[SCM] vlc/lucid: AVI: fix heap buffer overflow (CVE-2011-2588)

bdrung at users.alioth.debian.org bdrung at users.alioth.debian.org
Mon Jul 18 14:58:56 UTC 2011 

The following commit has been merged in the lucid branch:
commit 09cd23b884259c68c9a94686cb897e298fb06736
Author: Benjamin Drung <bdrung at debian.org>
Date:   Mon Jul 18 16:14:34 2011 +0200

    AVI: fix heap buffer overflow (CVE-2011-2588)

diff --git a/debian/patches/CVE-2011-2588.patch b/debian/patches/CVE-2011-2588.patch
new file mode 100644
index 0000000..bc8adb1
--- /dev/null
+++ b/debian/patches/CVE-2011-2588.patch
@@ -0,0 +1,29 @@
+From: Rémi Denis-Courmont <remi at remlab.net>
+Subject: [PATCH 2/2] AVI: fix heap buffer overflow (CVE-2011-2588)
+Origin: upstream, http://git.videolan.org/?p=vlc/vlc-1.1.git;a=commit;h=6953ce0862161d09c2b7ca8686a550527a11b9a2
+
+---
+ modules/demux/avi/libavi.c |    5 +++--
+ 1 files changed, 3 insertions(+), 2 deletions(-)
+
+--- a/modules/demux/avi/libavi.c
++++ b/modules/demux/avi/libavi.c
+@@ -384,7 +384,8 @@
+         case( AVIFOURCC_vids ):
+             p_strh->strh.i_samplesize = 0; /* XXX for ffmpeg avi file */
+             p_chk->strf.vids.i_cat = VIDEO_ES;
+-            p_chk->strf.vids.p_bih = malloc( p_chk->common.i_chunk_size );
++            p_chk->strf.vids.p_bih = malloc( __MAX( p_chk->common.i_chunk_size,
++                                         sizeof( *p_chk->strf.vids.p_bih ) ) );
+             AVI_READ4BYTES( p_chk->strf.vids.p_bih->biSize );
+             AVI_READ4BYTES( p_chk->strf.vids.p_bih->biWidth );
+             AVI_READ4BYTES( p_chk->strf.vids.p_bih->biHeight );
+@@ -400,7 +401,7 @@
+             {
+                 p_chk->strf.vids.p_bih->biSize = p_chk->common.i_chunk_size;
+             }
+-            if( p_chk->common.i_chunk_size - sizeof(BITMAPINFOHEADER) > 0 )
++            if( p_chk->common.i_chunk_size > sizeof(BITMAPINFOHEADER) )
+             {
+                 memcpy( &p_chk->strf.vids.p_bih[1],
+                         p_buff + 8 + sizeof(BITMAPINFOHEADER), /* 8=fourrc+size */
diff --git a/debian/patches/series b/debian/patches/series
index d1b5d19..b4d38b2 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -23,3 +23,4 @@ mkv-input-validation.diff
 CVE-2010-327x.patch
 CVE-2011-1684.patch
 fix-xspf-integer-overflow.patch
+CVE-2011-2588.patch

-- 
VLC media player packaging

More information about the pkg-multimedia-commits mailing list