- Fix heap overflow in DMO loader. (CVE-2007-1246)

- regen patches while here pulled from MPlayer SVN by Brad <brad@comstyle.com>
2007-04-13 23:13:21 +00:00 · 2007-04-13 23:13:21 +00:00 · 88d299f7f1
commit 88d299f7f1
parent 5099324475
11 changed files with 51 additions and 40 deletions
--- a/x11/mplayer/Makefile
+++ b/x11/mplayer/Makefile
@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.115 2007/04/08 17:33:39 ajacoutot Exp $
+# $OpenBSD: Makefile,v 1.116 2007/04/13 23:13:21 robert Exp $

 # May not be hard to add more.
 ONLY_FOR_ARCHS=		amd64 i386 powerpc sparc64 arm
@ -7,7 +7,7 @@ COMMENT=		"Movie player supporting MPEG, DivX, AVI, ASF, MOV & more"

 DISTNAME=		MPlayer-1.0pre8
 DIST_SUBDIR=		mplayer
-PKGNAME=		${DISTNAME:L}p10
+PKGNAME=		${DISTNAME:L}p11
 CATEGORIES=		x11
 EXTRACT_SUFX=		.tar.bz2

--- a/x11/mplayer/patches/patch-Makefile
+++ b/x11/mplayer/patches/patch-Makefile
@ -1,7 +1,7 @@
-$OpenBSD: patch-Makefile,v 1.13 2007/04/08 17:33:39 ajacoutot Exp $
--- Makefile.orig	Sun Apr  8 10:17:01 2007
-+++ Makefile	Sun Apr  8 10:17:01 2007
-@@ -429,7 +429,7 @@ LIBS_MENCODER = libmpcodecs/libmpencoders.a \
+$OpenBSD: patch-Makefile,v 1.14 2007/04/13 23:13:21 robert Exp $
+--- Makefile.orig	Sat Apr 14 00:35:28 2007
+++ Makefile	Sat Apr 14 00:35:28 2007
+@@ -429,7 +429,7 @@ LIBS_MENCODER = libmpcodecs/libmpencoder
                 $(LIBC_LIB) \
 
 $(PRG_MENCODER): $(MENCODER_DEP)
--- a/x11/mplayer/patches/patch-TOOLS_subfont-c_subfont_c
+++ b/x11/mplayer/patches/patch-TOOLS_subfont-c_subfont_c
@ -1,7 +1,7 @@
-$OpenBSD: patch-TOOLS_subfont-c_subfont_c,v 1.5 2007/04/08 17:33:39 ajacoutot Exp $
+$OpenBSD: patch-TOOLS_subfont-c_subfont_c,v 1.6 2007/04/13 23:13:21 robert Exp $
 --- TOOLS/subfont-c/subfont.c.orig	Sun Jun 11 20:35:45 2006
-+++ TOOLS/subfont-c/subfont.c	Sun Apr  8 10:17:01 2007
-@@ -831,6 +831,18 @@ unsigned gmatrix(unsigned *m, int r, int w, double con
+++ TOOLS/subfont-c/subfont.c	Sat Apr 14 00:35:28 2007
+@@ -831,6 +831,18 @@ unsigned gmatrix(unsigned *m, int r, int
 }
 
 
--- a/x11/mplayer/patches/patch-libavcodec_bitstream_h
+++ b/x11/mplayer/patches/patch-libavcodec_bitstream_h
@ -1,7 +1,7 @@
-$OpenBSD: patch-libavcodec_bitstream_h,v 1.3 2007/04/08 17:33:39 ajacoutot Exp $
+$OpenBSD: patch-libavcodec_bitstream_h,v 1.4 2007/04/13 23:13:21 robert Exp $
 --- libavcodec/bitstream.h.orig	Sun Jun 11 20:35:48 2006
-+++ libavcodec/bitstream.h	Sun Apr  8 10:17:01 2007
-@@ -374,7 +374,7 @@ for examples see get_bits, show_bits, skip_bits, get_v
+++ libavcodec/bitstream.h	Sat Apr 14 00:35:28 2007
+@@ -374,7 +374,7 @@ for examples see get_bits, show_bits, sk
 
 static inline int unaligned32_be(const void *v)
 {
--- a/x11/mplayer/patches/patch-libmpcodecs_ve_x264_c
+++ b/x11/mplayer/patches/patch-libmpcodecs_ve_x264_c
@ -1,6 +1,6 @@
-$OpenBSD: patch-libmpcodecs_ve_x264_c,v 1.1 2007/04/08 17:33:39 ajacoutot Exp $
--- libmpcodecs/ve_x264.c.orig	Sun Apr  8 10:17:32 2007
-+++ libmpcodecs/ve_x264.c	Sun Apr  8 10:13:03 2007
+$OpenBSD: patch-libmpcodecs_ve_x264_c,v 1.2 2007/04/13 23:13:21 robert Exp $
+--- libmpcodecs/ve_x264.c.orig	Sun Jun 11 20:35:41 2006
+++ libmpcodecs/ve_x264.c	Sat Apr 14 00:35:28 2007
@@ -208,7 +208,7 @@ m_option_t x264encopts_conf[] = {
 };
 
