r1349 - in /unstable/vlc/debian: changelog control patches/405-CVE-2008-3732.diff patches/406-live555-crash.diff patches/series
xtophe-guest at users.alioth.debian.org
xtophe-guest at users.alioth.debian.org
Thu Aug 21 20:55:59 UTC 2008
Author: xtophe-guest
Date: Thu Aug 21 20:55:59 2008
New Revision: 1349
URL: http://svn.debian.org/wsvn/pkg-multimedia/?sc=1&rev=1349
Log:
* Fix integer overflow in TTA (CVE-2008-3732) (405-CVE-2008-3732.diff)
* Fix crashes in Live555 (406-live555-crash.diff)
* Switch to libdc1394-22-dev (Closes: #484695)
Added:
unstable/vlc/debian/patches/405-CVE-2008-3732.diff
unstable/vlc/debian/patches/406-live555-crash.diff
Modified:
unstable/vlc/debian/changelog
unstable/vlc/debian/control
unstable/vlc/debian/patches/series
Modified: unstable/vlc/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-multimedia/unstable/vlc/debian/changelog?rev=1349&op=diff
==============================================================================
--- unstable/vlc/debian/changelog (original)
+++ unstable/vlc/debian/changelog Thu Aug 21 20:55:59 2008
@@ -1,3 +1,11 @@
+vlc (0.8.6.h-2) unstable; urgency=high
+
+ * Fix integer overflow in TTA (CVE-2008-3732) (405-CVE-2008-3732.diff)
+ * Fix crashes in Live555 (406-live555-crash.diff)
+ * Switch to libdc1394-22-dev (Closes: #484695)
+
+ -- Christophe Mutricy <xtophe at videolan.org> Thu, 21 Aug 2008 20:19:39 +0100
+
vlc (0.8.6.h-1) unstable; urgency=high
[ Christophe Mutricy ]
Modified: unstable/vlc/debian/control
URL: http://svn.debian.org/wsvn/pkg-multimedia/unstable/vlc/debian/control?rev=1349&op=diff
==============================================================================
--- unstable/vlc/debian/control (original)
+++ unstable/vlc/debian/control Thu Aug 21 20:55:59 2008
@@ -68,7 +68,7 @@
zlib1g-dev,
libavc1394-dev [!kfreebsd-i386 !kfreebsd-amd64 !hurd-i386],
libraw1394-dev [!kfreebsd-i386 !kfreebsd-amd64 !hurd-i386],
- libdc1394-13-dev [!kfreebsd-i386 !kfreebsd-amd64 !hurd-i386],
+ libdc1394-22-dev [!kfreebsd-i386 !kfreebsd-amd64 !hurd-i386],
libxosd-dev,
libtwolame-dev (>= 0.3.8),
libspeex-dev,
Added: unstable/vlc/debian/patches/405-CVE-2008-3732.diff
URL: http://svn.debian.org/wsvn/pkg-multimedia/unstable/vlc/debian/patches/405-CVE-2008-3732.diff?rev=1349&op=file
==============================================================================
--- unstable/vlc/debian/patches/405-CVE-2008-3732.diff (added)
+++ unstable/vlc/debian/patches/405-CVE-2008-3732.diff Thu Aug 21 20:55:59 2008
@@ -1,0 +1,141 @@
+diff --git a/modules/demux/tta.c b/modules/demux/tta.c
+index e400908..eede5bb 100644
+--- a/modules/demux/tta.c
++++ b/modules/demux/tta.c
+@@ -60,10 +60,10 @@ struct demux_sys_t
+ es_out_id_t *p_es;
+
+ /* */
+- int i_totalframes;
+- int i_currentframe;
++ uint32_t i_totalframes;
++ uint32_t i_currentframe;
+ uint32_t *pi_seektable;
