[SCM] mplayer packaging branch, etch, updated. 2d394d9822f2ebddcf0338bc90659bf624074494

siretart at users.alioth.debian.org siretart at users.alioth.debian.org
Sun Apr 26 18:02:29 UTC 2009


The following commit has been merged in the etch branch:
commit 2d394d9822f2ebddcf0338bc90659bf624074494
Author: Reinhard Tartler <siretart at tauware.de>
Date:   Sun Apr 26 19:51:36 2009 +0200

    fixup patch for CVE-2009-0385
    
    original upstream patch can be found at
    http://git.ffmpeg.org/?p=ffmpeg;a=commitdiff;h=72e715fb798f2cb79fd24a6d2eaeafb7c6eeda17
    
    thanks to white for finding that mistake

diff --git a/debian/patches/CVE-2009-0385.patch b/debian/patches/CVE-2009-0385.patch
index 46f1161..653825b 100644
--- a/debian/patches/CVE-2009-0385.patch
+++ b/debian/patches/CVE-2009-0385.patch
@@ -14,7 +14,7 @@ Patch AKA CVE-2009-0385
                  return AVERROR_INVALIDDATA;
              }
              current_track = LE_32(&header[i + 8]);
-+            if((unsigned)fourxm->track_count >= UINT_MAX / sizeof(AudioTrack - 1))
++            if((unsigned)current_track >= UINT_MAX / sizeof(AudioTrack - 1))
 +                return -1;
              if (current_track + 1 > fourxm->track_count) {
                  fourxm->track_count = current_track + 1;
diff --git a/libavformat/4xm.c b/libavformat/4xm.c
index 15a4e46..ec9a885 100644
--- a/libavformat/4xm.c
+++ b/libavformat/4xm.c
@@ -161,7 +161,7 @@ static int fourxm_read_header(AVFormatContext *s,
                 return AVERROR_INVALIDDATA;
             }
             current_track = LE_32(&header[i + 8]);
-	    if((unsigned)fourxm->track_count >= UINT_MAX / sizeof(AudioTrack) - 1)
+	    if((unsigned)current_track >= UINT_MAX / sizeof(AudioTrack) - 1)
                 return -1;
             if (current_track + 1 > fourxm->track_count) {
                 fourxm->track_count = current_track + 1;

-- 
mplayer packaging



More information about the pkg-multimedia-commits mailing list