@ -10,7 +10,7 @@ $OpenBSD: patch-libmpcodecs_ve_x264_c,v 1.1 2007/04/08 17:33:39 ajacoutot Exp $
     int i;
     if (!str) return 0;
     for (i = 0; i < length; i++) {
-@@ -247,8 +247,11 @@ static int config(struct vf_instance_s* vf, int width,
+@@ -247,8 +247,11 @@ static int config(struct vf_instance_s* 
     mod->param.i_deblocking_filter_beta = deblockbeta;
     mod->param.b_cabac = cabac;
 
@ -23,7 +23,7 @@ $OpenBSD: patch-libmpcodecs_ve_x264_c,v 1.1 2007/04/08 17:33:39 ajacoutot Exp $
     if(qp_min > qp_constant)
         qp_min = qp_constant;
     if(qp_max < qp_constant)
-@@ -275,7 +278,7 @@ static int config(struct vf_instance_s* vf, int width,
+@@ -275,7 +278,7 @@ static int config(struct vf_instance_s* 
                    "VBV requires both vbv_maxrate and vbv_bufsize.\n");
             return 0;
         }
--- a/x11/mplayer/patches/patch-libmpdemux_realrtsp_asmrp_c
+++ b/x11/mplayer/patches/patch-libmpdemux_realrtsp_asmrp_c
@ -1,6 +1,6 @@
-$OpenBSD: patch-libmpdemux_realrtsp_asmrp_c,v 1.2 2007/04/08 17:33:39 ajacoutot Exp $
+$OpenBSD: patch-libmpdemux_realrtsp_asmrp_c,v 1.3 2007/04/13 23:13:21 robert Exp $
 --- libmpdemux/realrtsp/asmrp.c.orig	Sun Jun 11 20:35:46 2006
-+++ libmpdemux/realrtsp/asmrp.c	Sun Apr  8 10:17:01 2007
+++ libmpdemux/realrtsp/asmrp.c	Sat Apr 14 00:35:28 2007
@@ -40,6 +40,7 @@
 #include <stdlib.h>
 #include <stdio.h>
@ -9,7 +9,7 @@ $OpenBSD: patch-libmpdemux_realrtsp_asmrp_c,v 1.2 2007/04/08 17:33:39 ajacoutot
 
 /*
 #define LOG
-@@ -645,8 +646,10 @@ static int asmrp_eval (asmrp_t *p, int *matches) {
+@@ -645,8 +646,10 @@ static int asmrp_eval (asmrp_t *p, int *
 #ifdef LOG
       printf ("rule #%d is true\n", rule_num);
 #endif
--- a/x11/mplayer/patches/patch-libmpdemux_realrtsp_real_c
+++ b/x11/mplayer/patches/patch-libmpdemux_realrtsp_real_c
@ -1,7 +1,7 @@
-$OpenBSD: patch-libmpdemux_realrtsp_real_c,v 1.3 2007/04/08 17:33:39 ajacoutot Exp $
+$OpenBSD: patch-libmpdemux_realrtsp_real_c,v 1.4 2007/04/13 23:13:21 robert Exp $
 --- libmpdemux/realrtsp/real.c.orig	Sun Jun 11 20:35:46 2006
-+++ libmpdemux/realrtsp/real.c	Sun Apr  8 10:17:01 2007
-@@ -528,7 +528,7 @@ rmff_header_t *real_parse_sdp(char *data, char **strea
+++ libmpdemux/realrtsp/real.c	Sat Apr 14 00:35:28 2007
+@@ -528,7 +528,7 @@ rmff_header_t *real_parse_sdp(char *data
     int j=0;
     int n;
     char b[64];
--- a/x11/mplayer/patches/patch-libmpdemux_tvi_bsdbt848_c
+++ b/x11/mplayer/patches/patch-libmpdemux_tvi_bsdbt848_c
@ -1,6 +1,6 @@
-$OpenBSD: patch-libmpdemux_tvi_bsdbt848_c,v 1.3 2007/04/08 17:33:39 ajacoutot Exp $
+$OpenBSD: patch-libmpdemux_tvi_bsdbt848_c,v 1.4 2007/04/13 23:13:21 robert Exp $
 --- libmpdemux/tvi_bsdbt848.c.orig	Sun Jun 11 20:35:46 2006
-+++ libmpdemux/tvi_bsdbt848.c	Sun Apr  8 10:17:02 2007
+++ libmpdemux/tvi_bsdbt848.c	Sat Apr 14 00:35:28 2007
@@ -40,9 +40,12 @@
 #include <string.h>
 
