real_length > 0) {
+-						if(0 == (block.data.unknown.data = (FLAC__byte*)malloc(real_length))) {
++						if(0 == (block.data.unknown.data = (FLAC__byte*)safe_malloc_(real_length))) {
+ 							decoder->protected_->state = FLAC__STREAM_DECODER_MEMORY_ALLOCATION_ERROR;
+ 							return false;
+ 						}
+@@ -1132,7 +1133,7 @@
+ 	decoder->private_->seek_table.data.seek_table.num_points = length / FLAC__STREAM_METADATA_SEEKPOINT_LENGTH;
+ 
+ 	/* use realloc since we may pass through here several times (e.g. after seeking) */
+-	if(0 == (decoder->private_->seek_table.data.seek_table.points = (FLAC__StreamMetadata_SeekPoint*)realloc(decoder->private_->seek_table.data.seek_table.points, decoder->private_->seek_table.data.seek_table.num_points * sizeof(FLAC__StreamMetadata_SeekPoint)))) {
++	if(0 == (decoder->private_->seek_table.data.seek_table.points = (FLAC__StreamMetadata_SeekPoint*)safe_realloc_mul_2op_(decoder->private_->seek_table.data.seek_table.points, decoder->private_->seek_table.data.seek_table.num_points, /*times*/sizeof(FLAC__StreamMetadata_SeekPoint)))) {
+ 		decoder->protected_->state = FLAC__STREAM_DECODER_MEMORY_ALLOCATION_ERROR;
+ 		return false;
+ 	}
+@@ -1171,7 +1172,7 @@
+ 	if(!FLAC__bitbuffer_read_raw_uint32_little_endian(decoder->private_->input, &obj->vendor_string.length, read_callback_, decoder))
+ 		return false; /* the read_callback_ sets the state for us */
+ 	if(obj->vendor_string.length > 0) {
+-		if(0 == (obj->vendor_string.entry = (FLAC__byte*)malloc(obj->vendor_string.length+1))) {
++		if(0 == (obj->vendor_string.entry = (FLAC__byte*)safe_malloc_add_2op_(obj->vendor_string.length, /*+*/1))) {
+ 			decoder->protected_->state = FLAC__STREAM_DECODER_MEMORY_ALLOCATION_ERROR;
+ 			return false;
+ 		}
+@@ -1189,7 +1190,7 @@
+ 
+ 	/* read comments */
+ 	if(obj->num_comments > 0) {
+-		if(0 == (obj->comments = (FLAC__StreamMetadata_VorbisComment_Entry*)malloc(obj->num_comments * sizeof(FLAC__StreamMetadata_VorbisComment_Entry)))) {
++		if(0 == (obj->comments = (FLAC__StreamMetadata_VorbisComment_Entry*)safe_malloc_mul_2op_(obj->num_comments, /*times*/sizeof(FLAC__StreamMetadata_VorbisComment_Entry)))) {
+ 			decoder->protected_->state = FLAC__STREAM_DECODER_MEMORY_ALLOCATION_ERROR;
+ 			return false;
+ 		}
+@@ -1198,7 +1199,7 @@
+ 			if(!FLAC__bitbuffer_read_raw_uint32_little_endian(decoder->private_->input, &obj->comments[i].length, read_callback_, decoder))
+ 				return false; /* the read_callback_ sets the state for us */
+ 			if(obj->comments[i].length > 0) {
+-				if(0 == (obj->comments[i].entry = (FLAC__byte*)malloc(obj->comments[i].length+1))) {
++				if(0 == (obj->comments[i].entry = (FLAC__byte*)safe_malloc_add_2op_(obj->comments[i].length, /*+*/1))) {
+ 					decoder->protected_->state = FLAC__STREAM_DECODER_MEMORY_ALLOCATION_ERROR;
+ 					return false;
+ 				}
+@@ -1244,7 +1245,7 @@
+ 	obj->num_tracks = x;
+ 
+ 	if(obj->num_tracks > 0) {
+-		if(0 == (obj->tracks = (FLAC__StreamMetadata_CueSheet_Track*)calloc(obj->num_tracks, sizeof(FLAC__StreamMetadata_CueSheet_Track)))) {
++		if(0 == (obj->tracks = (FLAC__StreamMetadata_CueSheet_Track*)safe_calloc_(obj->num_tracks, sizeof(FLAC__StreamMetadata_CueSheet_Track)))) {
+ 			decoder->protected_->state = FLAC__STREAM_DECODER_MEMORY_ALLOCATION_ERROR;
+ 			return false;
+ 		}
+@@ -1277,7 +1278,7 @@
+ 			track->num_indices = (FLAC__byte)x;
+ 
+ 			if(track->num_indices > 0) {
+-				if(0 == (track->indices = (FLAC__StreamMetadata_CueSheet_Index*)calloc(track->num_indices, sizeof(FLAC__StreamMetadata_CueSheet_Index)))) {
++				if(0 == (track->indices = (FLAC__StreamMetadata_CueSheet_Index*)safe_calloc_(track->num_indices, sizeof(FLAC__StreamMetadata_CueSheet_Index)))) {
+ 					decoder->protected_->state = FLAC__STREAM_DECODER_MEMORY_ALLOCATION_ERROR;
+ 					return false;
+ 				}

