cpet/openbsd-ports
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

SECURITY: fix a remote code execution vulnerability issue with the

Browse Source 
Mastroska container support (VideoLAN-SA-1102).

from Brad (maintainer)
ok sthen@
This commit is contained in:
ajacoutot 2011-02-02 09:34:23 +00:00
parent 063d8730bb
commit 77403fc962
4 changed files with 47 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
x11/vlc/Makefile
View File

@ -1,4 +1,4 @@
# $OpenBSD: Makefile,v 1.114 2011/01/22 09:10:22 ajacoutot Exp $ # $OpenBSD: Makefile,v 1.115 2011/02/02 09:34:23 ajacoutot Exp $
SHARED_ONLY= Yes SHARED_ONLY= Yes
@ -7,7 +7,7 @@ COMMENT-main= VideoLAN client; multimedia player
V= 1.0.6 V= 1.0.6
DISTNAME= vlc-${V} DISTNAME= vlc-${V}
PKGNAME-main= ${DISTNAME} PKGNAME-main= ${DISTNAME}
REVISION-main= 15 REVISION-main= 16
REVISION-jack= 3 REVISION-jack= 3
REVISION-web= 5 REVISION-web= 5
CATEGORIES= x11 CATEGORIES= x11

15
x11/vlc/patches/patch-modules_demux_mkv_demux_cpp Normal file
View File

@ -0,0 +1,15 @@
$OpenBSD: patch-modules_demux_mkv_demux_cpp,v 1.1 2011/02/02 09:34:23 ajacoutot Exp $
Insufficient input validation in MKV demuxer (VideoLAN-SA-1102).
--- modules/demux/mkv/demux.cpp.orig Tue Feb 1 20:03:12 2011
+++ modules/demux/mkv/demux.cpp Tue Feb 1 20:03:46 2011
@@ -94,7 +94,7 @@ matroska_stream_c *demux_sys_t::AnalyseAllSegmentsFoun
while (p_l0 != 0)
{
- if (EbmlId(*p_l0) == KaxSegment::ClassInfos.GlobalId)
+ if ( MKV_IS_ID( p_l0, KaxSegment) )
{
EbmlParser *ep;
matroska_segment_c *p_segment1 = new matroska_segment_c( *this, *p_estream );

15
x11/vlc/patches/patch-modules_demux_mkv_matroska_segment_parse_cpp Normal file
View File

@ -0,0 +1,15 @@
$OpenBSD: patch-modules_demux_mkv_matroska_segment_parse_cpp,v 1.1 2011/02/02 09:34:23 ajacoutot Exp $
Insufficient input validation in MKV demuxer (VideoLAN-SA-1102).
--- modules/demux/mkv/matroska_segment_parse.cpp.orig Tue Feb 1 20:03:56 2011
+++ modules/demux/mkv/matroska_segment_parse.cpp Tue Feb 1 20:04:53 2011
@@ -538,7 +538,7 @@ void matroska_segment_c::ParseTrackEntry( KaxTrackEntr
tk->f_fps = float( vfps );
msg_Dbg( &sys.demuxer, " | | | + fps=%f", float( vfps ) );
}
- else if( EbmlId( *l ) == KaxVideoDisplayUnit::ClassInfos.GlobalId )
+ else if( MKV_IS_ID( l, KaxVideoDisplayUnit ) )
{
KaxVideoDisplayUnit &vdmode = *(KaxVideoDisplayUnit*)l;

15
x11/vlc/patches/patch-modules_demux_mkv_mkv_hpp Normal file
View File

@ -0,0 +1,15 @@
$OpenBSD: patch-modules_demux_mkv_mkv_hpp,v 1.1 2011/02/02 09:34:23 ajacoutot Exp $
Insufficient input validation in MKV demuxer (VideoLAN-SA-1102).
--- modules/demux/mkv/mkv.hpp.orig Tue Feb 1 20:02:28 2011
+++ modules/demux/mkv/mkv.hpp Tue Feb 1 20:02:54 2011
@@ -130,7 +130,7 @@ extern "C" {
#endif
-#define MKV_IS_ID( el, C ) ( EbmlId( (*el) ) == C::ClassInfos.GlobalId )
+#define MKV_IS_ID( el, C ) ( el != NULL && typeid( *el ) == typeid( C ) )
using namespace LIBMATROSKA_NAMESPACE;