Bug#512818: Backported patch from upstream
Thadeu Lima de Souza Cascardo
cascardo at minaslivre.org
Tue Jan 27 23:54:41 UTC 2009
tag 512818 +patch
thanks
Backported patch from upstream.
Attached is the NMU diff.
-------------- next part --------------
diff -u gst-plugins-good0.10-0.10.8/debian/changelog gst-plugins-good0.10-0.10.8/debian/changelog
--- gst-plugins-good0.10-0.10.8/debian/changelog
+++ gst-plugins-good0.10-0.10.8/debian/changelog
@@ -1,3 +1,12 @@
+gst-plugins-good0.10 (0.10.8-4.1) unstable; urgency=high
+
+ * NMU
+ * debian/patches/20_Fix_for_security_advisory_TKADV2009-0xx.patch:
+ + Fix SA33650 and TKADV2009-03 (Closes: #512818)
+ * Urgency set to high due to urgency bug
+
+ -- Thadeu Lima de Souza Cascardo <cascardo at minaslivre.org> Tue, 27 Jan 2009 20:12:10 -0200
+
gst-plugins-good0.10 (0.10.8-4) unstable; urgency=low
* debian/patches/13_equalizer.patch:
only in patch2:
unchanged:
--- gst-plugins-good0.10-0.10.8.orig/debian/patches/20_Fix_for_security_advisory_TKADV2009-0xx.patch
+++ gst-plugins-good0.10-0.10.8/debian/patches/20_Fix_for_security_advisory_TKADV2009-0xx.patch
@@ -0,0 +1,38 @@
+diff --git a/gst/qtdemux/qtdemux.c b/gst/qtdemux/qtdemux.c
+index 33061f5..bc61e37 100644
+--- a/gst/qtdemux/qtdemux.c
++++ b/gst/qtdemux/qtdemux.c
+@@ -2842,13 +2842,13 @@ qtdemux_parse_samples (GstQTDemux * qtdemux, QtDemuxStream * stream,
+ stream->min_duration = 0;
+ time = 0;
+ index = 0;
+- for (i = 0; i < n_sample_times; i++) {
++ for (i = 0; (i < n_sample_times) && (index < stream->n_samples); i++) {
+ guint32 n;
+ guint32 duration;
+
+ n = QT_UINT32 ((guint8 *) stts->data + 16 + 8 * i);
+ duration = QT_UINT32 ((guint8 *) stts->data + 16 + 8 * i + 4);
+- for (j = 0; j < n; j++) {
++ for (j = 0; (j < n) && (index < stream->n_samples); j++) {
+ GST_DEBUG_OBJECT (qtdemux, "sample %d: timestamp %" GST_TIME_FORMAT,
+ index, GST_TIME_ARGS (timestamp));
+
+@@ -2876,7 +2876,7 @@ qtdemux_parse_samples (GstQTDemux * qtdemux, QtDemuxStream * stream,
+ for (i = 0; i < n_sample_syncs; i++) {
+ /* note that the first sample is index 1, not 0 */
+ index = QT_UINT32 ((guint8 *) stss->data + offset);
+- if (index > 0) {
++ if (index > 0 && index <= stream->n_samples) {
+ samples[index - 1].keyframe = TRUE;
+ offset += 4;
+ }
+@@ -2975,7 +2975,7 @@ qtdemux_parse_samples (GstQTDemux * qtdemux, QtDemuxStream * stream,
+ for (i = 0, j = 0; (j < stream->n_samples) && (i < n_entries); i++) {
+ count = QT_UINT32 (ctts_data + 16 + i * 8);
+ soffset = QT_UINT32 (ctts_data + 20 + i * 8);
+- for (k = 0; k < count; k++, j++) {
++ for (k = 0; (k < count) && (j < stream->n_samples); k++, j++) {
+ /* we operate with very small soffset values here, it shouldn't overflow */
+ samples[j].pts_offset = soffset * GST_SECOND / stream->timescale;
+ }
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/pkg-gstreamer-maintainers/attachments/20090127/310fc51d/attachment-0001.pgp
More information about the Pkg-gstreamer-maintainers
mailing list