[SCM] FFmpeg packaging branch, ubuntu.karmic, updated. debian/0.5+svn20090706-1ubuntu3-38-gb589a5c

siretart at users.alioth.debian.org siretart at users.alioth.debian.org
Fri Oct 30 22:32:30 UTC 2009 

The following commit has been merged in the ubuntu.karmic branch:
commit b589a5c6f849cb9892156f53419fbcbebdf9167a
Author: Reinhard Tartler <siretart at tauware.de>
Date:   Fri Oct 30 23:29:58 2009 +0100

    backported libavformat/oggdec.c security fixes
    
    thanks to Marc Deslauriers <marc.deslauriers at canonical.com> for
    identifying the following chrome issues in the ffmpeg svn:
    
    40_ogg_missing_header.patch

diff --git a/debian/patches/security/oggdec/0001-Disable-parsing-for-ogg-streams-where-no-ogg-header-.patch b/debian/patches/security/oggdec/0001-Disable-parsing-for-ogg-streams-where-no-ogg-header-.patch
new file mode 100644
index 0000000..c8f6d64
--- /dev/null
+++ b/debian/patches/security/oggdec/0001-Disable-parsing-for-ogg-streams-where-no-ogg-header-.patch
@@ -0,0 +1,37 @@
+From 7fb2fe280374bcb1c41c2a8e7aa5632d18dc4279 Mon Sep 17 00:00:00 2001
+From: reimar <reimar at 9553f0bf-9b14-0410-a0b8-cfaf0461ba5b>
+Date: Wed, 30 Sep 2009 09:46:48 +0000
+Subject: [PATCH] Disable parsing for ogg streams where no ogg header was found,
+ if no header was found the parser was not initialized and thus will
+ crash when trying to use it.
+
+git-svn-id: file:///var/local/repositories/ffmpeg/trunk@20093 9553f0bf-9b14-0410-a0b8-cfaf0461ba5b
+---
+ libavformat/oggdec.c |    5 +++++
+ 1 files changed, 5 insertions(+), 0 deletions(-)
+
+diff --git a/libavformat/oggdec.c b/libavformat/oggdec.c
+index 5d42db7..adf0ad0 100644
+--- a/libavformat/oggdec.c
++++ b/libavformat/oggdec.c
+@@ -477,12 +477,17 @@ static int
+ ogg_read_header (AVFormatContext * s, AVFormatParameters * ap)
+ {
+     struct ogg *ogg = s->priv_data;
++    int i;
+     ogg->curidx = -1;
+     //linear headers seek from start
+     if (ogg_get_headers (s) < 0){
+         return -1;
+     }
+ 
++    for (i = 0; i < ogg->nstreams; i++)
++        if (ogg->streams[i].header < 0)
++            ogg->streams[i].codec = NULL;
++
+     //linear granulepos seek from end
+     ogg_get_length (s);
+ 
+-- 
+1.6.3.3
+
diff --git a/debian/patches/series b/debian/patches/series
index ef03d15..b635a33 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -70,3 +70,6 @@ security/h264/0001-Check-num_units_in_tick-time_scale-to-be-valid-and-w.patch
 security/mov/0001-check-entries-against-field_size-potential-malloc-ov.patch
 security/mov/0002-add-one-missing-check-for-stream-existence-in-read_e.patch
 security/mov/0003-check-stream-existence-before-assignment-fix-1222.patch
+
+# oggedc backports
+security/oggdec/0001-Disable-parsing-for-ogg-streams-where-no-ogg-header-.patch

-- 
FFmpeg packaging

More information about the pkg-multimedia-commits mailing list