pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/multimedia -add a patch from upstream to fix CVE-2008-...
details: https://anonhg.NetBSD.org/pkgsrc/rev/4a6c2ef4c252
branches: trunk
changeset: 553886:4a6c2ef4c252
user: drochner <drochner%pkgsrc.org@localhost>
date: Mon Feb 02 19:20:48 2009 +0000
description:
-add a patch from upstream to fix CVE-2008-3162
(stack-based buffer overflow in the str_read_packet function in
libavformat/psxstr.c)
-add (a modified version of) the ffmpeg 4xm patch which fixes
possible memory corruption
bump PKGREVISION
diffstat:
multimedia/mplayer-share/distinfo | 4 +-
multimedia/mplayer-share/patches/patch-ap | 54 +++++++++++++++++++++++++++++++
multimedia/mplayer-share/patches/patch-aq | 20 +++++++++++
multimedia/mplayer/Makefile | 4 +-
4 files changed, 79 insertions(+), 3 deletions(-)
diffs (113 lines):
diff -r 915a194de902 -r 4a6c2ef4c252 multimedia/mplayer-share/distinfo
--- a/multimedia/mplayer-share/distinfo Mon Feb 02 17:10:21 2009 +0000
+++ b/multimedia/mplayer-share/distinfo Mon Feb 02 19:20:48 2009 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.58 2008/12/20 00:43:47 jmcneill Exp $
+$NetBSD: distinfo,v 1.59 2009/02/02 19:20:48 drochner Exp $
SHA1 (mplayer-1.0rc10/MPlayer-1.0rc2.tar.bz2) = e9b496f3527c552004ec6d01d6b43f196b43ce2d
RMD160 (mplayer-1.0rc10/MPlayer-1.0rc2.tar.bz2) = 3b5cba1529856a177a5191e22f8dcc00b5a83c52
@@ -18,6 +18,8 @@
SHA1 (patch-am) = bae1e03f7265cb6b07947f052f0774d1c17da88e
SHA1 (patch-an) = a967a47b0d0846fe89f91f9d3faa6055975a5a73
SHA1 (patch-ao) = ddd85a9bfda237ea923faf0c3677b5e14cff4e0d
+SHA1 (patch-ap) = 83777bac06190f71078435721ad2f7055689f64f
+SHA1 (patch-aq) = 8d77f3fbe5796707f591e0890b54b9f34f649709
SHA1 (patch-ba) = 2683c414fed3a4a6d3b4d47287f43d822339bd4e
SHA1 (patch-bb) = 26d000bcbc94b9139e6dbc79237fdb3a109c6057
SHA1 (patch-bc) = fd46ce3cd6d5f7525e210cf6d475b89573ca988d
diff -r 915a194de902 -r 4a6c2ef4c252 multimedia/mplayer-share/patches/patch-ap
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/multimedia/mplayer-share/patches/patch-ap Mon Feb 02 19:20:48 2009 +0000
@@ -0,0 +1,54 @@
+$NetBSD: patch-ap,v 1.1 2009/02/02 19:20:49 drochner Exp $
+
+--- libavformat/psxstr.c.orig 2007-10-07 21:49:38.000000000 +0200
++++ libavformat/psxstr.c
+@@ -276,12 +276,23 @@ static int str_read_packet(AVFormatConte
+ int current_sector = AV_RL16(§or[0x1C]);
+ int sector_count = AV_RL16(§or[0x1E]);
+ int frame_size = AV_RL32(§or[0x24]);
+- int bytes_to_copy;
++
++ if(!( frame_size>=0
++ && current_sector < sector_count
++ && sector_count*VIDEO_DATA_CHUNK_SIZE >=frame_size)){
++ av_log(s, AV_LOG_ERROR, "Invalid parameters %d %d %d\n", current_sector, sector_count, frame_size);
++ return AVERROR_INVALIDDATA;
++ }
++