audio/flac/files/patch-src_libFLAC_stream__encoder.c

@@ -0,0 +1,22 @@
+
+$FreeBSD$
+
+--- src/libFLAC/stream_encoder.c.orig
++++ src/libFLAC/stream_encoder.c
+@@ -50,6 +50,7 @@
+ #ifdef HAVE_CONFIG_H
+ #include <config.h>
+ #endif
++#include "share/alloc.h"
+ 
+ #ifdef min
+ #undef min
+@@ -836,7 +837,7 @@
+ 		 */
+ 		encoder->private_->verify.input_fifo.size = encoder->protected_->blocksize;
+ 		for(i = 0; i < encoder->protected_->channels; i++) {
+-			if(0 == (encoder->private_->verify.input_fifo.data[i] = (FLAC__int32*)malloc(sizeof(FLAC__int32) * encoder->private_->verify.input_fifo.size)))
++			if(0 == (encoder->private_->verify.input_fifo.data[i] = (FLAC__int32*)safe_malloc_mul_2op_(sizeof(FLAC__int32), /*times*/encoder->private_->verify.input_fifo.size)))
+ 				return encoder->protected_->state = FLAC__STREAM_ENCODER_MEMORY_ALLOCATION_ERROR;
+ 		}
+ 		encoder->private_->verify.input_fifo.tail = 0;

audio/flac/files/patch-src_libOggFLAC_file__decoder.c

@@ -0,0 +1,22 @@
+
+$FreeBSD$
+
+--- src/libOggFLAC/file_decoder.c.orig
++++ src/libOggFLAC/file_decoder.c
+@@ -43,6 +43,7 @@
+ #include "FLAC/assert.h"
+ #include "protected/file_decoder.h"
+ #include "protected/seekable_stream_decoder.h"
++#include "share/alloc.h"
+ 
+ /***********************************************************************
+  *
+@@ -248,7 +249,7 @@
+ 		decoder->private_->filename = 0;
+ 	}
+ 	if(0 != strcmp(value, "-")) {
+-		if(0 == (decoder->private_->filename = (char*)malloc(strlen(value)+1))) {
++		if(0 == (decoder->private_->filename = (char*)safe_malloc_add_2op_(strlen(value), /*+*/1))) {
+ 			decoder->protected_->state = OggFLAC__FILE_DECODER_MEMORY_ALLOCATION_ERROR;
+ 			return false;
+ 		}

audio/flac/files/patch-src_libOggFLAC_file__encoder.c

@@ -0,0 +1,22 @@
+
+$FreeBSD$
+
+--- src/libOggFLAC/file_encoder.c.orig
++++ src/libOggFLAC/file_encoder.c
+@@ -35,6 +35,7 @@
+ #include "FLAC/assert.h"
+ #include "OggFLAC/seekable_stream_encoder.h"
+ #include "protected/file_encoder.h"
++#include "share/alloc.h"
+ 
+ #ifdef max
+ #undef max
+@@ -450,7 +451,7 @@
+ 		free(encoder->private_->filename);
+ 		encoder->private_->filename = 0;
+ 	}
+-	if(0 == (encoder->private_->filename = (char*)malloc(strlen(value)+1))) {
++	if(0 == (encoder->private_->filename = (char*)safe_malloc_add_2op_(strlen(value), /*+*/1))) {
+ 		encoder->protected_->state = OggFLAC__FILE_ENCODER_MEMORY_ALLOCATION_ERROR;
+ 		return false;
+ 	}