@ -78,7 +78,7 @@ $OpenBSD: patch-libmpdemux_tvi_bsdbt848_c,v 1.3 2007/04/08 17:33:39 ajacoutot Ex
 
 static void processframe(int signal)
 {
-@@ -212,6 +242,19 @@ static int control(priv_t *priv, int cmd, void *arg)
+@@ -212,6 +242,19 @@ static int control(priv_t *priv, int cmd
         return(TVI_CONTROL_TRUE);        
         }
 
@ -98,7 +98,7 @@ $OpenBSD: patch-libmpdemux_tvi_bsdbt848_c,v 1.3 2007/04/08 17:33:39 ajacoutot Ex
     case TVI_CONTROL_TUN_GET_TUNER:
     case TVI_CONTROL_TUN_SET_TUNER:
 
-@@ -219,23 +262,24 @@ static int control(priv_t *priv, int cmd, void *arg)
+@@ -219,23 +262,24 @@ static int control(priv_t *priv, int cmd
 
     case TVI_CONTROL_SPC_GET_INPUT:
         {
@ -127,7 +127,7 @@ $OpenBSD: patch-libmpdemux_tvi_bsdbt848_c,v 1.3 2007/04/08 17:33:39 ajacoutot Ex
             return(0);
             }
 
-@@ -261,8 +305,15 @@ static int control(priv_t *priv, int cmd, void *arg)
+@@ -261,8 +305,15 @@ static int control(priv_t *priv, int cmd
     case TVI_CONTROL_AUD_SET_SAMPLERATE:
         {
         int dspspeed = (int)*(void **)arg;
@ -206,7 +206,7 @@ $OpenBSD: patch-libmpdemux_tvi_bsdbt848_c,v 1.3 2007/04/08 17:33:39 ajacoutot Ex
 priv->dspbytesread = 0;
 priv->dsprate = priv->dspspeed * priv->dspsamplesize/8*(priv->dspstereo+1);
 priv->dspframesize = priv->dspspeed*priv->dspsamplesize/8/priv->fps * 
-@@ -597,6 +673,31 @@ if((priv->dspfd = open (priv->dspdev, O_RDONLY, 0)) < 
+@@ -597,6 +673,31 @@ if((priv->dspfd = open (priv->dspdev, O_
 
 marg = (256 << 16) | 12;
 
@ -263,7 +263,7 @@ $OpenBSD: patch-libmpdemux_tvi_bsdbt848_c,v 1.3 2007/04/08 17:33:39 ajacoutot Ex
 
 if(priv->videoready == FALSE) return(0);
 
-@@ -680,6 +785,15 @@ if(ioctl(priv->btfd, METEORCAPTUR, &marg) < 0 ) 
+@@ -680,6 +785,15 @@ if(ioctl(priv->btfd, METEORCAPTUR, &marg
 close(priv->btfd);
 close(priv->dspfd);
 
@ -279,7 +279,7 @@ $OpenBSD: patch-libmpdemux_tvi_bsdbt848_c,v 1.3 2007/04/08 17:33:39 ajacoutot Ex
 priv->dspfd = -1;
 priv->btfd = -1;
 
-@@ -802,13 +916,13 @@ return(priv->dspbytesread * 1.0 / priv->dsprate);
+@@ -802,13 +916,13 @@ return(priv->dspbytesread * 1.0 / priv->
 static int get_audio_framesize(priv_t *priv)
 {
 int bytesavail;
@ -295,7 +295,7 @@ $OpenBSD: patch-libmpdemux_tvi_bsdbt848_c,v 1.3 2007/04/08 17:33:39 ajacoutot Ex
 if(ioctl(priv->dspfd, AUDIO_GETINFO, &auinf) < 0) 
     {
     perror("AUDIO_GETINFO");
-@@ -827,24 +941,28 @@ if(ioctl(priv->dspfd, FIONREAD, &bytesavail) < 0) 
+@@ -827,24 +941,28 @@ if(ioctl(priv->dspfd, FIONREAD, &bytesav
 /* When mencoder wants audio data, it wants data..
    it won't go do anything else until it gets it :( */
 
