- roll in a SECURITY FIX for SA33650,
which could lead to heap based overflows and memory corruption. patch taken from upstream git. ok ajacoutot@
This commit is contained in:
parent
a165a5753e
commit
e9e14f1519
@ -1,4 +1,4 @@
|
||||
# $OpenBSD: Makefile,v 1.28 2009/01/25 18:55:31 ajacoutot Exp $
|
||||
# $OpenBSD: Makefile,v 1.29 2009/01/26 12:32:43 jasper Exp $
|
||||
|
||||
COMMENT-main = multimedia framework - good plugins
|
||||
COMMENT-aalib = multimedia framework - aalib plugin
|
||||
@ -18,7 +18,7 @@ COMMENT-soup = multimedia framework - libsoup plugin
|
||||
|
||||
V = 0.10.8
|
||||
DISTNAME = gst-plugins-good-$V
|
||||
PKGNAME-main = gstreamer-plugins-good-$Vp7
|
||||
PKGNAME-main = gstreamer-plugins-good-$Vp8
|
||||
PKGNAME-aalib = gstreamer-aalib-$Vp0
|
||||
PKGNAME-cairo = gstreamer-cairo-$Vp1
|
||||
PKGNAME-gconf = gstreamer-confelements-$Vp1
|
||||
|
@ -0,0 +1,44 @@
|
||||
$OpenBSD: patch-gst_qtdemux_qtdemux_c,v 1.1 2009/01/26 12:32:43 jasper Exp $
|
||||
|
||||
Security fix for SA33650, which could lead to heap based overflows and memory corruption.
|
||||
http://secunia.com/advisories/33650/
|
||||
|
||||
Patch taken from upstream git:
|
||||
http://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=bdc20b9baf13564d9a061343416395f8f9a92b53
|
||||
|
||||
--- gst/qtdemux/qtdemux.c.orig Mon Jan 26 13:04:23 2009
|
||||
+++ gst/qtdemux/qtdemux.c Mon Jan 26 13:06:26 2009
|
||||
@@ -2842,13 +2842,13 @@ qtdemux_parse_samples (GstQTDemux * qtdemux, QtDemuxSt
|
||||
stream->min_duration = 0;
|
||||
time = 0;
|
||||
index = 0;
|
||||
- for (i = 0; i < n_sample_times; i++) {
|
||||
+ for (i = 0; (i < n_sample_times) && (index < stream->n_samples); i++) {
|
||||
guint32 n;
|
||||
guint32 duration;
|
||||
|
||||
n = QT_UINT32 ((guint8 *) stts->data + 16 + 8 * i);
|
||||
duration = QT_UINT32 ((guint8 *) stts->data + 16 + 8 * i + 4);
|
||||
- for (j = 0; j < n; j++) {
|
||||
+ for (j = 0; (j < n) && (index < stream->n_samples); j++) {
|
||||
GST_DEBUG_OBJECT (qtdemux, "sample %d: timestamp %" GST_TIME_FORMAT,
|
||||
index, GST_TIME_ARGS (timestamp));
|
||||
|
||||
@@ -2876,7 +2876,7 @@ qtdemux_parse_samples (GstQTDemux * qtdemux, QtDemuxSt
|
||||
for (i = 0; i < n_sample_syncs; i++) {
|
||||
/* note that the first sample is index 1, not 0 */
|
||||
index = QT_UINT32 ((guint8 *) stss->data + offset);
|
||||
- if (index > 0) {
|
||||
+ if (index > 0 && index <= stream->n_samples) {
|
||||
samples[index - 1].keyframe = TRUE;
|
||||
offset += 4;
|
||||
}
|
||||
@@ -2975,7 +2975,7 @@ qtdemux_parse_samples (GstQTDemux * qtdemux, QtDemuxSt
|
||||
for (i = 0, j = 0; (j < stream->n_samples) && (i < n_entries); i++) {
|
||||
count = QT_UINT32 (ctts_data + 16 + i * 8);
|
||||
soffset = QT_UINT32 (ctts_data + 20 + i * 8);
|
||||
- for (k = 0; k < count; k++, j++) {
|
||||
+ for (k = 0; (k < count) && (j < stream->n_samples); k++, j++) {
|
||||
/* we operate with very small soffset values here, it shouldn't overflow */
|
||||
samples[j].pts_offset = soffset * GST_SECOND / stream->timescale;
|
||||
}
|
Loading…
Reference in New Issue
Block a user