[Pkg-gstreamer-commits] [libvpx] 01/01: Fix out of bounds access in the VP9 codec
Sebastian Dröge
slomo at moszumanska.debian.org
Tue Oct 21 08:24:54 UTC 2014
This is an automated email from the git hooks/post-receive script.
slomo pushed a commit to branch master
in repository libvpx.
commit 8ce804c88ed115005a8b3302fbbd374fe9d0d7fb
Author: Sebastian Dröge <sebastian at centricular.com>
Date: Tue Oct 21 10:04:54 2014 +0200
Fix out of bounds access in the VP9 codec
---
debian/changelog | 9 +++++++
debian/control | 30 +++++++++++------------
debian/patches/series | 1 +
debian/patches/vp9-out-of-bounds-access.patch | 34 +++++++++++++++++++++++++++
4 files changed, 59 insertions(+), 15 deletions(-)
diff --git a/debian/changelog b/debian/changelog
index f69ac2e..12cf2c1 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,12 @@
+libvpx (1.3.0-3) unstable; urgency=high
+
+ * debian/control:
+ + Add VP9 to the short and long package descriptions (Closes: #760095).
+ * debian/patches/vp9-out-of-bounds-access.patch:
+ + Fix out of bounds access in the VP9 codec (CVE-2014-1578) (Closes: #765435).
+
+ -- Sebastian Dröge <slomo at debian.org> Tue, 21 Oct 2014 10:02:18 +0200
+
libvpx (1.3.0-2.1) unstable; urgency=medium
* Non-maintainer upload.
diff --git a/debian/control b/debian/control
index 1efe477..9155467 100644
--- a/debian/control
+++ b/debian/control
@@ -15,9 +15,9 @@ Depends: libvpx1 (= ${binary:Version}),
${shlibs:Depends},
${misc:Depends}
Multi-Arch: same
-Description: VP8 video codec (development files)
- VP8 is an open video codec, originally developed by On2 and released
- as open source by Google Inc. It is the successor of the VP3 codec,
+Description: VP8 and VP9 video codec (development files)
+ VP8 and VP9 are open video codecs, originally developed by On2 and released
+ as open source by Google Inc. They are the successor of the VP3 codec,
on which the Theora codec was based.
.
This package contains the development libraries, header files needed by
@@ -30,9 +30,9 @@ Depends: ${shlibs:Depends},
${misc:Depends}
Multi-Arch: same
Pre-Depends: ${misc:Pre-Depends}
-Description: VP8 video codec (shared library)
- VP8 is an open video codec, originally developed by On2 and released
- as open source by Google Inc. It is the successor of the VP3 codec,
+Description: VP8 and VP9 video codec (shared library)
+ VP8 and VP9 are open video codecs, originally developed by On2 and released
+ as open source by Google Inc. They are the successor of the VP3 codec,
on which the Theora codec was based.
.
This package contains the shared libraries.
@@ -43,9 +43,9 @@ Priority: extra
Architecture: any
Depends: libvpx1 (= ${binary:Version}),
${misc:Depends}
-Description: VP8 video codec (debugging symbols)
- VP8 is an open video codec, originally developed by On2 and released
- as open source by Google Inc. It is the successor of the VP3 codec,
+Description: VP8 and VP9 video codec (debugging symbols)
+ VP8 and VP9 are open video codecs, originally developed by On2 and released
+ as open source by Google Inc. They are the successor of the VP3 codec,
on which the Theora codec was based.
.
Debugging symbols for the VPX library. This is
@@ -56,9 +56,9 @@ Section: doc
Architecture: all
Depends: ${misc:Depends}
Recommends: lynx | www-browser
-Description: VP8 video codec (API documentation)
- VP8 is an open video codec, originally developed by On2 and released
- as open source by Google Inc. It is the successor of the VP3 codec,
+Description: VP8 and VP9 video codec (API documentation)
+ VP8 and VP9 are open video codecs, originally developed by On2 and released
+ as open source by Google Inc. They are the successor of the VP3 codec,
on which the Theora codec was based.
.
This package contains the HTML documentation for the libvpx library
@@ -71,9 +71,9 @@ Depends: libvpx1 (= ${binary:Version}),
${shlibs:Depends},
${misc:Depends}
Multi-Arch: foreign
-Description: VP8 video codec encoding/decoding tools
- VP8 is an open video codec, originally developed by On2 and released
- as open source by Google Inc. It is the successor of the VP3 codec,
+Description: VP8 and VP9 video codec encoding/decoding tools
+ VP8 and VP9 are open video codecs, originally developed by On2 and released
+ as open source by Google Inc. They are the successor of the VP3 codec,
on which the Theora codec was based.
.
This package contains the commandline tools vpxdec and vpxenc.
diff --git a/debian/patches/series b/debian/patches/series
index 9553e9e..fd10329 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,2 +1,3 @@
fix-armhf-link.patch
Bug-fix-in-ssse3-quantize-function.patch
+vp9-out-of-bounds-access.patch
diff --git a/debian/patches/vp9-out-of-bounds-access.patch b/debian/patches/vp9-out-of-bounds-access.patch
new file mode 100644
index 0000000..9621e10
--- /dev/null
+++ b/debian/patches/vp9-out-of-bounds-access.patch
@@ -0,0 +1,34 @@
+
+# HG changeset patch
+# User Ralph Giles <giles at mozilla.com>
+# Date 1412209683 25200
+# Node ID 6023f0b4f8ba49dd117106cc98cd8007c2142bf6
+# Parent 8c431dcec0ffde13988d47eacf341113ea883245
+Bug 1063327 - Reject vp9 frames with invalid tiles. r=kinetik, a=abillings
+
+diff --git a/vp9/decoder/vp9_decodframe.c b/vp9/decoder/vp9_decodframe.c
+--- a/vp9/decoder/vp9_decodframe.c
++++ b/vp9/decoder/vp9_decodframe.c
+@@ -863,16 +863,21 @@ static size_t get_tile(const uint8_t *co
+
+ if (!is_last) {
+ if (!read_is_valid(*data, 4, data_end))
+ vpx_internal_error(error_info, VPX_CODEC_CORRUPT_FRAME,
+ "Truncated packet or corrupt tile length");
+
+ size = read_be32(*data);
+ *data += 4;
++
++ if (size > data_end - *data) {
++ vpx_internal_error(error_info, VPX_CODEC_CORRUPT_FRAME,
++ "Truncated packet or corrupt tile size");
++ }
+ } else {
+ size = data_end - *data;
+ }
+ return size;
+ }
+
+ typedef struct TileBuffer {
+ const uint8_t *data;
+
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-gstreamer/libvpx.git
More information about the Pkg-gstreamer-commits
mailing list