pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/multimedia -add a patch from upstream to fix CVE-2008-...



details:   https://anonhg.NetBSD.org/pkgsrc/rev/4a6c2ef4c252
branches:  trunk
changeset: 553886:4a6c2ef4c252
user:      drochner <drochner%pkgsrc.org@localhost>
date:      Mon Feb 02 19:20:48 2009 +0000

description:
-add a patch from upstream to fix CVE-2008-3162
 (stack-based buffer overflow in the str_read_packet function in
   libavformat/psxstr.c)
-add (a modified version of) the ffmpeg 4xm patch which fixes
 possible memory corruption
bump PKGREVISION

diffstat:

 multimedia/mplayer-share/distinfo         |   4 +-
 multimedia/mplayer-share/patches/patch-ap |  54 +++++++++++++++++++++++++++++++
 multimedia/mplayer-share/patches/patch-aq |  20 +++++++++++
 multimedia/mplayer/Makefile               |   4 +-
 4 files changed, 79 insertions(+), 3 deletions(-)

diffs (113 lines):

diff -r 915a194de902 -r 4a6c2ef4c252 multimedia/mplayer-share/distinfo
--- a/multimedia/mplayer-share/distinfo Mon Feb 02 17:10:21 2009 +0000
+++ b/multimedia/mplayer-share/distinfo Mon Feb 02 19:20:48 2009 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.58 2008/12/20 00:43:47 jmcneill Exp $
+$NetBSD: distinfo,v 1.59 2009/02/02 19:20:48 drochner Exp $
 
