[SCM] vlc/squeeze: AVI: fix heap buffer overflow (CVE-2011-2588)

xtophe-guest at users.alioth.debian.org xtophe-guest at users.alioth.debian.org
Fri Jul 29 22:58:32 UTC 2011 

The following commit has been merged in the squeeze branch:
commit a57c07aa0293f8dc23c3f806d8c2517e996c3752
Author: Benjamin Drung <bdrung at debian.org>
Date:   Mon Jul 18 15:43:40 2011 +0200

    AVI: fix heap buffer overflow (CVE-2011-2588)
    
    Signed-off-by: Christophe Mutricy <xtophe at chewa.net>

diff --git a/debian/patches/CVE-2011-2588.patch b/debian/patches/CVE-2011-2588.patch
new file mode 100644
index 0000000..bc8adb1
--- /dev/null
+++ b/debian/patches/CVE-2011-2588.patch
@@ -0,0 +1,29 @@
+From: Rémi Denis-Courmont <remi at remlab.net>
+Subject: [PATCH 2/2] AVI: fix heap buffer overflow (CVE-2011-2588)
+Origin: upstream, http://git.videolan.org/?p=vlc/vlc-1.1.git;a=commit;h=6953ce0862161d09c2b7ca8686a550527a11b9a2
+
+---
+ modules/demux/avi/libavi.c |    5 +++--
+ 1 files changed, 3 insertions(+), 2 deletions(-)
+
+--- a/modules/demux/avi/libavi.c
++++ b/modules/demux/avi/libavi.c
+@@ -384,7 +384,8 @@
+         case( AVIFOURCC_vids ):
+             p_strh->strh.i_samplesize = 0; /* XXX for ffmpeg avi file */
+             p_chk->strf.vids.i_cat = VIDEO_ES;
+-            p_chk->strf.vids.p_bih = malloc( p_chk->common.i_chunk_size );
++            p_chk->strf.vids.p_bih = malloc( __MAX( p_chk->common.i_chunk_size,
++                                         sizeof( *p_chk->strf.vids.p_bih ) ) );
+             AVI_READ4BYTES( p_chk->strf.vids.p_bih->biSize );
+             AVI_READ4BYTES( p_chk->strf.vids.p_bih->biWidth );
+             AVI_READ4BYTES( p_chk->strf.vids.p_bih->biHeight );
+@@ -400,7 +401,7 @@
+             {
+                 p_chk->strf.vids.p_bih->biSize = p_chk->common.i_chunk_size;
+             }
+-            if( p_chk->common.i_chunk_size - sizeof(BITMAPINFOHEADER) > 0 )
++            if( p_chk->common.i_chunk_size > sizeof(BITMAPINFOHEADER) )
+             {
+                 memcpy( &p_chk->strf.vids.p_bih[1],
+                         p_buff + 8 + sizeof(BITMAPINFOHEADER), /* 8=fourrc+size */
diff --git a/debian/patches/series b/debian/patches/series
index 4399984..af3643c 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -11,3 +11,4 @@ CVE-2010-3275-CVE-2010-3276.diff
 debian-changes-1.1.3-1squeeze5
 CVE-2011-2194.diff
 CVE-2011-2587.patch
+CVE-2011-2588.patch

-- 
VLC media player packaging

More information about the pkg-multimedia-commits mailing list