[SCM] vlc/squeeze: Fix heap corruption in some XML based subtitles decoder

xtophe-guest at users.alioth.debian.org xtophe-guest at users.alioth.debian.org
Sun Jan 23 22:05:29 UTC 2011 

The following commit has been merged in the squeeze branch:
commit c3eba3cefc06efde836c1a1d92f8e760b2626c7b
Author: Christophe Mutricy <xtophe at chewa.net>
Date:   Sun Jan 23 20:46:32 2011 +0000

    Fix heap corruption in some XML based subtitles decoder
    
    Patch taken from upstream
    
    Thanks: Harry Sintonen

diff --git a/debian/patches/series b/debian/patches/series
index f6b5eb4..5213288 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -5,3 +5,4 @@
 503_autoreconf.diff
 CVE-2010-3907.diff
 cdg-heap-overflow.diff
+xml-heap-corruption.diff
diff --git a/debian/patches/xml-heap-corruption.diff b/debian/patches/xml-heap-corruption.diff
new file mode 100644
index 0000000..08a70db
--- /dev/null
+++ b/debian/patches/xml-heap-corruption.diff
@@ -0,0 +1,33 @@
+Author: Harry Sintonen <sintonen at iki.fi>
+Date:   Mon Jan 17 00:47:58 2011 +0200
+Subject: Handle early termination properly in StripTags
+Origin: upstream, http://git.videolan.org/gitweb.cgi?p=vlc/vlc-1.1.git;a=commit;h=dc14617f39c03bbe80c3cc4f92799dca840966eb
+
+diff --git a/modules/codec/subtitles/subsdec.c b/modules/codec/subtitles/subsdec.c
+index 5c55a6e..bfdbb13 100644
+--- a/modules/codec/subtitles/subsdec.c
++++ b/modules/codec/subtitles/subsdec.c
+@@ -632,6 +632,9 @@ static char *StripTags( char *psz_subtitle )
+             *psz_text++ = *psz_subtitle;
+         }
+ 
++        /* Security fix: Account for the case where input ends early */
++        if( *psz_subtitle == '\0' ) break;
++
+         psz_subtitle++;
+     }
+     *psz_text = '\0';
+diff --git a/modules/codec/subtitles/subsusf.c b/modules/codec/subtitles/subsusf.c
+index 5754137..fc1cf07 100644
+--- a/modules/codec/subtitles/subsusf.c
++++ b/modules/codec/subtitles/subsusf.c
+@@ -1081,6 +1081,9 @@ static char *StripTags( char *psz_subtitle )
+             *psz_text++ = *psz_subtitle;
+         }
+ 
++        /* Security fix: Account for the case where input ends early */
++        if( *psz_subtitle == '\0' ) break;
++
+         psz_subtitle++;
+     }
+     *psz_text = '\0';

-- 
VLC media player packaging

More information about the pkg-multimedia-commits mailing list