audio/flac/files/patch-src_libOggFLAC_ogg__helper.c

@@ -0,0 +1,31 @@
+
+$FreeBSD$
+
+--- src/libOggFLAC/ogg_helper.c.orig
++++ src/libOggFLAC/ogg_helper.c
+@@ -34,6 +34,7 @@
+ #include "FLAC/assert.h"
+ #include "private/ogg_helper.h"
+ #include "protected/seekable_stream_encoder.h"
++#include "share/alloc.h"
+ 
+ 
+ static FLAC__bool full_read_(OggFLAC__SeekableStreamEncoder *encoder, FLAC__byte *buffer, unsigned bytes, OggFLAC__SeekableStreamEncoderReadCallback read_callback, void *client_data)
+@@ -102,7 +103,7 @@
+ 	}
+ 
+ 	/* allocate space for the page header */
+-	if(0 == (page->header = (unsigned char *)malloc(OGG_MAX_HEADER_LEN))) {
++	if(0 == (page->header = (unsigned char *)safe_malloc_(OGG_MAX_HEADER_LEN))) {
+ 		encoder->protected_->state = OggFLAC__SEEKABLE_STREAM_ENCODER_MEMORY_ALLOCATION_ERROR;
+ 		return false;
+ 	}
+@@ -144,7 +145,7 @@
+ 	}
+ 
+ 	/* allocate space for the page body */
+-	if(0 == (page->body = (unsigned char *)malloc(page->body_len))) {
++	if(0 == (page->body = (unsigned char *)safe_malloc_(page->body_len))) {
+ 		encoder->protected_->state = OggFLAC__SEEKABLE_STREAM_ENCODER_MEMORY_ALLOCATION_ERROR;
+ 		return false;
+ 	}

audio/flac/files/patch-src_metaflac_operations.c

@@ -0,0 +1,24 @@
+
+$FreeBSD$
+
+--- src/metaflac/operations.c.orig
++++ src/metaflac/operations.c
+@@ -21,6 +21,7 @@
+ #include "utils.h"
+ #include "FLAC/assert.h"
+ #include "FLAC/metadata.h"
++#include "share/alloc.h"
+ #include "share/grabbag.h"
+ #include <stdio.h>
+ #include <stdlib.h>
+@@ -430,8 +431,8 @@
+ 	}
+ 
+ 	if(
+-		0 == (title_gains = (float*)malloc(sizeof(float) * num_files)) ||
+-		0 == (title_peaks = (float*)malloc(sizeof(float) * num_files))
++		0 == (title_gains = (float*)safe_malloc_mul_2op_(sizeof(float), /*times*/num_files)) ||
++		0 == (title_peaks = (float*)safe_malloc_mul_2op_(sizeof(float), /*times*/num_files))
+ 	)
+ 		die("out of memory allocating space for title gains/peaks");
+ 

audio/flac/files/patch-src_metaflac_options.c

@@ -0,0 +1,66 @@
+
+$FreeBSD$
+
+--- src/metaflac/options.c.orig
++++ src/metaflac/options.c
+@@ -20,6 +20,7 @@
+ #include "usage.h"
+ #include "utils.h"
+ #include "FLAC/assert.h"
++#include "share/alloc.h"
+ #include <ctype.h>
+ #include <stdio.h>
+ #include <stdlib.h>
+@@ -183,7 +184,7 @@
+ 
+ 	if(options->num_files > 0) {
+ 		unsigned i = 0;
+-		if(0 == (options->filenames = (char**)malloc(sizeof(char*) * options->num_files)))
++		if(0 == (options->filenames = (char**)safe_malloc_mul_2op_(sizeof(char*), /*times*/options->num_files)))
+ 			die("out of memory allocating space for file names list");
+ 		while(share__optind < argc)
+ 			options->filenames[i++] = local_strdup(argv[share__optind++]);
+@@ -661,8 +662,10 @@
+ 	}
+ 	if(options->ops.capacity <= options->ops.num_operations) {
+ 		unsigned original_capacity = options->ops.capacity;
+-		options->ops.capacity *= 4;
+-		if(0 == (options->ops.operations = (Operation*)realloc(options->ops.operations, sizeof(Operation) * options->ops.capacity)))
++		if(options->ops.capacity > SIZE_MAX / 2) /* overflow check */
++			die("out of memory allocating space for option list");
++		options->ops.capacity *= 2;
++		if(0 == (options->ops.operations = (Operation*)safe_realloc_mul_2op_(options->ops.operations, sizeof(Operation), /*times*/options->ops.capacity)))
+ 			die("out of memory allocating space for option list");
+ 		memset(options->ops.operations + original_capacity, 0, sizeof(Operation) * (options->ops.capacity - original_capacity));
+ 	}
+@@ -680,8 +683,10 @@
+ 	}
+ 	if(options->args.capacity <= options->args.num_arguments) {
+ 		unsigned original_capacity = options->args.capacity;
+-		options->args.capacity *= 4;
+-		if(0 == (options->args.arguments = (Argument*)realloc(options->args.arguments, sizeof(Argument) * options->args.capacity)))
++		if(options->args.capacity > SIZE_MAX / 2) /* overflow check */
++			die("out of memory allocating space for option list");
++		options->args.capacity *= 2;
++		if(0 == (options->args.arguments = (Argument*)safe_realloc_mul_2op_(options->args.arguments, sizeof(Argument), /*times*/options->args.capacity)))
+ 			die("out of memory allocating space for option list");
+ 		memset(options->args.arguments + original_capacity, 0, sizeof(Argument) * (options->args.capacity - original_capacity));
+ 	}
+@@ -897,7 +902,7 @@
+ 
+ 	/* make space */
+ 	FLAC__ASSERT(out->num_entries > 0);
+-	if(0 == (out->entries = (unsigned*)malloc(sizeof(unsigned) * out->num_entries)))
++	if(0 == (out->entries = (unsigned*)safe_malloc_mul_2op_(sizeof(unsigned), /*times*/out->num_entries)))
+ 		die("out of memory allocating space for option list");
+ 
+ 	/* load 'em up */
+@@ -936,7 +941,7 @@
+ 
+ 	/* make space */
+ 	FLAC__ASSERT(out->num_entries > 0);
+-	if(0 == (out->entries = (Argument_BlockTypeEntry*)malloc(sizeof(Argument_BlockTypeEntry) * out->num_entries)))
++	if(0 == (out->entries = (Argument_BlockTypeEntry*)safe_malloc_mul_2op_(sizeof(Argument_BlockTypeEntry), /*times*/out->num_entries)))
+ 		die("out of memory allocating space for option list");
+ 
+ 	/* load 'em up */

