[SCM] vlc/master: Also apply patch for CVE-2017-9300
sramacher at users.alioth.debian.org
sramacher at users.alioth.debian.org
Tue Jul 11 20:00:30 UTC 2017
The following commit has been merged in the master branch:
commit 90e75d7e74e973e63a45dd13e491c4f9281ff4df
Author: Sebastian Ramacher <sramacher at debian.org>
Date: Tue Jul 11 21:12:17 2017 +0200
Also apply patch for CVE-2017-9300
diff --git a/debian/patches/0011-Fix-CVE-2017-10699.patch b/debian/patches/0011-codec-avcodec-check-avcodec-visible-sizes.patch
similarity index 84%
rename from debian/patches/0011-Fix-CVE-2017-10699.patch
rename to debian/patches/0011-codec-avcodec-check-avcodec-visible-sizes.patch
index ed21b37..9955126 100644
--- a/debian/patches/0011-Fix-CVE-2017-10699.patch
+++ b/debian/patches/0011-codec-avcodec-check-avcodec-visible-sizes.patch
@@ -1,7 +1,6 @@
-From 6cc73bcad19da2cd2e95671173f2e0d203a57e9b Mon Sep 17 00:00:00 2001
From: Francois Cartegnie <fcvlcdev at free.fr>
Date: Thu, 29 Jun 2017 09:45:20 +0200
-Subject: [PATCH] codec: avcodec: check avcodec visible sizes
+Subject: codec: avcodec: check avcodec visible sizes
refs #18467
---
@@ -9,7 +8,7 @@ refs #18467
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/modules/codec/avcodec/video.c b/modules/codec/avcodec/video.c
-index 1bcad21ad2..ce5254423e 100644
+index a19e7f6..b8b713f 100644
--- a/modules/codec/avcodec/video.c
+++ b/modules/codec/avcodec/video.c
@@ -137,9 +137,11 @@ static inline picture_t *ffmpeg_NewPictBuf( decoder_t *p_dec,
@@ -26,6 +25,3 @@ index 1bcad21ad2..ce5254423e 100644
return NULL; /* invalid display size */
}
p_dec->fmt_out.video.i_width = width;
---
-2.11.0
-
diff --git a/debian/patches/0012-Fix-CVE-2017-10699.patch b/debian/patches/0012-decoder-check-visible-size-when-creating-buffer.patch
similarity index 82%
rename from debian/patches/0012-Fix-CVE-2017-10699.patch
rename to debian/patches/0012-decoder-check-visible-size-when-creating-buffer.patch
index 47dd292..9601a20 100644
--- a/debian/patches/0012-Fix-CVE-2017-10699.patch
+++ b/debian/patches/0012-decoder-check-visible-size-when-creating-buffer.patch
@@ -1,7 +1,6 @@
-From a38a85db58c569cc592d9380cc07096757ef3d49 Mon Sep 17 00:00:00 2001
From: Francois Cartegnie <fcvlcdev at free.fr>
Date: Thu, 29 Jun 2017 11:09:02 +0200
-Subject: [PATCH] decoder: check visible size when creating buffer
+Subject: decoder: check visible size when creating buffer
early reject invalid visible size
mishandled by filters.
