[Pkg-chromium-commit] chromium-browser/chromium-browser.sid: 684 High Crash due to bad indexing with malformed video. Credit to miaubiz.
Giuseppe Iuculano
iuculano at debian.org
Tue Dec 7 09:08:52 UTC 2010
Branch name: chromium-browser/chromium-browser.sid
Branch location : bzr+ssh://bzr.debian.org/bzr/pkg-chromium/chromium-browser/chromium-browser.sid
Browse location: http://bzr.debian.org/loggerhead/pkg-chromium
Revision No: 684
Revision Id: iuculano at debian.org-20101207090852-y2qhtaiq5kq8vebr
Committer: Giuseppe Iuculano <iuculano at debian.org>
Message : High Crash due to bad indexing with malformed video. Credit to miaubiz.
--------------------------------------------------------
** Added :
- debian/patches/62127.patch
** Modified :
- debian/changelog
- debian/patches/series
-------------- next part --------------
=== modified file 'debian/changelog'
--- a/debian/changelog 2010-12-07 08:49:41 +0000
+++ b/debian/changelog 2010-12-07 09:08:52 +0000
@@ -6,8 +6,9 @@
- High Use after free in history handling. Credit to Stefan Troger.
- Medium Make sure the ?dangerous file types? list is uptodate with the
Windows platforms. Credit to Billy Rios of the Google Security Team.
+ - High Crash due to bad indexing with malformed video. Credit to miaubiz.
- -- Giuseppe Iuculano <iuculano at debian.org> Tue, 07 Dec 2010 09:48:31 +0100
+ -- Giuseppe Iuculano <iuculano at debian.org> Tue, 07 Dec 2010 10:08:33 +0100
chromium-browser (6.0.472.63~r59945-2) unstable; urgency=high
=== added file 'debian/patches/62127.patch'
--- a/debian/patches/62127.patch 1970-01-01 00:00:00 +0000
+++ b/debian/patches/62127.patch 2010-12-07 09:08:52 +0000
@@ -0,0 +1,16 @@
+--- a/src/media/filters/ffmpeg_demuxer.cc
++++ b/src/media/filters/ffmpeg_demuxer.cc
+@@ -532,7 +532,12 @@ void FFmpegDemuxer::DemuxTask() {
+ // thread.
+ DCHECK_GE(packet->stream_index, 0);
+ DCHECK_LT(packet->stream_index, static_cast<int>(packet_streams_.size()));
+- FFmpegDemuxerStream* demuxer_stream = packet_streams_[packet->stream_index];
++ FFmpegDemuxerStream* demuxer_stream = NULL;
++ size_t i = packet->stream_index;
++ // Defend against ffmpeg giving us a bad stream index.
++ if (i < packet_streams_.size()) {
++ demuxer_stream = packet_streams_[i];
++ }
+ if (demuxer_stream) {
+ // Queue the packet with the appropriate stream. The stream takes
+ // ownership of the AVPacket.
=== modified file 'debian/patches/series'
--- a/debian/patches/series 2010-12-07 08:49:41 +0000
+++ b/debian/patches/series 2010-12-07 09:08:52 +0000
@@ -34,3 +34,4 @@
55745.patch
59554.patch
59817.patch
+62127.patch
More information about the Pkg-chromium-commit
mailing list