r252 - in unstable/ffmpeg/debian: . patches
Samuel Hocevar
sho at alioth.debian.org
Mon Mar 26 13:56:37 CET 2007
Author: sho
Date: 2007-03-26 12:56:37 +0000 (Mon, 26 Mar 2007)
New Revision: 252
Added:
unstable/ffmpeg/debian/patches/070_zzuf_r7536_ogm_crash.diff
unstable/ffmpeg/debian/patches/071_zzuf_r7537_avi_crash.diff
unstable/ffmpeg/debian/patches/072_zzuf_r7538_mpeg_crash.diff
unstable/ffmpeg/debian/patches/073_zzuf_r7539_asf_crash.diff
unstable/ffmpeg/debian/patches/074_zzuf_r7561_ogm_crash.diff
unstable/ffmpeg/debian/patches/075_zzuf_r7595_flac_crash.diff
unstable/ffmpeg/debian/patches/076_zzuf_r7718_mpeg_infinite_loop.diff
unstable/ffmpeg/debian/patches/077_zzuf_r7889_mpeg_crash.diff
Modified:
unstable/ffmpeg/debian/changelog
unstable/ffmpeg/debian/patches/series
Log:
* debian/patches/070_zzuf_r7536_ogm_crash.diff:
* debian/patches/071_zzuf_r7537_avi_crash.diff:
* debian/patches/072_zzuf_r7538_mpeg_crash.diff:
* debian/patches/073_zzuf_r7539_asf_crash.diff:
* debian/patches/074_zzuf_r7561_ogm_crash.diff:
* debian/patches/075_zzuf_r7595_flac_crash.diff:
* debian/patches/076_zzuf_r7718_mpeg_infinite_loop.diff:
* debian/patches/077_zzuf_r7889_mpeg_crash.diff:
+ New patches taken from upstream SVN. Fix various crashes and deadlocks
found with zzuf (Closes: #407003).
Modified: unstable/ffmpeg/debian/changelog
===================================================================
--- unstable/ffmpeg/debian/changelog 2007-03-26 12:36:27 UTC (rev 251)
+++ unstable/ffmpeg/debian/changelog 2007-03-26 12:56:37 UTC (rev 252)
@@ -10,6 +10,17 @@
+ New patch: workaround for a buffer overflow in the MMX H264 chroma
motion compensation until upstream fixes it properly (Closes: #404176).
+ * debian/patches/070_zzuf_r7536_ogm_crash.diff:
+ * debian/patches/071_zzuf_r7537_avi_crash.diff:
+ * debian/patches/072_zzuf_r7538_mpeg_crash.diff:
+ * debian/patches/073_zzuf_r7539_asf_crash.diff:
+ * debian/patches/074_zzuf_r7561_ogm_crash.diff:
+ * debian/patches/075_zzuf_r7595_flac_crash.diff:
+ * debian/patches/076_zzuf_r7718_mpeg_infinite_loop.diff:
+ * debian/patches/077_zzuf_r7889_mpeg_crash.diff:
+ + New patches taken from upstream SVN. Fix various crashes and deadlocks
+ found with zzuf (Closes: #407003).
+
* debian/control:
+ Set pkg-multimedia-maintainers as main maintainer.
+ Updated VCS fields.