+ // printf("%d %d %d\n",current_sector,sector_count,frame_size);
+ /* if this is the first sector of the frame, allocate a pkt */
+ pkt = &str->tmp_pkt;
+- if (current_sector == 0) {
+- if (av_new_packet(pkt, frame_size))
++
++ if(pkt->size != sector_count*VIDEO_DATA_CHUNK_SIZE){
++ if(pkt->data)
++ av_log(s, AV_LOG_ERROR, "missmatching sector_count\n");
++ av_free_packet(pkt);
++ if (av_new_packet(pkt, sector_count*VIDEO_DATA_CHUNK_SIZE))
+ return AVERROR(EIO);
+
+ pkt->pos= url_ftell(pb) - RAW_CD_SECTOR_SIZE;
+@@ -295,15 +306,15 @@ static int str_read_packet(AVFormatConte
+ str->pts += (90000 / 15);
+ }
+
+- /* load all the constituent chunks in the video packet */
+- bytes_to_copy = frame_size - current_sector*VIDEO_DATA_CHUNK_SIZE;
+- if (bytes_to_copy>0) {
+- if (bytes_to_copy>VIDEO_DATA_CHUNK_SIZE) bytes_to_copy=VIDEO_DATA_CHUNK_SIZE;
+- memcpy(pkt->data + current_sector*VIDEO_DATA_CHUNK_SIZE,
+- sector + VIDEO_DATA_HEADER_SIZE, bytes_to_copy);
+- }
++ memcpy(pkt->data + current_sector*VIDEO_DATA_CHUNK_SIZE,
++ sector + VIDEO_DATA_HEADER_SIZE,
++ VIDEO_DATA_CHUNK_SIZE);
++
+ if (current_sector == sector_count-1) {
++ pkt->size= frame_size;
+ *ret_pkt = *pkt;
++ pkt->data= NULL;
++ pkt->size= -1;
+ return 0;
+ }
+
diff -r 915a194de902 -r 4a6c2ef4c252 multimedia/mplayer-share/patches/patch-aq
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/multimedia/mplayer-share/patches/patch-aq Mon Feb 02 19:20:48 2009 +0000
@@ -0,0 +1,20 @@
+$NetBSD: patch-aq,v 1.1 2009/02/02 19:20:49 drochner Exp $
+
+--- libavformat/4xm.c.orig 2009-01-29 13:36:59.000000000 +0100
++++ libavformat/4xm.c
+@@ -163,10 +163,13 @@ static int fourxm_read_header(AVFormatCo
+ return AVERROR_INVALIDDATA;
+ }
+ current_track = AV_RL32(&header[i + 8]);
++ if((unsigned)current_track >= UINT_MAX / sizeof(AudioTrack) - 1){
++ av_log(s, AV_LOG_ERROR, "current_track too large\n");
++ av_free(header);
++ return AVERROR_INVALIDDATA;
++ }
+ if (current_track + 1 > fourxm->track_count) {
+ fourxm->track_count = current_track + 1;
+- if((unsigned)fourxm->track_count >= UINT_MAX / sizeof(AudioTrack))
+- return -1;
+ fourxm->tracks = av_realloc(fourxm->tracks,
+ fourxm->track_count * sizeof(AudioTrack));
+ if (!fourxm->tracks) {
diff -r 915a194de902 -r 4a6c2ef4c252 multimedia/mplayer/Makefile
--- a/multimedia/mplayer/Makefile Mon Feb 02 17:10:21 2009 +0000
+++ b/multimedia/mplayer/Makefile Mon Feb 02 19:20:48 2009 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.65 2008/12/20 00:44:46 jmcneill Exp $
+# $NetBSD: Makefile,v 1.66 2009/02/02 19:20:48 drochner Exp $
PKGNAME= mplayer-${MPLAYER_PKG_VERSION}
-PKGREVISION= 12
+PKGREVISION= 13
COMMENT= Software-only MPEG-1/2/4 video decoder
Home |
Main Index |
Thread Index |
Old Index