+- int i_datalength;
++ uint32_t i_datalength;
+ int i_framelength;
+
+ /* */
+@@ -81,10 +81,11 @@ static int Open( vlc_object_t * p_this )
+ es_format_t fmt;
+ uint8_t *p_peek;
+ uint8_t p_header[22];
+- uint8_t *p_seektable;
+- int i_seektable_size = 0, i;
++ uint8_t *p_fullheader;
++ int i_seektable_size = 0;
+ //char psz_info[4096];
+ //module_t *p_id3;
++ uint32_t i;
+
+ if( stream_Peek( p_demux->s, &p_peek, 4 ) < 4 )
+ return VLC_EGENERIC;
+@@ -94,7 +95,7 @@ static int Open( vlc_object_t * p_this )
+ if( !p_demux->b_force ) return VLC_EGENERIC;
+
+ /* User forced */
+- msg_Err( p_demux, "this doesn't look like a flac stream, "
++ msg_Err( p_demux, "this doesn't look like a true-audio stream, "
+ "continuing anyway" );
+ }
+
+@@ -106,11 +107,22 @@ static int Open( vlc_object_t * p_this )
+ p_demux->pf_control = Control;
+ p_demux->p_sys = p_sys = malloc( sizeof( demux_sys_t ) );
+
++ if( !p_sys )
++ return VLC_ENOMEM;
++
++ p_sys->pi_seektable = NULL;
++
+ /* Read the metadata */
+ es_format_Init( &fmt, AUDIO_ES, VLC_FOURCC( 'T', 'T', 'A', '1' ) );
+ fmt.audio.i_channels = GetWLE( &p_header[6] );
+ fmt.audio.i_bitspersample = GetWLE( &p_header[8] );
+ fmt.audio.i_rate = GetDWLE( &p_header[10] );
++ if( fmt.audio.i_rate == 0 || /* Avoid divide by 0 */
++ fmt.audio.i_rate > ( 1 << 20 ) /* Avoid i_framelength overflow */ )
++ {
++ msg_Warn( p_demux, "Wrong sample rate" );
++ goto error;
++ }
+
+ p_sys->i_datalength = GetDWLE( &p_header[14] );
+ p_sys->i_framelength = TTA_FRAMETIME * fmt.audio.i_rate;
+@@ -118,25 +130,36 @@ static int Open( vlc_object_t * p_this )
+ p_sys->i_totalframes = p_sys->i_datalength / p_sys->i_framelength +
+ ((p_sys->i_datalength % p_sys->i_framelength) ? 1 : 0);
+ p_sys->i_currentframe = 0;
++ if( p_sys->i_totalframes > (1 << 29))
++ goto error;
+
+ i_seektable_size = sizeof(uint32_t)*p_sys->i_totalframes;
+- p_seektable = (uint8_t *)malloc( i_seektable_size );
+- stream_Read( p_demux->s, p_seektable, i_seektable_size );
+- p_sys->pi_seektable = (uint32_t *)malloc(i_seektable_size);
+
++ /* Store the header and Seektable for avcodec */
++ fmt.i_extra = 22 + i_seektable_size + 4;
++ fmt.p_extra = p_fullheader = malloc( fmt.i_extra );
++ if( !p_fullheader )
++ goto error;
++
++ memcpy( p_fullheader, p_header, 22 );
++ p_fullheader += 22;
++ if( stream_Read( p_demux->s, p_fullheader, i_seektable_size )
++ != i_seektable_size )
++ goto error;
++
++ p_sys->pi_seektable = calloc( p_sys->i_totalframes, sizeof(uint32_t) );
++ if( !p_sys->pi_seektable )
++ goto error;
+ for( i = 0; i < p_sys->i_totalframes; i++ )
+- p_sys->pi_seektable[i] = GetDWLE( &p_seektable[i*4] );
+-
+- stream_Read( p_demux->s, NULL, 4 ); /* CRC */
++ {
++ p_sys->pi_seektable[i] = GetDWLE( p_fullheader );
++ p_fullheader += 4;
++ }
+
+- /* Store the header and Seektable for avcodec */
