[SCM] FFmpeg packaging branch, ubuntu.karmic, updated. debian/0.5+svn20090706-1ubuntu3-36-g3f9d596

siretart at users.alioth.debian.org siretart at users.alioth.debian.org
Thu Oct 15 07:34:22 UTC 2009 

The following commit has been merged in the ubuntu.karmic branch:
commit 3f9d59654c80df066ff724769e2ed5d71e67ca06
Author: Reinhard Tartler <siretart at tauware.de>
Date:   Thu Oct 15 08:57:35 2009 +0200

    h264 security backports

diff --git a/debian/patches/security/h264/0001-Check-num_units_in_tick-time_scale-to-be-valid-and-w.patch b/debian/patches/security/h264/0001-Check-num_units_in_tick-time_scale-to-be-valid-and-w.patch
new file mode 100644
index 0000000..258dafb
--- /dev/null
+++ b/debian/patches/security/h264/0001-Check-num_units_in_tick-time_scale-to-be-valid-and-w.patch
@@ -0,0 +1,29 @@
+From 1259942b556eb7e58c74d09f0e160c204c7f0ac1 Mon Sep 17 00:00:00 2001
+From: michael <michael at 9553f0bf-9b14-0410-a0b8-cfaf0461ba5b>
+Date: Wed, 23 Sep 2009 09:58:44 +0000
+Subject: [PATCH] Check num_units_in_tick/time_scale to be valid and within the range we support.
+ based on a patch by chrome
+
+git-svn-id: file:///var/local/repositories/ffmpeg/trunk@19979 9553f0bf-9b14-0410-a0b8-cfaf0461ba5b
+---
+ libavcodec/h264.c |    4 ++++
+ 1 files changed, 4 insertions(+), 0 deletions(-)
+
+diff --git a/libavcodec/h264.c b/libavcodec/h264.c
+index 20ad778..31bd4a6 100644
+--- a/libavcodec/h264.c
++++ b/libavcodec/h264.c
+@@ -7087,6 +7087,10 @@ static inline int decode_vui_parameters(H264Context *h, SPS *sps){
+     if(sps->timing_info_present_flag){
+         sps->num_units_in_tick = get_bits_long(&s->gb, 32);
+         sps->time_scale = get_bits_long(&s->gb, 32);
++        if(sps->num_units_in_tick-1 > 0x7FFFFFFEU || sps->time_scale-1 > 0x7FFFFFFEU){
++            av_log(h->s.avctx, AV_LOG_ERROR, "time_scale/num_units_in_tick inavlid or unsupported (%d/%d)\n", sps->time_scale, sps->num_units_in_tick);
++            return -1;
++        }
+         sps->fixed_frame_rate_flag = get_bits1(&s->gb);
+     }
+ 
+-- 
+1.6.3.3
+
diff --git a/debian/patches/series b/debian/patches/series
index 45f8527..c5c0171 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -62,3 +62,6 @@ security/ffv1/0001-Fix-a-possibly-exploitable-buffer-overflow.patch
 security/mpegaudiodec/0001-check-data_size-in-decode_frame.patch
 security/mpegaudiodec/0002-Check-data_size-in-decode_frame_mp3on4.patch
 security/mpegaudiodec/0003-Set-data_size-to-0-to-avoid-having-it-uninitialized.patch
+
+# h264 security backports
+security/h264/0001-Check-num_units_in_tick-time_scale-to-be-valid-and-w.patch

-- 
FFmpeg packaging

More information about the pkg-multimedia-commits mailing list