--- a/x11/mplayer/patches/patch-loader_dmo_DMO_VideoDecoder_c
+++ b/x11/mplayer/patches/patch-loader_dmo_DMO_VideoDecoder_c
@ -0,0 +1,11 @@
+$OpenBSD: patch-loader_dmo_DMO_VideoDecoder_c,v 1.1 2007/04/13 23:13:21 robert Exp $
+--- loader/dmo/DMO_VideoDecoder.c.orig	Sat Apr 14 00:36:45 2007
+++ loader/dmo/DMO_VideoDecoder.c	Sat Apr 14 01:10:30 2007
+@@ -121,6 +121,7 @@ DMO_VideoDecoder * DMO_VideoDecoder_Open
+      
+         this->iv.m_bh = (BITMAPINFOHEADER*)malloc(bihs);
+         memcpy(this->iv.m_bh, format, bihs);
+        this->iv.m_bh->biSize = bihs;
+ 
+         this->iv.m_State = STOP;
+         //this->iv.m_pFrame = 0;
--- a/x11/mplayer/patches/patch-mp3lib_layer2_c
+++ b/x11/mplayer/patches/patch-mp3lib_layer2_c
@ -1,7 +1,7 @@
-$OpenBSD: patch-mp3lib_layer2_c,v 1.3 2007/04/08 17:33:39 ajacoutot Exp $
+$OpenBSD: patch-mp3lib_layer2_c,v 1.4 2007/04/13 23:13:21 robert Exp $
 --- mp3lib/layer2.c.orig	Sun Jun 11 20:35:43 2006
-+++ mp3lib/layer2.c	Sun Apr  8 10:17:02 2007
-@@ -294,6 +294,11 @@ static int do_layer2(struct frame *fr,int outmode)
+++ mp3lib/layer2.c	Sat Apr 14 00:35:29 2007
+@@ -294,6 +294,11 @@ static int do_layer2(struct frame *fr,in
   fr->jsbound = (fr->mode == MPG_MD_JOINT_STEREO) ?
      (fr->mode_ext<<2)+4 : fr->II_sblimit;
 
--- a/x11/mplayer/patches/patch-mplayer_c
+++ b/x11/mplayer/patches/patch-mplayer_c
@ -1,6 +1,6 @@
-$OpenBSD: patch-mplayer_c,v 1.5 2007/04/08 17:33:39 ajacoutot Exp $
+$OpenBSD: patch-mplayer_c,v 1.6 2007/04/13 23:13:21 robert Exp $
 --- mplayer.c.orig	Sun Jun 11 20:35:47 2006
-+++ mplayer.c	Sun Apr  8 10:17:02 2007
+++ mplayer.c	Sat Apr 14 00:35:29 2007
@@ -614,7 +614,7 @@ static void exit_sighandler(int x){
         gdb_pid = fork();
         mp_msg(MSGT_CPLAYER, MSGL_INFO, "Forked...\n");
@ -10,7 +10,7 @@ $OpenBSD: patch-mplayer_c,v 1.5 2007/04/08 17:33:39 ajacoutot Exp $
             mp_msg(MSGT_CPLAYER, MSGL_ERR, "Couldn't start gdb\n");
         } else if (gdb_pid < 0) 
           mp_msg(MSGT_CPLAYER, MSGL_ERR, "Couldn't fork\n");
-@@ -4527,7 +4527,7 @@ if (stream->type==STREAMTYPE_DVDNAV && dvd_nav_still)
+@@ -4527,7 +4527,7 @@ if (stream->type==STREAMTYPE_DVDNAV && d
 	{
 #ifdef USE_SUB
 	if (sh_video) {
@ -19,7 +19,7 @@ $OpenBSD: patch-mplayer_c,v 1.5 2007/04/08 17:33:39 ajacoutot Exp $
 	}
 #endif
 	} break;
-@@ -4548,11 +4548,11 @@ if (stream->type==STREAMTYPE_DVDNAV && dvd_nav_still)
+@@ -4548,11 +4548,11 @@ if (stream->type==STREAMTYPE_DVDNAV && d
 
 	case MP_CMD_GET_VO_FULLSCREEN : {
 	if(video_out && vo_config_count)
@ -33,7 +33,7 @@ $OpenBSD: patch-mplayer_c,v 1.5 2007/04/08 17:33:39 ajacoutot Exp $
     } break;
     case MP_CMD_GET_TIME_POS : {
       float pos = 0;
-@@ -4570,7 +4570,7 @@ if (stream->type==STREAMTYPE_DVDNAV && dvd_nav_still)
+@@ -4570,7 +4570,7 @@ if (stream->type==STREAMTYPE_DVDNAV && d
     case MP_CMD_RUN : {
 #ifndef __MINGW32__
         if(!fork()) {