+- fmt.i_extra = 22 + (p_sys->i_totalframes * 4) + 4;
+- fmt.p_extra = malloc( fmt.i_extra );
+- memcpy( fmt.p_extra, p_header, 22 );
+- memcpy( fmt.p_extra+22, p_seektable, fmt.i_extra -22 );
++ stream_Read( p_demux->s, p_fullheader, 4 ); /* CRC */
++ p_fullheader += 4;
+
+ p_sys->p_es = es_out_Add( p_demux->out, &fmt );
+- free( p_seektable );
+ p_sys->i_start = stream_Tell( p_demux->s );
+
+ #if 0
+@@ -152,6 +175,10 @@ static int Open( vlc_object_t * p_this )
+ p_sys->p_meta = vlc_meta_New();
+ #endif
+ return VLC_SUCCESS;
++error:
++ es_format_Clean( &fmt );
++ Close( p_this );
++ return VLC_EGENERIC;
+ }
+
+ /*****************************************************************************
+@@ -162,6 +189,7 @@ static void Close( vlc_object_t * p_this )
+ demux_t *p_demux = (demux_t*)p_this;
+ demux_sys_t *p_sys = p_demux->p_sys;
+
++ free( p_sys->pi_seektable );
+ free( p_sys );
+ }
+
+@@ -221,7 +249,7 @@ static int Control( demux_t *p_demux, int i_query, va_list args )
+ if( i64 > 0 )
+ {
+ int64_t tmp = 0;
+- int i;
++ uint32_t i;
+ for( i=0; i < p_sys->i_totalframes && tmp+p_sys->pi_seektable[i] < i64; i++)
+ {
+ tmp += p_sys->pi_seektable[i];
Added: unstable/vlc/debian/patches/406-live555-crash.diff
URL: http://svn.debian.org/wsvn/pkg-multimedia/unstable/vlc/debian/patches/406-live555-crash.diff?rev=1349&op=file
==============================================================================
--- unstable/vlc/debian/patches/406-live555-crash.diff (added)
+++ unstable/vlc/debian/patches/406-live555-crash.diff Thu Aug 21 20:55:59 2008
@@ -1,0 +1,28 @@
+diff --git a/modules/demux/live555.cpp b/modules/demux/live555.cpp
+index 3c75243..90040d3 100644
+--- a/modules/demux/live555.cpp
++++ b/modules/demux/live555.cpp
+@@ -829,7 +829,8 @@ describe:
+ else
+ {
+ const char *psz_tmp = strstr( psz_error, "RTSP" );
+- sscanf( psz_tmp, "RTSP/%*s%3u", &i_code );
++ if( psz_tmp )
++ sscanf( psz_tmp, "RTSP/%*u.%*u %3u", &i_code );
+ }
+ msg_Dbg( p_demux, "DESCRIBE failed with %d: [%s]", i_code, psz_error );
+
+@@ -869,13 +870,6 @@ describe:
+ p_sys->rtsp = NULL;
+ goto createnew;
+ }
+- else
+- {
+- msg_Dbg( p_demux, "connection timeout, retrying" );
+- if( p_sys->rtsp ) RTSPClient::close( p_sys->rtsp );
+- p_sys->rtsp = NULL;
+- goto createnew;
+- }
+ i_ret = VLC_EGENERIC;
+ }
+
Modified: unstable/vlc/debian/patches/series
URL: http://svn.debian.org/wsvn/pkg-multimedia/unstable/vlc/debian/patches/series?rev=1349&op=diff
==============================================================================
--- unstable/vlc/debian/patches/series (original)
+++ unstable/vlc/debian/patches/series Thu Aug 21 20:55:59 2008
@@ -8,3 +8,5 @@
200_osdmenu_paths.diff
300_manpage_syntax.diff
401-CVE-2008-2430.diff
+405-CVE-2008-3732.diff
+406-live555-crash.diff
More information about the pkg-multimedia-commits
mailing list