Added: unstable/ffmpeg/debian/patches/070_zzuf_r7536_ogm_crash.diff
===================================================================
--- unstable/ffmpeg/debian/patches/070_zzuf_r7536_ogm_crash.diff 2007-03-26 12:36:27 UTC (rev 251)
+++ unstable/ffmpeg/debian/patches/070_zzuf_r7536_ogm_crash.diff 2007-03-26 12:56:37 UTC (rev 252)
@@ -0,0 +1,14 @@
+Index: libavformat/ogg2.c
+===================================================================
+--- libavformat/ogg2.c (revision 7535)
++++ libavformat/ogg2.c (revision 7536)
+@@ -484,7 +484,8 @@
+ url_fseek (&s->pb, end, SEEK_SET);
+
+ while (!ogg_read_page (s, &i)){
+- if (ogg->streams[i].granule != -1 && ogg->streams[i].granule != 0)
++ if (ogg->streams[i].granule != -1 && ogg->streams[i].granule != 0 &&
++ ogg->streams[i].codec)
+ idx = i;
+ }
+
Added: unstable/ffmpeg/debian/patches/071_zzuf_r7537_avi_crash.diff
===================================================================
--- unstable/ffmpeg/debian/patches/071_zzuf_r7537_avi_crash.diff 2007-03-26 12:36:27 UTC (rev 251)
+++ unstable/ffmpeg/debian/patches/071_zzuf_r7537_avi_crash.diff 2007-03-26 12:56:37 UTC (rev 252)
@@ -0,0 +1,13 @@
+Index: libavformat/avidec.c
+===================================================================
+--- libavformat/avidec.c (revision 7536)
++++ libavformat/avidec.c (revision 7537)
+@@ -397,7 +397,7 @@
+ break;
+ case MKTAG('s', 't', 'r', 'f'):
+ /* stream header */
+- if (stream_index >= s->nb_streams || avi->dv_demux) {
++ if (stream_index >= (unsigned)s->nb_streams || avi->dv_demux) {
+ url_fskip(pb, size);
+ } else {
+ st = s->streams[stream_index];
Added: unstable/ffmpeg/debian/patches/072_zzuf_r7538_mpeg_crash.diff
===================================================================
--- unstable/ffmpeg/debian/patches/072_zzuf_r7538_mpeg_crash.diff 2007-03-26 12:36:27 UTC (rev 251)
+++ unstable/ffmpeg/debian/patches/072_zzuf_r7538_mpeg_crash.diff 2007-03-26 12:56:37 UTC (rev 252)
@@ -0,0 +1,15 @@
+Index: libavcodec/mpeg12.c
+===================================================================
+--- libavcodec/mpeg12.c (revision 7537)
++++ libavcodec/mpeg12.c (revision 7538)
+@@ -3178,6 +3178,10 @@
+ if(mpeg_field_start(s2) < 0)
+ return -1;
+ }
++ if(!s2->current_picture_ptr){
++ av_log(avctx, AV_LOG_ERROR, "current_picture not initalized\n");
++ return -1;
++ }
+
+ if(avctx->thread_count > 1){
+ int threshold= (s2->mb_height*s->slice_count + avctx->thread_count/2) / avctx->thread_count;
Added: unstable/ffmpeg/debian/patches/073_zzuf_r7539_asf_crash.diff
===================================================================
--- unstable/ffmpeg/debian/patches/073_zzuf_r7539_asf_crash.diff 2007-03-26 12:36:27 UTC (rev 251)
+++ unstable/ffmpeg/debian/patches/073_zzuf_r7539_asf_crash.diff 2007-03-26 12:56:37 UTC (rev 252)
@@ -0,0 +1,15 @@
+Index: libavformat/asf.c
+===================================================================
+--- libavformat/asf.c (revision 7538)
++++ libavformat/asf.c (revision 7539)
+@@ -601,6 +601,10 @@
+ assert(asf->packet_replic_size >= 8);
+ // it should be always at least 8 bytes - FIXME validate
+ asf->packet_obj_size = get_le32(pb);
++ if(asf->packet_obj_size >= (1<<24) || asf->packet_obj_size <= 0){
++ av_log(s, AV_LOG_ERROR, "packet_obj_size invalid\n");
++ continue;
++ }
+ asf->packet_frag_timestamp = get_le32(pb); // timestamp
+ if (asf->packet_replic_size > 8)
+ url_fskip(pb, asf->packet_replic_size - 8);
Added: unstable/ffmpeg/debian/patches/074_zzuf_r7561_ogm_crash.diff
===================================================================
--- unstable/ffmpeg/debian/patches/074_zzuf_r7561_ogm_crash.diff 2007-03-26 12:36:27 UTC (rev 251)
+++ unstable/ffmpeg/debian/patches/074_zzuf_r7561_ogm_crash.diff 2007-03-26 12:56:37 UTC (rev 252)
@@ -0,0 +1,13 @@
+Index: libavcodec/imgresample.c