audio/flac/files/patch-src_metaflac_utils.c

@@ -0,0 +1,22 @@
+
+$FreeBSD$
+
+--- src/metaflac/utils.c.orig
++++ src/metaflac/utils.c
+@@ -18,6 +18,7 @@
+ 
+ #include "utils.h"
+ #include "FLAC/assert.h"
++#include "share/alloc.h"
+ #include "share/utf8.h"
+ #include <ctype.h>
+ #include <stdarg.h>
+@@ -64,7 +65,7 @@
+ 	if(nsource == 0)
+ 		return;
+ 
+-	*dest = (char*)realloc(*dest, ndest + nsource + 1);
++	*dest = (char*)safe_realloc_add_3op_(*dest, ndest, /*+*/nsource, /*+*/1);
+ 	if(0 == *dest)
+ 		die("out of memory growing string");
+ 	strcpy((*dest)+ndest, source);

audio/flac/files/patch-src_plugin__common_charset.c

@@ -0,0 +1,25 @@
+
+$FreeBSD$
+
+--- src/plugin_common/charset.c.orig
++++ src/plugin_common/charset.c
+@@ -83,6 +83,8 @@
+ 	/* Due to a GLIBC bug, round outbuf_size up to a multiple of 4 */
+ 	/* + 1 for nul in case len == 1 */
+ 	outsize = ((length + 3) & ~3) + 1;
++	if(outsize < length) /* overflow check */
++		return NULL;
+ 	out = (char*)malloc(outsize);
+ 	outleft = outsize - 1;
+ 	outptr = out;
+@@ -95,6 +97,10 @@
+ 		{
+ 			case E2BIG:
+ 				used = outptr - out;
++				if((outsize - 1) * 2 + 1 <= outsize) { /* overflow check */
++					free(out);
++					return NULL;
++				}
+ 				outsize = (outsize - 1) * 2 + 1;
+ 				out = realloc(out, outsize);
+ 				outptr = out + used;

audio/flac/files/patch-src_plugin__common_tags.c

@@ -0,0 +1,59 @@
+
+$FreeBSD$
+
+--- src/plugin_common/tags.c.orig
++++ src/plugin_common/tags.c
+@@ -23,6 +23,7 @@
+ #include "tags.h"
+ #include "FLAC/assert.h"
+ #include "FLAC/metadata.h"
++#include "share/alloc.h"
+ 
+ 
+ static __inline unsigned local__wide_strlen(const FLAC__uint16 *s)
+@@ -82,7 +83,7 @@
+ 	}
+ 
+ 	/* allocate */
+-	out = (FLAC__uint16*)malloc(chars * sizeof(FLAC__uint16));
++	out = (FLAC__uint16*)safe_malloc_mul_2op_(chars, /*times*/sizeof(FLAC__uint16));
+ 	if (0 == out) {
+ 		FLAC__ASSERT(0);
+ 		return 0;
+@@ -130,19 +131,23 @@
+ static char *local__convert_ucs2_to_utf8(const FLAC__uint16 *src, unsigned length)
+ {
+ 	char *out;
+-	unsigned len = 0;
++	unsigned len = 0, n;
+ 
+ 	FLAC__ASSERT(0 != src);
+ 
+ 	/* calculate length */
+ 	{
+ 		unsigned i;
+-		for (i = 0; i < length; i++)
+-			len += local__ucs2len(src[i]);
++		for (i = 0; i < length; i++) {
++			n += local__ucs2len(src[i]);
++			if(len + n < len) /* overflow check */
++				return 0;
++			len += n;
++		}
+ 	}
+ 
+ 	/* allocate */
+-	out = (char*)malloc(len * sizeof(char));
++	out = (char*)safe_malloc_mul_2op_(len, /*times*/sizeof(char));
+ 	if (0 == out)
+ 		return 0;
+ 
+@@ -265,7 +270,7 @@
+ 		const size_t value_len = strlen(value);
+ 		const size_t separator_len = strlen(separator);
+ 		FLAC__byte *new_entry;
+-		if(0 == (new_entry = (FLAC__byte*)realloc(entry->entry, entry->length + value_len + separator_len + 1)))
++		if(0 == (new_entry = (FLAC__byte*)safe_realloc_add_4op_(entry->entry, entry->length, /*+*/value_len, /*+*/separator_len, /*+*/1)))
+ 			return false;
+ 		memcpy(new_entry+entry->length, separator, separator_len);
+ 		entry->length += separator_len;

