[SCM] mplayer/master: Add CVE-2016-4352.patch to fix CVE-2016-4352 - Mplayer/Mencoder integer overflow parsing gif files. (Closes: #823723)

mati75-guest at users.alioth.debian.org mati75-guest at users.alioth.debian.org
Sun May 8 18:35:08 UTC 2016 

The following commit has been merged in the master branch:
commit 0e4955c6fb56ea86fd6fa26b20923fcdcf61a8ee
Author: Mateusz Łukasik <mati75 at linuxmint.pl>
Date:   Sun May 8 20:35:26 2016 +0200

    Add CVE-2016-4352.patch to fix CVE-2016-4352 - Mplayer/Mencoder integer overflow parsing gif files. (Closes: #823723)

diff --git a/debian/changelog b/debian/changelog
index 278dc58..f4252dd 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -4,6 +4,9 @@ mplayer (2:1.3.0-2) UNRELEASED; urgency=medium
   * debian/control:
     - Add transitional package mplayer2 for upgrades from jessie Jessie.
     (Closes: #823589)
+  * debian/patches:
+    - Add CVE-2016-4352.patch to fix CVE-2016-4352 - Mplayer/Mencoder integer 
+     overflow parsing gif files. (Closes: #823723)
 
  -- Mateusz Łukasik <mati75 at linuxmint.pl>  Sun, 08 May 2016 20:19:11 +0200
 
diff --git a/debian/patches/CVE-2016-4352.patch b/debian/patches/CVE-2016-4352.patch
new file mode 100644
index 0000000..cfcee47
--- /dev/null
+++ b/debian/patches/CVE-2016-4352.patch
@@ -0,0 +1,26 @@
+Description: Validate image size in demux_gif
+
+Fixes crash with -vo null and overflow.gif
+Reported by Gustavo Grieco
+Debian-Bug: https://bugs.debian.org/823723
+
+--- a/libmpdemux/demux_gif.c
++++ b/libmpdemux/demux_gif.c
+@@ -265,6 +265,17 @@
+     return NULL;
+   }
+ 
++  // Validate image size, most code in this demuxer assumes w*h <= INT_MAX
++  if ((int64_t)gif->SWidth * gif->SHeight > INT_MAX) {
++    mp_msg(MSGT_DEMUX, MSGL_ERR,
++           "[demux_gif] Unsupported picture size %dx%d.\n", gif->SWidth,
++           gif->SHeight);
++    if (DGifCloseFile(gif) == GIF_ERROR)
++      PrintGifError();
++    free(priv);
++    return NULL;
++  }
++
+   // create a new video stream header
+   sh_video = new_sh_video(demuxer, 0);
+ 
diff --git a/debian/patches/series b/debian/patches/series
index 9fea944..f4f96be 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -3,3 +3,4 @@
 #0200_Hurd_PATH_MAX.patch
 0201_PATH_MAX_HURD.patch
 0003_fix_spelling_error_in_binary.patch
+CVE-2016-4352.patch

-- 
mplayer packaging

More information about the pkg-multimedia-commits mailing list