+===================================================================
+--- libavcodec/imgresample.c (revision 7560)
++++ libavcodec/imgresample.c (revision 7561)
+@@ -672,6 +672,8 @@
+
+ void sws_freeContext(struct SwsContext *ctx)
+ {
++ if (!ctx)
++ return;
+ if ((ctx->resampling_ctx->iwidth != ctx->resampling_ctx->owidth) ||
+ (ctx->resampling_ctx->iheight != ctx->resampling_ctx->oheight)) {
+ img_resample_close(ctx->resampling_ctx);
Added: unstable/ffmpeg/debian/patches/075_zzuf_r7595_flac_crash.diff
===================================================================
--- unstable/ffmpeg/debian/patches/075_zzuf_r7595_flac_crash.diff 2007-03-26 12:36:27 UTC (rev 251)
+++ unstable/ffmpeg/debian/patches/075_zzuf_r7595_flac_crash.diff 2007-03-26 12:56:37 UTC (rev 252)
@@ -0,0 +1,15 @@
+Index: libavcodec/flac.c
+===================================================================
+--- libavcodec/flac.c (revision 7594)
++++ libavcodec/flac.c (revision 7595)
+@@ -225,6 +225,10 @@
+ rice_order = get_bits(&s->gb, 4);
+
+ samples= s->blocksize >> rice_order;
++ if (pred_order > samples) {
++ av_log(s->avctx, AV_LOG_ERROR, "invalid predictor order: %i > %i\n", pred_order, samples);
++ return -1;
++ }
+
+ sample=
+ i= pred_order;
Added: unstable/ffmpeg/debian/patches/076_zzuf_r7718_mpeg_infinite_loop.diff
===================================================================
--- unstable/ffmpeg/debian/patches/076_zzuf_r7718_mpeg_infinite_loop.diff 2007-03-26 12:36:27 UTC (rev 251)
+++ unstable/ffmpeg/debian/patches/076_zzuf_r7718_mpeg_infinite_loop.diff 2007-03-26 12:56:37 UTC (rev 252)
@@ -0,0 +1,13 @@
+Index: libavcodec/mpegvideo.c
+===================================================================
+--- libavcodec/mpegvideo.c (revision 7717)
++++ libavcodec/mpegvideo.c (revision 7718)
+@@ -1603,7 +1603,7 @@
+ if(s->last_picture_ptr) copy_picture(&s->last_picture, s->last_picture_ptr);
+ if(s->next_picture_ptr) copy_picture(&s->next_picture, s->next_picture_ptr);
+
+- if(s->pict_type != I_TYPE && (s->last_picture_ptr==NULL || s->last_picture_ptr->data[0]==NULL)){
++ if(s->pict_type != I_TYPE && (s->last_picture_ptr==NULL || s->last_picture_ptr->data[0]==NULL) && !s->dropable){
+ av_log(avctx, AV_LOG_ERROR, "warning: first frame is no keyframe\n");
+ assert(s->pict_type != B_TYPE); //these should have been dropped if we don't have a reference
+ goto alloc;
Added: unstable/ffmpeg/debian/patches/077_zzuf_r7889_mpeg_crash.diff
===================================================================
--- unstable/ffmpeg/debian/patches/077_zzuf_r7889_mpeg_crash.diff 2007-03-26 12:36:27 UTC (rev 251)
+++ unstable/ffmpeg/debian/patches/077_zzuf_r7889_mpeg_crash.diff 2007-03-26 12:56:37 UTC (rev 252)
@@ -0,0 +1,15 @@
+Index: libavcodec/mpeg12.c
+===================================================================
+--- libavcodec/mpeg12.c (revision 7888)
++++ libavcodec/mpeg12.c (revision 7889)
+@@ -2593,6 +2593,10 @@
+ break;
+ }
+ }
++ if(s->mb_x >= (unsigned)s->mb_width){
++ av_log(s->avctx, AV_LOG_ERROR, "initial skip overflow\n");
++ return -1;
++ }
+
+ s->resync_mb_x= s->mb_x;
+ s->resync_mb_y= s->mb_y= mb_y;
Modified: unstable/ffmpeg/debian/patches/series
===================================================================
--- unstable/ffmpeg/debian/patches/series 2007-03-26 12:36:27 UTC (rev 251)
+++ unstable/ffmpeg/debian/patches/series 2007-03-26 12:56:37 UTC (rev 252)
@@ -20,3 +20,11 @@
053_rm_demux_crash.diff
054_h264_mmx_chroma_mc_crash.diff
060_fix_avi_skip.diff
+070_zzuf_r7536_ogm_crash.diff
+071_zzuf_r7537_avi_crash.diff
+072_zzuf_r7538_mpeg_crash.diff
+073_zzuf_r7539_asf_crash.diff
+074_zzuf_r7561_ogm_crash.diff
+075_zzuf_r7595_flac_crash.diff
+076_zzuf_r7718_mpeg_infinite_loop.diff
+077_zzuf_r7889_mpeg_crash.diff
More information about the Pkg-multimedia-commits
mailing list