@@ -12,7 +11,7 @@ refs #18467
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/src/input/decoder.c b/src/input/decoder.c
-index 2c0823feb5..a216165272 100644
+index 9f7dc18..cfc15ed 100644
--- a/src/input/decoder.c
+++ b/src/input/decoder.c
@@ -2060,7 +2060,9 @@ static picture_t *vout_new_buffer( decoder_t *p_dec )
@@ -26,6 +25,3 @@ index 2c0823feb5..a216165272 100644
{
/* Can't create a new vout without display size */
return NULL;
---
-2.11.0
-
diff --git a/debian/patches/0013-codec-flac-fix-heap-write-overflow-on-frame-format-c.patch b/debian/patches/0013-codec-flac-fix-heap-write-overflow-on-frame-format-c.patch
new file mode 100644
index 0000000..253a3f0
--- /dev/null
+++ b/debian/patches/0013-codec-flac-fix-heap-write-overflow-on-frame-format-c.patch
@@ -0,0 +1,154 @@
+From: Francois Cartegnie <fcvlcdev at free.fr>
+Date: Wed, 31 May 2017 13:02:29 +0200
+Subject: codec: flac: fix heap write overflow on frame format change
+
+bp of 83b646f1e8fb89f99064d9aaef3754ccc77bbeac
+---
+ modules/codec/flac.c | 92 +++++++++++++++++++++++++++++++++++-----------------
+ 1 file changed, 63 insertions(+), 29 deletions(-)
+
+diff --git a/modules/codec/flac.c b/modules/codec/flac.c
+index 8ab1cb4..8cb1222 100644
+--- a/modules/codec/flac.c
++++ b/modules/codec/flac.c
+@@ -64,6 +64,8 @@ struct decoder_sys_t
+ */
+ FLAC__StreamDecoder *p_flac;
+ FLAC__StreamMetadata_StreamInfo stream_info;
++
++ uint8_t rgi_channels_reorder[AOUT_CHAN_MAX];
+ bool b_stream_info;
+ };
+
+@@ -87,6 +89,19 @@ static const int pi_channels_maps[9] =
+ | AOUT_CHAN_LFE
+ };
+
++/* XXX it supposes our internal format is WG4 */
++static const uint8_t ppi_reorder[1+8][8] = {
++ { },
++ { 0, },
++ { 0, 1 },
++ { 0, 1, 2 },
++ { 0, 1, 2, 3 },
++ { 0, 1, 3, 4, 2 },
++ { 0, 1, 4, 5, 2, 3 },
++ { 0, 1, 5, 6, 4, 2, 3 },
++ { 0, 1, 6, 7, 4, 5, 2, 3 },
++};
++
+ /*****************************************************************************
+ * Local prototypes
+ *****************************************************************************/
+@@ -143,6 +158,29 @@ static void Interleave( int32_t *p_out, const int32_t * const *pp_in,
+ }
+
+ /*****************************************************************************
++ * DecoderSetOutputFormat: helper function to convert and check frame format
++ *****************************************************************************/
++static int DecoderSetOutputFormat( unsigned i_channels, unsigned i_rate,
++ unsigned i_streaminfo_rate,
++ unsigned i_bitspersample,
++ audio_format_t *fmt,
++ uint8_t *pi_channels_reorder )
++{
++ if( i_channels == 0 || i_channels > FLAC__MAX_CHANNELS ||
++ i_bitspersample == 0 || (i_rate == 0 && i_streaminfo_rate == 0) )
++ return VLC_EGENERIC;
++
++ fmt->i_channels = i_channels;
++ fmt->i_rate = (i_rate > 0 ) ? i_rate : i_streaminfo_rate;
++ fmt->i_physical_channels =
++ fmt->i_original_channels = pi_channels_maps[i_channels];
++ memcpy( pi_channels_reorder, ppi_reorder[i_channels], i_channels );
++ fmt->i_bitspersample = i_bitspersample;
++
++ return VLC_SUCCESS;
++}
++
++/*****************************************************************************
+ * DecoderWriteCallback: called by libflac to output decoded samples
+ *****************************************************************************/
+ static FLAC__StreamDecoderWriteStatus
+@@ -150,30 +188,31 @@ DecoderWriteCallback( const FLAC__StreamDecoder *decoder,
+ const FLAC__Frame *frame,
+ const FLAC__int32 *const buffer[], void *client_data )
+ {
+- /* XXX it supposes our internal format is WG4 */
