Add patch to resolve divide-by-zero CVE
Security: CVE-2015-5479 Security: a928960a-2bdc-11e5-86ff-14dae9d210b8
This commit is contained in:
Mark Felder
parent
301953df6f
commit
80f422dad6
Notes:
svn2git
2021-03-31 03:12:20 +00:00
svn path=/head/; revision=392316
@ -2,7 +2,7 @@
|
||||
|
||||
PORTNAME= libav
|
||||
PORTVERSION= 11.3
|
||||
PORTREVISION= 2
|
||||
PORTREVISION= 3
|
||||
CATEGORIES= multimedia audio ipv6 net
|
||||
MASTER_SITES= http://libav.org/releases/
|
||||
|
||||
|
||||
51
multimedia/libav/files/patch-CVE-2015-5479
Normal file
51
multimedia/libav/files/patch-CVE-2015-5479
Normal file
@ -0,0 +1,51 @@
|
||||
From: Luca Barbato <lu_zero@gentoo.org>
|
||||
Date: Fri, 26 Jun 2015 13:57:16 +0000 (+0200)
|
||||
Subject: h263: Always check both dimensions
|
||||
X-Git-Url: https://git.libav.org/?p=libav.git;a=commitdiff_plain;h=0a49a62f998747cfa564d98d36a459fe70d3299b;hp=6f4cd33efb5a9ec75db1677d5f7846c60337129f
|
||||
|
||||
h263: Always check both dimensions
|
||||
|
||||
CC: libav-stable@libav.org
|
||||
Found-By: ago@gentoo.org
|
||||
---
|
||||
|
||||
diff --git a/libavcodec/ituh263dec.c b/libavcodec/ituh263dec.c
|
||||
index b1da22f..b9189b2 100644
|
||||
--- libavcodec/ituh263dec.c.orig
|
||||
+++ libavcodec/ituh263dec.c
|
||||
@@ -30,6 +30,7 @@
|
||||
#include <limits.h>
|
||||
|
||||
#include "libavutil/attributes.h"
|
||||
+#include "libavutil/imgutils.h"
|
||||
#include "libavutil/internal.h"
|
||||
#include "libavutil/mathematics.h"
|
||||
#include "avcodec.h"
|
||||
@@ -868,7 +869,7 @@ end:
|
||||
/* most is hardcoded. should extend to handle all h263 streams */
|
||||
int ff_h263_decode_picture_header(MpegEncContext *s)
|
||||
{
|
||||
- int format, width, height, i;
|
||||
+ int format, width, height, i, ret;
|
||||
uint32_t startcode;
|
||||
|
||||
align_get_bits(&s->gb);
|
||||
@@ -919,8 +920,6 @@ int ff_h263_decode_picture_header(MpegEncContext *s)
|
||||
/* H.263v1 */
|
||||
width = ff_h263_format[format][0];
|
||||
height = ff_h263_format[format][1];
|
||||
- if (!width)
|
||||
- return -1;
|
||||
|
||||
s->pict_type = AV_PICTURE_TYPE_I + get_bits1(&s->gb);
|
||||
|
||||
@@ -1073,6 +1072,9 @@ int ff_h263_decode_picture_header(MpegEncContext *s)
|
||||
s->qscale = get_bits(&s->gb, 5);
|
||||
}
|
||||
|
||||
+ if ((ret = av_image_check_size(s->width, s->height, 0, s)) < 0)
|
||||
+ return ret;
|
||||
+
|
||||
s->mb_width = (s->width + 15) / 16;
|
||||
s->mb_height = (s->height + 15) / 16;
|
||||
s->mb_num = s->mb_width * s->mb_height;
|
||||
Loading…
Reference in New Issue
Block a user