audio/flac/files/patch-src_share_utf8_charset.c

@@ -0,0 +1,22 @@
+
+$FreeBSD$
+
+--- src/share/utf8/charset.c.orig
++++ src/share/utf8/charset.c
+@@ -35,6 +35,7 @@
+ 
+ #include <stdlib.h>
+ 
++#include "share/alloc.h"
+ #include "charset.h"
+ 
+ #include "charmaps.h"
+@@ -492,7 +493,7 @@
+   if (!charset1 || !charset2 )
+     return -1;
+ 
+-  tobuf = (char *)malloc(fromlen * charset2->max + 1);
++  tobuf = (char *)safe_malloc_mul2add_(fromlen, /*times*/charset2->max, /*+*/1);
+   if (!tobuf)
+     return -2;
+ 

audio/flac/files/patch-src_share_utf8_iconvert.c

@@ -0,0 +1,49 @@
+
+$FreeBSD$
+
+--- src/share/utf8/iconvert.c.orig
++++ src/share/utf8/iconvert.c
+@@ -27,6 +27,7 @@
+ #include <iconv.h>
+ #include <stdlib.h>
+ #include <string.h>
++#include "share/alloc.h"
+ 
+ /*
+  * Convert data from one encoding to another. Return:
+@@ -79,7 +80,7 @@
+      * This is deliberately not a config option as people often
+      * change their iconv library without rebuilding applications.
+      */
+-    tocode1 = (char *)malloc(strlen(tocode) + 11);
++    tocode1 = (char *)safe_malloc_add_2op_(strlen(tocode), /*+*/11);
+     if (!tocode1)
+       goto fail;
+ 
+@@ -117,6 +118,8 @@
+       break;
+     if (obl < 6) {
+       /* Enlarge the buffer */
++      if(utflen*2 < utflen) /* overflow check */
++        goto fail;
+       utflen *= 2;
+       newbuf = (char *)realloc(utfbuf, utflen);
+       if (!newbuf)
+@@ -143,7 +146,7 @@
+       iconv_close(cd1);
+       return ret;
+     }
+-    newbuf = (char *)realloc(utfbuf, (ob - utfbuf) + 1);
++    newbuf = (char *)safe_realloc_add_2op_(utfbuf, (ob - utfbuf), /*+*/1);
+     if (!newbuf)
+       goto fail;
+     ob = (ob - utfbuf) + newbuf;
+@@ -194,7 +197,7 @@
+   outlen += ob - tbuf;
+ 
+   /* Convert from UTF-8 for real */
+-  outbuf = (char *)malloc(outlen + 1);
++  outbuf = (char *)safe_malloc_add_2op_(outlen, /*+*/1);
+   if (!outbuf)
+     goto fail;
+   ib = utfbuf;

