[SCM] vlc/lucid: Backport CVE-2010-3907 patch to lucid.

bdrung at users.alioth.debian.org bdrung at users.alioth.debian.org
Thu Dec 30 00:29:14 UTC 2010 

The following commit has been merged in the lucid branch:
commit 3a5c44ede7757a8762ffb945e6ce35dd869265fd
Author: Benjamin Drung <bdrung at ubuntu.com>
Date:   Thu Dec 30 01:14:09 2010 +0100

    Backport CVE-2010-3907 patch to lucid.

diff --git a/debian/patches/CVE-2010-3907.diff b/debian/patches/CVE-2010-3907.diff
index 4899043..775c69c 100644
--- a/debian/patches/CVE-2010-3907.diff
+++ b/debian/patches/CVE-2010-3907.diff
@@ -3,13 +3,11 @@ Subject: Real: fix heap buffer overflow (CVE-2010-3907)
  we cannot use the array, but we still have to free it (calloc(0)).
 Author: Rémi Denis-Courmont <remi at remlab.net>
 Bug-Ubuntu: https://launchpad.net/bugs/690173
-Origin: upstream, http://git.videolan.org/gitweb.cgi?p=vlc/vlc-1.1.git;a=commit;h=5264082844c1deb05585c245525fd55f9a9cab41
+Origin: backport, http://git.videolan.org/gitweb.cgi?p=vlc/vlc-1.1.git;a=commit;h=5264082844c1deb05585c245525fd55f9a9cab41
 
-diff --git a/modules/demux/real.c b/modules/demux/real.c
-index dee5b52..e3b6a07 100644
 --- a/modules/demux/real.c
 +++ b/modules/demux/real.c
-@@ -252,11 +252,8 @@ static void Close( vlc_object_t *p_this )
+@@ -247,11 +247,8 @@
              if( tk->p_subpackets[ j ] )
                  block_Release( tk->p_subpackets[ j ] );
          }
@@ -20,10 +18,10 @@ index dee5b52..e3b6a07 100644
 -        }
 +        free( tk->p_subpackets );
 +        free( tk->p_subpackets_timecode );
-         if( tk->p_sipr_packet )
-             block_Release( tk->p_sipr_packet );
          free( tk );
-@@ -637,6 +634,11 @@ static void DemuxAudioMethod1( demux_t *p_demux, real_track_t *tk, mtime_t i_pts
+     }
+     if( p_sys->i_track > 0 )
+@@ -631,6 +628,11 @@
  
          for( int i = 0; i < i_num; i++ )
          {
@@ -35,7 +33,7 @@ index dee5b52..e3b6a07 100644
              block_t *p_block = block_New( p_demux, tk->i_subpacket_size );
              if( !p_block )
                  return;
-@@ -649,9 +651,6 @@ static void DemuxAudioMethod1( demux_t *p_demux, real_track_t *tk, mtime_t i_pts
+@@ -643,9 +645,6 @@
  
              p_buf += tk->i_subpacket_size;
  
@@ -45,7 +43,7 @@ index dee5b52..e3b6a07 100644
              if( tk->p_subpackets[i_index] != NULL )
              {
                  msg_Dbg(p_demux, "p_subpackets[ %d ] not null!",  i_index );
-@@ -671,14 +670,16 @@ static void DemuxAudioMethod1( demux_t *p_demux, real_track_t *tk, mtime_t i_pts
+@@ -665,14 +664,16 @@
  
          for( int i = 0; i < tk->i_subpacket_h / 2; i++ )
          {
@@ -63,4 +61,4 @@ index dee5b52..e3b6a07 100644
 -
              memcpy( p_block->p_buffer, p_buf, tk->i_coded_frame_size );
              p_block->i_dts =
-             p_block->i_pts = i_index == 0 ? i_pts : VLC_TS_INVALID;
+             p_block->i_pts = i_index == 0 ? i_pts : 0;

-- 
VLC media player packaging

More information about the pkg-multimedia-commits mailing list