[SCM] vlc/lucid: Backport CVE-2010-3907 patch to lucid.
bdrung at users.alioth.debian.org
bdrung at users.alioth.debian.org
Thu Dec 30 00:29:14 UTC 2010
The following commit has been merged in the lucid branch:
commit 3a5c44ede7757a8762ffb945e6ce35dd869265fd
Author: Benjamin Drung <bdrung at ubuntu.com>
Date: Thu Dec 30 01:14:09 2010 +0100
Backport CVE-2010-3907 patch to lucid.
diff --git a/debian/patches/CVE-2010-3907.diff b/debian/patches/CVE-2010-3907.diff
index 4899043..775c69c 100644
--- a/debian/patches/CVE-2010-3907.diff
+++ b/debian/patches/CVE-2010-3907.diff
@@ -3,13 +3,11 @@ Subject: Real: fix heap buffer overflow (CVE-2010-3907)
we cannot use the array, but we still have to free it (calloc(0)).
Author: Rémi Denis-Courmont <remi at remlab.net>
Bug-Ubuntu: https://launchpad.net/bugs/690173
-Origin: upstream, http://git.videolan.org/gitweb.cgi?p=vlc/vlc-1.1.git;a=commit;h=5264082844c1deb05585c245525fd55f9a9cab41
+Origin: backport, http://git.videolan.org/gitweb.cgi?p=vlc/vlc-1.1.git;a=commit;h=5264082844c1deb05585c245525fd55f9a9cab41
-diff --git a/modules/demux/real.c b/modules/demux/real.c
-index dee5b52..e3b6a07 100644
--- a/modules/demux/real.c
+++ b/modules/demux/real.c
-@@ -252,11 +252,8 @@ static void Close( vlc_object_t *p_this )
+@@ -247,11 +247,8 @@
if( tk->p_subpackets[ j ] )
block_Release( tk->p_subpackets[ j ] );
}
@@ -20,10 +18,10 @@ index dee5b52..e3b6a07 100644
- }
+ free( tk->p_subpackets );
+ free( tk->p_subpackets_timecode );
- if( tk->p_sipr_packet )
- block_Release( tk->p_sipr_packet );
free( tk );
-@@ -637,6 +634,11 @@ static void DemuxAudioMethod1( demux_t *p_demux, real_track_t *tk, mtime_t i_pts
+ }
+ if( p_sys->i_track > 0 )
+@@ -631,6 +628,11 @@
for( int i = 0; i < i_num; i++ )
{
@@ -35,7 +33,7 @@ index dee5b52..e3b6a07 100644
block_t *p_block = block_New( p_demux, tk->i_subpacket_size );
if( !p_block )
return;
-@@ -649,9 +651,6 @@ static void DemuxAudioMethod1( demux_t *p_demux, real_track_t *tk, mtime_t i_pts
+@@ -643,9 +645,6 @@
p_buf += tk->i_subpacket_size;
@@ -45,7 +43,7 @@ index dee5b52..e3b6a07 100644
if( tk->p_subpackets[i_index] != NULL )
{
msg_Dbg(p_demux, "p_subpackets[ %d ] not null!", i_index );
-@@ -671,14 +670,16 @@ static void DemuxAudioMethod1( demux_t *p_demux, real_track_t *tk, mtime_t i_pts
+@@ -665,14 +664,16 @@
for( int i = 0; i < tk->i_subpacket_h / 2; i++ )
{
@@ -63,4 +61,4 @@ index dee5b52..e3b6a07 100644
-
memcpy( p_block->p_buffer, p_buf, tk->i_coded_frame_size );
p_block->i_dts =
- p_block->i_pts = i_index == 0 ? i_pts : VLC_TS_INVALID;
+ p_block->i_pts = i_index == 0 ? i_pts : 0;
--
VLC media player packaging
More information about the pkg-multimedia-commits
mailing list