audio/flac/files/patch-src_share_utf8_utf8.c

@@ -0,0 +1,72 @@
+
+$FreeBSD$
+
+--- src/share/utf8/utf8.c.orig
++++ src/share/utf8/utf8.c
+@@ -28,6 +28,7 @@
+ #include <config.h>
+ #endif
+ 
++#include "share/alloc.h"
+ #include "utf8.h"
+ #include "charset.h"
+ 
+@@ -57,10 +58,13 @@
+         } else {
+             size += 3;
+         }
++        if(size+n < size) /* overflow check */
++            return NULL;
++        size += n;
+         c = unicode[index++];
+     }	
+ 
+-    out = malloc(size + 1);
++    out = safe_malloc_add_2op_(size, /*+*/1);
+     if (out == NULL)
+         return NULL;
+     index = 0;
+@@ -101,11 +105,15 @@
+         } else {
+             index += 1;
+         }
++        if(size + 1 == 0) /* overflow check */
++            return NULL;
+         size += 1;
+         c = utf8[index++];
+     }	
+ 
+-    out = malloc((size + 1) * sizeof(wchar_t));
++    if(size + 1 == 0) /* overflow check */
++        return NULL;
++    out = safe_malloc_mul_2op_((size + 1), /*times*/sizeof(wchar_t));
+     if (out == NULL)
+         return NULL;
+     index = 0;
+@@ -147,7 +155,7 @@
+ 		return -1;
+ 	}
+ 
+-	unicode = calloc(wchars + 1, sizeof(unsigned short));
++	unicode = safe_calloc_(wchars + 1, sizeof(unsigned short));
+ 	if(unicode == NULL) 
+ 	{
+ 		fprintf(stderr, "Out of memory processing string to UTF8\n");
+@@ -197,7 +205,7 @@
+         return -1;
+     }
+ 
+-    *to = calloc(chars + 1, sizeof(unsigned char));
++    *to = safe_calloc_(chars + 1, sizeof(unsigned char));
+     if(*to == NULL) 
+     {
+         fprintf(stderr, "Out of memory processing string to local charset\n");
+@@ -285,7 +293,7 @@
+   if (ret != -1)
+     return ret;
+ 
+-  s = malloc(fromlen + 1);
++  s = safe_malloc_add_2op_(fromlen, /*+*/1);
+   if (!s)
+     return -1;
+   strcpy(s, from);

audio/xmms-flac/Makefile

@@ -7,11 +7,14 @@
 
 PORTNAME=	xmms-flac
 PORTVERSION=	1.1.2
-PORTREVISION=	2
+PORTREVISION=	3
 CATEGORIES=	audio
-MASTER_SITES=	${MASTER_SITE_SOURCEFORGE}
-MASTER_SITE_SUBDIR=	flac
+MASTER_SITES=	${MASTER_SITE_SOURCEFORGE:S/$/:sf/} \
+		${MASTER_SITE_LOCAL:S/$/:local/}
+MASTER_SITE_SUBDIR=	flac/:sf naddy/:local
 DISTNAME=	flac-${PORTVERSION}
+DISTFILES=	${EXTRACT_ONLY}:sf flac-alloc.h:local
+EXTRACT_ONLY=	${DISTNAME}${EXTRACT_SUFX}
 
 MAINTAINER=	naddy@FreeBSD.org
 COMMENT=	XMMS input plugin for playing FLAC files
@@ -28,6 +31,9 @@ MAKE_ARGS=	LIBTOOL="${LIBTOOL} --tag=disable-static"
 MAKE_ENV=	MAKEOBJDIR=/nonexistent		# ignore ${WRKSRC}/obj
 MAKEFILE=	${FILESDIR}/Makefile
 
+post-extract:
+	@${CP} ${DISTDIR}/flac-alloc.h ${WRKSRC}/include/share/alloc.h
+
 # XXX
 post-install:
 	${RM} ${PREFIX}/lib/xmms/Input/libxmms-flac.la

audio/xmms-flac/distinfo

@@ -1,3 +1,6 @@
 MD5 (flac-1.1.2.tar.gz) = 2bfc127cdda02834d0491ab531a20960
 SHA256 (flac-1.1.2.tar.gz) = ce4f7d11b3c04a7368c916ca4abc284dd0c0256f461dfb7f07df1ab445e7a5c0
 SIZE (flac-1.1.2.tar.gz) = 1516235
+MD5 (flac-alloc.h) = 08891390039e2aee9bd4335f784467db
+SHA256 (flac-alloc.h) = da40afc663e5b3fe6dccd1a0f1c218b7ec02d3699d72b41d6978696896d7df98
+SIZE (flac-alloc.h) = 5697

audio/xmms-flac/files/patch-src_plugin__common_charset.c

@@ -0,0 +1,25 @@
+
+$FreeBSD$
+
+--- src/plugin_common/charset.c.orig
++++ src/plugin_common/charset.c
+@@ -83,6 +83,8 @@
+ 	/* Due to a GLIBC bug, round outbuf_size up to a multiple of 4 */
+ 	/* + 1 for nul in case len == 1 */
+ 	outsize = ((length + 3) & ~3) + 1;
++	if(outsize < length) /* overflow check */
++		return NULL;
+ 	out = (char*)malloc(outsize);
+ 	outleft = outsize - 1;
+ 	outptr = out;
+@@ -95,6 +97,10 @@
+ 		{
+ 			case E2BIG:
+ 				used = outptr - out;
++				if((outsize - 1) * 2 + 1 <= outsize) { /* overflow check */
++					free(out);
++					return NULL;
++				}
+ 				outsize = (outsize - 1) * 2 + 1;
+ 				out = realloc(out, outsize);
+ 				outptr = out + used;

