[Pkg-chromium-commit] chromium-browser/chromium-browser.sid: 684 High Crash due to bad indexing with malformed video. Credit to miaubiz.

Giuseppe Iuculano iuculano at debian.org
Tue Dec 7 09:08:52 UTC 2010 

Branch name: chromium-browser/chromium-browser.sid
Branch location : bzr+ssh://bzr.debian.org/bzr/pkg-chromium/chromium-browser/chromium-browser.sid
Browse location: http://bzr.debian.org/loggerhead/pkg-chromium
Revision No: 684
Revision Id: iuculano at debian.org-20101207090852-y2qhtaiq5kq8vebr
Committer: Giuseppe Iuculano <iuculano at debian.org>
Message : High Crash due to bad indexing with malformed video. Credit to miaubiz. 


--------------------------------------------------------
  ** Added :
        - debian/patches/62127.patch

  ** Modified :
        - debian/changelog
        - debian/patches/series

-------------- next part --------------
=== modified file 'debian/changelog'
--- a/debian/changelog	2010-12-07 08:49:41 +0000
+++ b/debian/changelog	2010-12-07 09:08:52 +0000
@@ -6,8 +6,9 @@
     - High Use after free in history handling. Credit to Stefan Troger.
     - Medium Make sure the ?dangerous file types? list is uptodate with the
       Windows platforms. Credit to Billy Rios of the Google Security Team.
+    - High Crash due to bad indexing with malformed video. Credit to miaubiz. 
 
- -- Giuseppe Iuculano <iuculano at debian.org>  Tue, 07 Dec 2010 09:48:31 +0100
+ -- Giuseppe Iuculano <iuculano at debian.org>  Tue, 07 Dec 2010 10:08:33 +0100
 
 chromium-browser (6.0.472.63~r59945-2) unstable; urgency=high
 

=== added file 'debian/patches/62127.patch'
--- a/debian/patches/62127.patch	1970-01-01 00:00:00 +0000
+++ b/debian/patches/62127.patch	2010-12-07 09:08:52 +0000
@@ -0,0 +1,16 @@
+--- a/src/media/filters/ffmpeg_demuxer.cc
++++ b/src/media/filters/ffmpeg_demuxer.cc
+@@ -532,7 +532,12 @@ void FFmpegDemuxer::DemuxTask() {
+   // thread.
+   DCHECK_GE(packet->stream_index, 0);
+   DCHECK_LT(packet->stream_index, static_cast<int>(packet_streams_.size()));
+-  FFmpegDemuxerStream* demuxer_stream = packet_streams_[packet->stream_index];
++  FFmpegDemuxerStream* demuxer_stream = NULL;
++  size_t i = packet->stream_index;
++  // Defend against ffmpeg giving us a bad stream index.
++  if (i < packet_streams_.size()) {
++    demuxer_stream = packet_streams_[i];
++  }
+   if (demuxer_stream) {
+     // Queue the packet with the appropriate stream.  The stream takes
+     // ownership of the AVPacket.

=== modified file 'debian/patches/series'
--- a/debian/patches/series	2010-12-07 08:49:41 +0000
+++ b/debian/patches/series	2010-12-07 09:08:52 +0000
@@ -34,3 +34,4 @@
 55745.patch
 59554.patch
 59817.patch
+62127.patch

More information about the Pkg-chromium-commit mailing list