Fix for CVE-2016-4352, from upstream

ok aja@
2016-07-05 06:59:29 +00:00 · 2016-07-05 06:59:29 +00:00 · 139ba6b71a
commit 139ba6b71a
parent 634cc89650
2 changed files with 27 additions and 2 deletions
--- a/x11/mplayer/Makefile
+++ b/x11/mplayer/Makefile
@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.263 2016/05/03 06:06:26 ajacoutot Exp $
+# $OpenBSD: Makefile,v 1.264 2016/07/05 06:59:29 jasper Exp $

 # May not be hard to add more.
 ONLY_FOR_ARCHS=	${GCC4_ARCHS}
@ -8,7 +8,7 @@ COMMENT=	movie player supporting many formats
 V=		20160306
 FFMPEG_V=	20160502
 DISTNAME=	mplayer-${V}
-REVISION=	1
+REVISION=	2
 CATEGORIES=	x11 multimedia
 MASTER_SITES=	http://comstyle.com/source/
 EXTRACT_SUFX=	.tar.xz
--- a/x11/mplayer/patches/patch-libmpdemux_demux_gif_c
+++ b/x11/mplayer/patches/patch-libmpdemux_demux_gif_c
@ -0,0 +1,25 @@
+$OpenBSD: patch-libmpdemux_demux_gif_c,v 1.1 2016/07/05 06:59:29 jasper Exp $
+
+CVE-2016-4352
+https://trac.mplayerhq.hu/ticket/2295
+
+--- libmpdemux/demux_gif.c.orig	Mon Mar  7 02:23:27 2016
+++ libmpdemux/demux_gif.c	Mon Jul  4 09:29:41 2016
+@@ -304,6 +304,17 @@ static demuxer_t* demux_open_gif(demuxer_t* demuxer)
+     return NULL;
+   }
+ 
+  // Validate image size, most code in this demuxer assumes w*h <= INT_MAX
+  if ((int64_t)gif->SWidth * gif->SHeight > INT_MAX) {
+    mp_msg(MSGT_DEMUX, MSGL_ERR,
+           "[demux_gif] Unsupported picture size %dx%d.\n", gif->SWidth,
+           gif->SHeight);
+    if (DGifCloseFile(gif) == GIF_ERROR)
+      print_gif_error(NULL);
+    free(priv);
+    return NULL;
+  }
+
+   // create a new video stream header
+   sh_video = new_sh_video(demuxer, 0);
+