security update, fix buffer overflow CVE-2010-3275, CVE-2010-3276, from Brad

2011-03-25 01:07:00 +00:00 · 2011-03-25 01:07:00 +00:00 · 592f947173
commit 592f947173
parent 9bf4877c1b
2 changed files with 17 additions and 2 deletions
--- a/x11/vlc/Makefile
+++ b/x11/vlc/Makefile
@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.116 2011/03/12 21:19:13 jakemsr Exp $
+# $OpenBSD: Makefile,v 1.117 2011/03/25 01:07:00 sthen Exp $

 SHARED_ONLY=	Yes

@ -7,7 +7,7 @@ COMMENT-main=	VideoLAN client; multimedia player
 V=		1.0.6
 DISTNAME=	vlc-${V}
 PKGNAME-main=	${DISTNAME}
-REVISION-main=	17
+REVISION-main=	18
 REVISION-jack=	3
 REVISION-web=	5
 CATEGORIES=	x11
--- a/x11/vlc/patches/patch-src_video_output_video_output_c
+++ b/x11/vlc/patches/patch-src_video_output_video_output_c
@ -0,0 +1,15 @@
+$OpenBSD: patch-src_video_output_video_output_c,v 1.1 2011/03/25 01:07:00 sthen Exp $
+
+Consider too large width/height as invalid. CVE-2010-3275, CVE-2010-3276
+
+--- src/video_output/video_output.c.orig	Thu Mar 24 19:05:48 2011
+++ src/video_output/video_output.c	Thu Mar 24 19:06:23 2011
+@@ -310,7 +310,7 @@ vout_thread_t * __vout_Create( vlc_object_t *p_parent,
+     char *psz_parser;
+     char *psz_name;
+ 
+-    if( i_width <= 0 || i_height <= 0 || i_aspect <= 0 )
+    if( i_width <= 0 || i_height <= 0 || i_aspect <= 0 || i_width > 8192 || i_height > 8192 )
+         return NULL;
+ 
+     vlc_ureduce( &p_fmt->i_sar_num, &p_fmt->i_sar_den,