 SHA1 (mplayer-1.0rc10/MPlayer-1.0rc2.tar.bz2) = e9b496f3527c552004ec6d01d6b43f196b43ce2d
 RMD160 (mplayer-1.0rc10/MPlayer-1.0rc2.tar.bz2) = 3b5cba1529856a177a5191e22f8dcc00b5a83c52
@@ -18,6 +18,8 @@
 SHA1 (patch-am) = bae1e03f7265cb6b07947f052f0774d1c17da88e
 SHA1 (patch-an) = a967a47b0d0846fe89f91f9d3faa6055975a5a73
 SHA1 (patch-ao) = ddd85a9bfda237ea923faf0c3677b5e14cff4e0d
+SHA1 (patch-ap) = 83777bac06190f71078435721ad2f7055689f64f
+SHA1 (patch-aq) = 8d77f3fbe5796707f591e0890b54b9f34f649709
 SHA1 (patch-ba) = 2683c414fed3a4a6d3b4d47287f43d822339bd4e
 SHA1 (patch-bb) = 26d000bcbc94b9139e6dbc79237fdb3a109c6057
 SHA1 (patch-bc) = fd46ce3cd6d5f7525e210cf6d475b89573ca988d
diff -r 915a194de902 -r 4a6c2ef4c252 multimedia/mplayer-share/patches/patch-ap
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/multimedia/mplayer-share/patches/patch-ap Mon Feb 02 19:20:48 2009 +0000
@@ -0,0 +1,54 @@
+$NetBSD: patch-ap,v 1.1 2009/02/02 19:20:49 drochner Exp $
+
+--- libavformat/psxstr.c.orig  2007-10-07 21:49:38.000000000 +0200
++++ libavformat/psxstr.c
+@@ -276,12 +276,23 @@ static int str_read_packet(AVFormatConte
+                 int current_sector = AV_RL16(&sector[0x1C]);
+                 int sector_count   = AV_RL16(&sector[0x1E]);
+                 int frame_size = AV_RL32(&sector[0x24]);
+-                int bytes_to_copy;
++
++                if(!(   frame_size>=0
++                     && current_sector < sector_count
++                     && sector_count*VIDEO_DATA_CHUNK_SIZE >=frame_size)){
++                    av_log(s, AV_LOG_ERROR, "Invalid parameters %d %d %d\n", current_sector, sector_count, frame_size);
++                    return AVERROR_INVALIDDATA;
++                }
++
+ //        printf("%d %d %d\n",current_sector,sector_count,frame_size);
+                 /* if this is the first sector of the frame, allocate a pkt */
+                 pkt = &str->tmp_pkt;
+-                if (current_sector == 0) {
+-                    if (av_new_packet(pkt, frame_size))
++
++                if(pkt->size != sector_count*VIDEO_DATA_CHUNK_SIZE){
++                    if(pkt->data)
++                        av_log(s, AV_LOG_ERROR, "missmatching sector_count\n");
++                    av_free_packet(pkt);
++                    if (av_new_packet(pkt, sector_count*VIDEO_DATA_CHUNK_SIZE))
+                         return AVERROR(EIO);
+ 
+                     pkt->pos= url_ftell(pb) - RAW_CD_SECTOR_SIZE;
+@@ -295,15 +306,15 @@ static int str_read_packet(AVFormatConte
+                        str->pts += (90000 / 15);
+                 }
+ 
+-                /* load all the constituent chunks in the video packet */
+-                bytes_to_copy = frame_size - current_sector*VIDEO_DATA_CHUNK_SIZE;
+-                if (bytes_to_copy>0) {
+-                    if (bytes_to_copy>VIDEO_DATA_CHUNK_SIZE) bytes_to_copy=VIDEO_DATA_CHUNK_SIZE;
+-                    memcpy(pkt->data + current_sector*VIDEO_DATA_CHUNK_SIZE,
+-                        sector + VIDEO_DATA_HEADER_SIZE, bytes_to_copy);
+-                }
++                memcpy(pkt->data + current_sector*VIDEO_DATA_CHUNK_SIZE,
++                       sector + VIDEO_DATA_HEADER_SIZE,
++                       VIDEO_DATA_CHUNK_SIZE);
++
+                 if (current_sector == sector_count-1) {
++                    pkt->size= frame_size;
+                     *ret_pkt = *pkt;
++                    pkt->data= NULL;
++                    pkt->size= -1;
+                     return 0;
+                 }
+ 
diff -r 915a194de902 -r 4a6c2ef4c252 multimedia/mplayer-share/patches/patch-aq
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/multimedia/mplayer-share/patches/patch-aq Mon Feb 02 19:20:48 2009 +0000
@@ -0,0 +1,20 @@
+$NetBSD: patch-aq,v 1.1 2009/02/02 19:20:49 drochner Exp $
+
+--- libavformat/4xm.c.orig     2009-01-29 13:36:59.000000000 +0100
++++ libavformat/4xm.c
+@@ -163,10 +163,13 @@ static int fourxm_read_header(AVFormatCo
+                 return AVERROR_INVALIDDATA;
+             }
+             current_track = AV_RL32(&header[i + 8]);
++          if((unsigned)current_track >= UINT_MAX / sizeof(AudioTrack) - 1){
++              av_log(s, AV_LOG_ERROR, "current_track too large\n");
++              av_free(header);
++              return AVERROR_INVALIDDATA;
++          }
+             if (current_track + 1 > fourxm->track_count) {
+                 fourxm->track_count = current_track + 1;
+-                if((unsigned)fourxm->track_count >= UINT_MAX / sizeof(AudioTrack))
+-                    return -1;
+                 fourxm->tracks = av_realloc(fourxm->tracks,
+                     fourxm->track_count * sizeof(AudioTrack));
+                 if (!fourxm->tracks) {
diff -r 915a194de902 -r 4a6c2ef4c252 multimedia/mplayer/Makefile
--- a/multimedia/mplayer/Makefile       Mon Feb 02 17:10:21 2009 +0000
+++ b/multimedia/mplayer/Makefile       Mon Feb 02 19:20:48 2009 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.65 2008/12/20 00:44:46 jmcneill Exp $
+# $NetBSD: Makefile,v 1.66 2009/02/02 19:20:48 drochner Exp $
 
 PKGNAME=       mplayer-${MPLAYER_PKG_VERSION}
-PKGREVISION=   12
+PKGREVISION=   13
 
 COMMENT=       Software-only MPEG-1/2/4 video decoder
 



Home | Main Index | Thread Index | Old Index