[SCM] FFmpeg packaging branch, ubuntu.karmic, updated. debian/0.5+svn20090706-1ubuntu3-36-g3f9d596

siretart at users.alioth.debian.org siretart at users.alioth.debian.org
Thu Oct 15 07:34:10 UTC 2009 

The following commit has been merged in the ubuntu.karmic branch:
commit 709e4cdfe959b962d2a70104c2f3bd770dabdf33
Author: Reinhard Tartler <siretart at tauware.de>
Date:   Wed Oct 14 23:34:24 2009 +0200

    backport vp3 fixes

diff --git a/debian/patches/security/vp3/0001-Fix-init_get_bits-buffer-size.patch b/debian/patches/security/vp3/0001-Fix-init_get_bits-buffer-size.patch
new file mode 100644
index 0000000..a90a9f3
--- /dev/null
+++ b/debian/patches/security/vp3/0001-Fix-init_get_bits-buffer-size.patch
@@ -0,0 +1,27 @@
+From 351a67a951b4b95bc0cb05127445b685f362f9b9 Mon Sep 17 00:00:00 2001
+From: michael <michael at 9553f0bf-9b14-0410-a0b8-cfaf0461ba5b>
+Date: Wed, 23 Sep 2009 12:27:10 +0000
+Subject: [PATCH 1/3] Fix init_get_bits() buffer size.
+ 18_fix_theora_header_bit_len.patch by chrome
+
+git-svn-id: file:///var/local/repositories/ffmpeg/trunk@19993 9553f0bf-9b14-0410-a0b8-cfaf0461ba5b
+---
+ libavcodec/vp3.c |    2 +-
+ 1 files changed, 1 insertions(+), 1 deletions(-)
+
+diff --git a/libavcodec/vp3.c b/libavcodec/vp3.c
+index 4d27a8a..4896fd0 100644
+--- a/libavcodec/vp3.c
++++ b/libavcodec/vp3.c
+@@ -2319,7 +2319,7 @@ static av_cold int theora_decode_init(AVCodecContext *avctx)
+     }
+ 
+   for(i=0;i<3;i++) {
+-    init_get_bits(&gb, header_start[i], header_len[i]);
++    init_get_bits(&gb, header_start[i], header_len[i] * 8);
+ 
+     ptype = get_bits(&gb, 8);
+ 
+-- 
+1.6.3.3
+
diff --git a/debian/patches/security/vp3/0003-Make-sure-that-all-memory-allocations-succeed.patch b/debian/patches/security/vp3/0003-Make-sure-that-all-memory-allocations-succeed.patch
new file mode 100644
index 0000000..bc1a7ce
--- /dev/null
+++ b/debian/patches/security/vp3/0003-Make-sure-that-all-memory-allocations-succeed.patch
@@ -0,0 +1,51 @@
+From 3303bd41acebb0068f1afd09fbb39432d3982620 Mon Sep 17 00:00:00 2001
+From: melanson <melanson at 9553f0bf-9b14-0410-a0b8-cfaf0461ba5b>
+Date: Thu, 24 Sep 2009 06:33:16 +0000
+Subject: [PATCH 3/3] Make sure that all memory allocations succeed.
+ Based on 28_theora_malloc_checks.patch from the Google Chrome team.
+
+git-svn-id: file:///var/local/repositories/ffmpeg/trunk@20008 9553f0bf-9b14-0410-a0b8-cfaf0461ba5b
+---
+ libavcodec/vp3.c |   12 ++++++++++++
+ 1 files changed, 12 insertions(+), 0 deletions(-)
+
+diff --git a/libavcodec/vp3.c b/libavcodec/vp3.c
+index 6a6663f..60b84f0 100644
+--- a/libavcodec/vp3.c
++++ b/libavcodec/vp3.c
+@@ -42,6 +42,8 @@
+ 
+ #define FRAGMENT_PIXELS 8
+ 
++static av_cold int vp3_decode_end(AVCodecContext *avctx);
++
+ typedef struct Coeff {
+     struct Coeff *next;
+     DCTELEM coeff;
+@@ -1755,6 +1757,11 @@ static av_cold int vp3_decode_init(AVCodecContext *avctx)
+     s->coeffs = av_malloc(s->fragment_count * sizeof(Coeff) * 65);
+     s->coded_fragment_list = av_malloc(s->fragment_count * sizeof(int));
+     s->pixel_addresses_initialized = 0;
++    if (!s->superblock_coding || !s->all_fragments || !s->coeff_counts ||
++        !s->coeffs || !s->coded_fragment_list) {
++        vp3_decode_end(avctx);
++        return -1;
++    }
+ 
+     if (!s->theora_tables)
+     {
+@@ -1860,6 +1867,11 @@ static av_cold int vp3_decode_init(AVCodecContext *avctx)
+     s->superblock_macroblocks = av_malloc(s->superblock_count * 4 * sizeof(int));
+     s->macroblock_fragments = av_malloc(s->macroblock_count * 6 * sizeof(int));
+     s->macroblock_coding = av_malloc(s->macroblock_count + 1);
++    if (!s->superblock_fragments || !s->superblock_macroblocks ||
++        !s->macroblock_fragments || !s->macroblock_coding) {
++        vp3_decode_end(avctx);
++        return -1;
++    }
+     init_block_mapping(s);
+ 
+     for (i = 0; i < 3; i++) {
+-- 
+1.6.3.3
+
diff --git a/debian/patches/series b/debian/patches/series
index 6507805..897c0d1 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -50,3 +50,7 @@ security/vorbis_dec/0012-Fix-format-string-to-match-the-types-printed.patch
 
 # vorbis security backports
 security/oggparsevorbis/0001-Fix-possible-buffer-over-read-in-vorbis_comment-fix-.patch
+
+# libavcodec vp3 fixes
+security/vp3/0003-Make-sure-that-all-memory-allocations-succeed.patch
+security/vp3/0001-Fix-init_get_bits-buffer-size.patch

-- 
FFmpeg packaging

More information about the pkg-multimedia-commits mailing list