+- static const unsigned char ppi_reorder[1+8][8] = {
+- { },
+- { 0, },
+- { 0, 1 },
+- { 0, 1, 2 },
+- { 0, 1, 2, 3 },
+- { 0, 1, 3, 4, 2 },
+- { 0, 1, 4, 5, 2, 3 },
+- { 0, 1, 5, 6, 4, 2, 3 },
+- { 0, 1, 6, 7, 4, 5, 2, 3 },
+- };
+-
+ VLC_UNUSED(decoder);
+ decoder_t *p_dec = (decoder_t *)client_data;
+ decoder_sys_t *p_sys = p_dec->p_sys;
+
+- if( p_dec->fmt_out.audio.i_channels <= 0 ||
+- p_dec->fmt_out.audio.i_channels > 8 )
++ if( DecoderSetOutputFormat( frame->header.channels,
++ frame->header.sample_rate,
++ p_sys->b_stream_info ? p_sys->stream_info.sample_rate : 0,
++ frame->header.bits_per_sample,
++ &p_dec->fmt_out.audio,
++ p_sys->rgi_channels_reorder ) )
+ return FLAC__STREAM_DECODER_WRITE_STATUS_CONTINUE;
+- if( date_Get( &p_sys->end_date ) <= VLC_TS_INVALID )
++
++ if( p_sys->end_date.i_divider_num != p_dec->fmt_out.audio.i_rate )
++ {
++ if( p_sys->end_date.i_divider_num > 0 )
++ date_Change( &p_sys->end_date, p_dec->fmt_out.audio.i_rate, 1 );
++ else
++ date_Init( &p_sys->end_date, p_dec->fmt_out.audio.i_rate, 1 );
++ }
++
++ if( decoder_UpdateAudioFormat( p_dec ) )
+ return FLAC__STREAM_DECODER_WRITE_STATUS_CONTINUE;
+
+- const unsigned char *pi_reorder = ppi_reorder[p_dec->fmt_out.audio.i_channels];
++ if( date_Get( &p_sys->end_date ) <= VLC_TS_INVALID )
++ return FLAC__STREAM_DECODER_WRITE_STATUS_CONTINUE;
+
+ p_sys->p_aout_buffer =
+ decoder_NewAudioBuffer( p_dec, frame->header.blocksize );
+@@ -181,7 +220,8 @@ DecoderWriteCallback( const FLAC__StreamDecoder *decoder,
+ if( p_sys->p_aout_buffer == NULL )
+ return FLAC__STREAM_DECODER_WRITE_STATUS_CONTINUE;
+
+- Interleave( (int32_t *)p_sys->p_aout_buffer->p_buffer, buffer, pi_reorder,
++ Interleave( (int32_t *)p_sys->p_aout_buffer->p_buffer, buffer,
++ p_sys->rgi_channels_reorder ,
+ frame->header.channels, frame->header.blocksize,
+ frame->header.bits_per_sample );
+
+@@ -233,17 +273,11 @@ static void DecoderMetadataCallback( const FLAC__StreamDecoder *decoder,
+ decoder_sys_t *p_sys = p_dec->p_sys;
+
+ /* Setup the format */
+- p_dec->fmt_out.audio.i_rate = metadata->data.stream_info.sample_rate;
+- p_dec->fmt_out.audio.i_channels = metadata->data.stream_info.channels;
+- if(metadata->data.stream_info.channels < 9)
+- {
+- p_dec->fmt_out.audio.i_physical_channels =
+- p_dec->fmt_out.audio.i_original_channels =
+- pi_channels_maps[metadata->data.stream_info.channels];
+- }
+- if (!p_dec->fmt_out.audio.i_bitspersample)
+- p_dec->fmt_out.audio.i_bitspersample =
+- metadata->data.stream_info.bits_per_sample;
++ DecoderSetOutputFormat( metadata->data.stream_info.channels,
++ metadata->data.stream_info.sample_rate,
++ metadata->data.stream_info.sample_rate,
++ metadata->data.stream_info.bits_per_sample,
++ &p_dec->fmt_out.audio, p_sys->rgi_channels_reorder );
+
+ msg_Dbg( p_dec, "channels:%d samplerate:%d bitspersamples:%d",
+ p_dec->fmt_out.audio.i_channels, p_dec->fmt_out.audio.i_rate,
diff --git a/debian/patches/series b/debian/patches/series
index 37aeeee..8733a55 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -8,5 +8,6 @@
0008-desktop-file-We-understand-gvp-and-ram-format.patch
0009-desktop-file-more-mimetypes-from-iana.org.patch
0010-MKV-support-WebVTT-subtitles-embedded.patch
-0011-Fix-CVE-2017-10699.patch
-0012-Fix-CVE-2017-10699.patch
+0011-codec-avcodec-check-avcodec-visible-sizes.patch
+0012-decoder-check-visible-size-when-creating-buffer.patch
+0013-codec-flac-fix-heap-write-overflow-on-frame-format-c.patch
--
VLC media player packaging
More information about the pkg-multimedia-commits
mailing list