audio/xmms-flac/files/patch-src_plugin__common_tags.c

@@ -0,0 +1,59 @@
+
+$FreeBSD$
+
+--- src/plugin_common/tags.c.orig
++++ src/plugin_common/tags.c
+@@ -23,6 +23,7 @@
+ #include "tags.h"
+ #include "FLAC/assert.h"
+ #include "FLAC/metadata.h"
++#include "share/alloc.h"
+ 
+ 
+ static __inline unsigned local__wide_strlen(const FLAC__uint16 *s)
+@@ -82,7 +83,7 @@
+ 	}
+ 
+ 	/* allocate */
+-	out = (FLAC__uint16*)malloc(chars * sizeof(FLAC__uint16));
++	out = (FLAC__uint16*)safe_malloc_mul_2op_(chars, /*times*/sizeof(FLAC__uint16));
+ 	if (0 == out) {
+ 		FLAC__ASSERT(0);
+ 		return 0;
+@@ -130,19 +131,23 @@
+ static char *local__convert_ucs2_to_utf8(const FLAC__uint16 *src, unsigned length)
+ {
+ 	char *out;
+-	unsigned len = 0;
++	unsigned len = 0, n;
+ 
+ 	FLAC__ASSERT(0 != src);
+ 
+ 	/* calculate length */
+ 	{
+ 		unsigned i;
+-		for (i = 0; i < length; i++)
+-			len += local__ucs2len(src[i]);
++		for (i = 0; i < length; i++) {
++			n += local__ucs2len(src[i]);
++			if(len + n < len) /* overflow check */
++				return 0;
++			len += n;
++		}
+ 	}
+ 
+ 	/* allocate */
+-	out = (char*)malloc(len * sizeof(char));
++	out = (char*)safe_malloc_mul_2op_(len, /*times*/sizeof(char));
+ 	if (0 == out)
+ 		return 0;
+ 
+@@ -265,7 +270,7 @@
+ 		const size_t value_len = strlen(value);
+ 		const size_t separator_len = strlen(separator);
+ 		FLAC__byte *new_entry;
+-		if(0 == (new_entry = (FLAC__byte*)realloc(entry->entry, entry->length + value_len + separator_len + 1)))
++		if(0 == (new_entry = (FLAC__byte*)safe_realloc_add_4op_(entry->entry, entry->length, /*+*/value_len, /*+*/separator_len, /*+*/1)))
+ 			return false;
+ 		memcpy(new_entry+entry->length, separator, separator_len);
+ 		entry->length += separator_len;

audio/xmms-flac/files/patch-src_plugin__xmms_plugin.c

@@ -16,3 +16,19 @@ $FreeBSD$
  	xmms_cfg_read_int(cfg, "flac", "stream.http_buffer_size", &flac_cfg.stream.http_buffer_size);
  	xmms_cfg_read_int(cfg, "flac", "stream.http_prebuffer", &flac_cfg.stream.http_prebuffer);
  	xmms_cfg_read_boolean(cfg, "flac", "stream.use_proxy", &flac_cfg.stream.use_proxy);
+@@ -425,8 +431,13 @@
+ 		if(title) {
+ 			if (source_to_decoder_type (filename) == DECODER_FILE) {
+ 				static const char *errtitle = "Invalid FLAC File: ";
+-				*title = g_malloc(strlen(errtitle) + 1 + strlen(filename) + 1 + 1);
+-				sprintf(*title, "%s\"%s\"", errtitle, filename);
++				if(strlen(errtitle) + 1 + strlen(filename) + 1 + 1 < strlen(filename)) { /* overflow check */
++					*title = NULL;
++				}
++				else {
++					*title = g_malloc(strlen(errtitle) + 1 + strlen(filename) + 1 + 1);
++					sprintf(*title, "%s\"%s\"", errtitle, filename);
++				}
+ 			} else {
+ 				*title = NULL;
+ 			}

audio/xmms-flac/files/patch-src_share_utf8_charset.c

@@ -0,0 +1,22 @@
+
+$FreeBSD$
+
+--- src/share/utf8/charset.c.orig
++++ src/share/utf8/charset.c
+@@ -35,6 +35,7 @@
+ 
+ #include <stdlib.h>
+ 
++#include "share/alloc.h"
+ #include "charset.h"
+ 
+ #include "charmaps.h"
+@@ -492,7 +493,7 @@
+   if (!charset1 || !charset2 )
+     return -1;
+ 
+-  tobuf = (char *)malloc(fromlen * charset2->max + 1);
++  tobuf = (char *)safe_malloc_mul2add_(fromlen, /*times*/charset2->max, /*+*/1);
+   if (!tobuf)
+     return -2;
+ 

