[SCM] FFmpeg packaging branch, master, updated. upstream/0.svn20090119-56-g4e4cf2c
siretart at users.alioth.debian.org
siretart at users.alioth.debian.org
Tue Feb 3 06:32:48 UTC 2009
The following commit has been merged in the master branch:
commit 29ed32ee3b187bddb2dac5395f1715f4c61199fc
Author: Reinhard Tartler <siretart at tauware.de>
Date: Wed Jan 28 22:51:03 2009 +0100
add 50_TKADV2009-004.diff to fix remotely exploitable security issue.
diff --git a/debian/patches/50_TKADV2009-004.diff b/debian/patches/50_TKADV2009-004.diff
new file mode 100644
index 0000000..bc3c5b5
--- /dev/null
+++ b/debian/patches/50_TKADV2009-004.diff
@@ -0,0 +1,28 @@
+------------------------------------------------------------------------
+r16846 | michael | 2009-01-28 14:37:26 +0100 (Mi, 28. Jan 2009) | 4 lines
+
+Fix remotely exploitable arbitrary code execution vulnerability.
+Found by Tobias Klein / tk // trapkit / de /
+See: http://www.trapkit.de/advisories/TKADV2009-004.txt
+
+
+--- a/libavformat/4xm.c
++++ b/libavformat/4xm.c
+@@ -166,12 +166,13 @@ static int fourxm_read_header(AVFormatCo
+ goto fail;
+ }
+ current_track = AV_RL32(&header[i + 8]);
++ if((unsigned)current_track >= UINT_MAX / sizeof(AudioTrack) - 1){
++ av_log(s, AV_LOG_ERROR, "current_track too large\n");
++ ret= -1;
++ goto fail;
++ }
+ if (current_track + 1 > fourxm->track_count) {
+ fourxm->track_count = current_track + 1;
+- if((unsigned)fourxm->track_count >= UINT_MAX / sizeof(AudioTrack)){
+- ret= -1;
+- goto fail;
+- }
+ fourxm->tracks = av_realloc(fourxm->tracks,
+ fourxm->track_count * sizeof(AudioTrack));
+ if (!fourxm->tracks) {
diff --git a/debian/patches/series b/debian/patches/series
index c4bfd83..9043fb8 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,2 +1,3 @@
# 020_visibility_patch
+50_TKADV2009-004.diff
900_doxyfile
--
FFmpeg packaging
More information about the pkg-multimedia-commits
mailing list