[SCM] vlc/squeeze: AVI: fix heap buffer overflow (CVE-2011-2588)
xtophe-guest at users.alioth.debian.org
xtophe-guest at users.alioth.debian.org
Fri Jul 29 22:58:32 UTC 2011
The following commit has been merged in the squeeze branch:
commit a57c07aa0293f8dc23c3f806d8c2517e996c3752
Author: Benjamin Drung <bdrung at debian.org>
Date: Mon Jul 18 15:43:40 2011 +0200
AVI: fix heap buffer overflow (CVE-2011-2588)
Signed-off-by: Christophe Mutricy <xtophe at chewa.net>
diff --git a/debian/patches/CVE-2011-2588.patch b/debian/patches/CVE-2011-2588.patch
new file mode 100644
index 0000000..bc8adb1
--- /dev/null
+++ b/debian/patches/CVE-2011-2588.patch
@@ -0,0 +1,29 @@
+From: Rémi Denis-Courmont <remi at remlab.net>
+Subject: [PATCH 2/2] AVI: fix heap buffer overflow (CVE-2011-2588)
+Origin: upstream, http://git.videolan.org/?p=vlc/vlc-1.1.git;a=commit;h=6953ce0862161d09c2b7ca8686a550527a11b9a2
+
+---
+ modules/demux/avi/libavi.c | 5 +++--
+ 1 files changed, 3 insertions(+), 2 deletions(-)
+
+--- a/modules/demux/avi/libavi.c
++++ b/modules/demux/avi/libavi.c
+@@ -384,7 +384,8 @@
+ case( AVIFOURCC_vids ):
+ p_strh->strh.i_samplesize = 0; /* XXX for ffmpeg avi file */
+ p_chk->strf.vids.i_cat = VIDEO_ES;
+- p_chk->strf.vids.p_bih = malloc( p_chk->common.i_chunk_size );
++ p_chk->strf.vids.p_bih = malloc( __MAX( p_chk->common.i_chunk_size,
++ sizeof( *p_chk->strf.vids.p_bih ) ) );
+ AVI_READ4BYTES( p_chk->strf.vids.p_bih->biSize );
+ AVI_READ4BYTES( p_chk->strf.vids.p_bih->biWidth );
+ AVI_READ4BYTES( p_chk->strf.vids.p_bih->biHeight );
+@@ -400,7 +401,7 @@
+ {
+ p_chk->strf.vids.p_bih->biSize = p_chk->common.i_chunk_size;
+ }
+- if( p_chk->common.i_chunk_size - sizeof(BITMAPINFOHEADER) > 0 )
++ if( p_chk->common.i_chunk_size > sizeof(BITMAPINFOHEADER) )
+ {
+ memcpy( &p_chk->strf.vids.p_bih[1],
+ p_buff + 8 + sizeof(BITMAPINFOHEADER), /* 8=fourrc+size */
diff --git a/debian/patches/series b/debian/patches/series
index 4399984..af3643c 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -11,3 +11,4 @@ CVE-2010-3275-CVE-2010-3276.diff
debian-changes-1.1.3-1squeeze5
CVE-2011-2194.diff
CVE-2011-2587.patch
+CVE-2011-2588.patch
--
VLC media player packaging
More information about the pkg-multimedia-commits
mailing list