Package: libfaad-dev Version: 2.6.1-3.1 Severity: grave The patch debian/patches/02_public-headers.dpatch breaks both the faad API and ABI. When compiling code against the Debian package libfaad-dev, gcc emits the following error messages (with -Werror):
decoder/aac_plugin.c: In function 'getAacFloatTotalTime': decoder/aac_plugin.c:275: error: passing argument 4 of 'NeAACDecInit' from incompatible pointer type decoder/aac_plugin.c: In function 'aac_stream_decode': decoder/aac_plugin.c:346: error: passing argument 4 of 'NeAACDecInit' from incompatible pointer type Upstream has "unsigned long" arguments where the Debian package has "uint32_t". Code which tries to pass an "unsigned long" pointer here will break both on the ABI and the API level, and this may result in corrupted data (when copying a binary compiled with upstream, the upper 32 bit of the long are undefined), or in a buffer overflow (when running a Debian binary on a non-Debian machine with unmodified libfaad, which writes 64 bit when there is room only for 32 bit). Severity "grave" because Debian introduces a dangerous ABI incompatibility with this patch, which may result in buffer overflows (AMD64 or other platforms with a 64 bit "long"). -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
