openbsd-ports/x11/vlc/patches/patch-modules_codec_cdg_c

$OpenBSD: patch-modules_codec_cdg_c,v 1.1 2011/01/14 19:46:46 jasper Exp $

Fix heap overflows

From upstream git commit: d11fca8bf9dc058bcdf67d81c04f84f8905ad8b4

--- modules/codec/cdg.c.orig	Wed Jan 12 22:04:27 2011
+++ modules/codec/cdg.c	Wed Jan 12 22:06:35 2011
@@ -255,7 +255,13 @@ static int DecodeTileBlock( decoder_sys_t *p_cdg, cons
         for( x = 0; x < 6; x++ )
         {
             const int idx = ( p_data[4+y] >> (5-x) ) & 0x01;
-            uint8_t *p = &p_cdg->p_screen[(sy+y)*CDG_SCREEN_PITCH+(sx+x)];
+
+            int index = (sy+y)*CDG_SCREEN_PITCH+(sx+x);
+            if( index >= CDG_SCREEN_PITCH*CDG_SCREEN_HEIGHT )
+                return 0;
+
+            uint8_t *p = &p_cdg->p_screen[index];
+
             if( doXor )
                 *p ^= p_color[idx];
             else
@@ -320,8 +326,8 @@ static int DecodeScroll( decoder_sys_t *p_cdg, const u
 
             if( b_copy )
             {
-                dy = ( dy + CDG_SCREEN_HEIGHT ) % CDG_SCREEN_HEIGHT;
-                dy = ( dy + CDG_SCREEN_WIDTH  ) % CDG_SCREEN_WIDTH;
+                dy %= CDG_SCREEN_HEIGHT;
+                dx %= CDG_SCREEN_WIDTH;
             }
             else
             {
Fix heap overflows in CDG decoder from brad (MAINTAINER) 2011-01-14 14:46:46 -05:00			$OpenBSD: patch-modules_codec_cdg_c,v 1.1 2011/01/14 19:46:46 jasper Exp $

			`Fix heap overflows`

			`From upstream git commit: d11fca8bf9dc058bcdf67d81c04f84f8905ad8b4`

			`--- modules/codec/cdg.c.orig Wed Jan 12 22:04:27 2011`
			`+++ modules/codec/cdg.c Wed Jan 12 22:06:35 2011`
			`@@ -255,7 +255,13 @@ static int DecodeTileBlock( decoder_sys_t *p_cdg, cons`
			`for( x = 0; x < 6; x++ )`
			`{`
			`const int idx = ( p_data[4+y] >> (5-x) ) & 0x01;`
			`- uint8_t p = &p_cdg->p_screen[(sy+y)CDG_SCREEN_PITCH+(sx+x)];`
			`+`
			`+ int index = (sy+y)*CDG_SCREEN_PITCH+(sx+x);`
			`+ if( index >= CDG_SCREEN_PITCH*CDG_SCREEN_HEIGHT )`
			`+ return 0;`
			`+`
			`+ uint8_t *p = &p_cdg->p_screen[index];`
			`+`
			`if( doXor )`
			`*p ^= p_color[idx];`
			`else`
			`@@ -320,8 +326,8 @@ static int DecodeScroll( decoder_sys_t *p_cdg, const u`

			`if( b_copy )`
			`{`
			`- dy = ( dy + CDG_SCREEN_HEIGHT ) % CDG_SCREEN_HEIGHT;`
			`- dy = ( dy + CDG_SCREEN_WIDTH ) % CDG_SCREEN_WIDTH;`
			`+ dy %= CDG_SCREEN_HEIGHT;`
			`+ dx %= CDG_SCREEN_WIDTH;`
			`}`
			`else`
			`{`