audio/xmms-flac/files/patch-src_share_utf8_iconvert.c

@@ -0,0 +1,49 @@
+
+$FreeBSD$
+
+--- src/share/utf8/iconvert.c.orig
++++ src/share/utf8/iconvert.c
+@@ -27,6 +27,7 @@
+ #include <iconv.h>
+ #include <stdlib.h>
+ #include <string.h>
++#include "share/alloc.h"
+ 
+ /*
+  * Convert data from one encoding to another. Return:
+@@ -79,7 +80,7 @@
+      * This is deliberately not a config option as people often
+      * change their iconv library without rebuilding applications.
+      */
+-    tocode1 = (char *)malloc(strlen(tocode) + 11);
++    tocode1 = (char *)safe_malloc_add_2op_(strlen(tocode), /*+*/11);
+     if (!tocode1)
+       goto fail;
+ 
+@@ -117,6 +118,8 @@
+       break;
+     if (obl < 6) {
+       /* Enlarge the buffer */
++      if(utflen*2 < utflen) /* overflow check */
++        goto fail;
+       utflen *= 2;
+       newbuf = (char *)realloc(utfbuf, utflen);
+       if (!newbuf)
+@@ -143,7 +146,7 @@
+       iconv_close(cd1);
+       return ret;
+     }
+-    newbuf = (char *)realloc(utfbuf, (ob - utfbuf) + 1);
++    newbuf = (char *)safe_realloc_add_2op_(utfbuf, (ob - utfbuf), /*+*/1);
+     if (!newbuf)
+       goto fail;
+     ob = (ob - utfbuf) + newbuf;
+@@ -194,7 +197,7 @@
+   outlen += ob - tbuf;
+ 
+   /* Convert from UTF-8 for real */
+-  outbuf = (char *)malloc(outlen + 1);
++  outbuf = (char *)safe_malloc_add_2op_(outlen, /*+*/1);
+   if (!outbuf)
+     goto fail;
+   ib = utfbuf;

audio/xmms-flac/files/patch-src_share_utf8_utf8.c

@@ -0,0 +1,72 @@
+
+$FreeBSD$
+
+--- src/share/utf8/utf8.c.orig
++++ src/share/utf8/utf8.c
+@@ -28,6 +28,7 @@
+ #include <config.h>
+ #endif
+ 
++#include "share/alloc.h"
+ #include "utf8.h"
+ #include "charset.h"
+ 
+@@ -57,10 +58,13 @@
+         } else {
+             size += 3;
+         }
++        if(size+n < size) /* overflow check */
++            return NULL;
++        size += n;
+         c = unicode[index++];
+     }	
+ 
+-    out = malloc(size + 1);
++    out = safe_malloc_add_2op_(size, /*+*/1);
+     if (out == NULL)
+         return NULL;
+     index = 0;
+@@ -101,11 +105,15 @@
+         } else {
+             index += 1;
+         }
++        if(size + 1 == 0) /* overflow check */
++            return NULL;
+         size += 1;
+         c = utf8[index++];
+     }	
+ 
+-    out = malloc((size + 1) * sizeof(wchar_t));
++    if(size + 1 == 0) /* overflow check */
++        return NULL;
++    out = safe_malloc_mul_2op_((size + 1), /*times*/sizeof(wchar_t));
+     if (out == NULL)
+         return NULL;
+     index = 0;
+@@ -147,7 +155,7 @@
+ 		return -1;
+ 	}
+ 
+-	unicode = calloc(wchars + 1, sizeof(unsigned short));
++	unicode = safe_calloc_(wchars + 1, sizeof(unsigned short));
+ 	if(unicode == NULL) 
+ 	{
+ 		fprintf(stderr, "Out of memory processing string to UTF8\n");
+@@ -197,7 +205,7 @@
+         return -1;
+     }
+ 
+-    *to = calloc(chars + 1, sizeof(unsigned char));
++    *to = safe_calloc_(chars + 1, sizeof(unsigned char));
+     if(*to == NULL) 
+     {
+         fprintf(stderr, "Out of memory processing string to local charset\n");
+@@ -285,7 +293,7 @@
+   if (ret != -1)
+     return ret;
+ 
+-  s = malloc(fromlen + 1);
++  s = safe_malloc_add_2op_(fromlen, /*+*/1);
+   if (!s)
+     return -1;
+   strcpy(s, from);