1 files changed, 32 insertions, 0 deletions

diff --git a/meta/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/0001-smackerdec-Check-that-the-last-indexes-are-within-th.patch b/meta/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/0001-smackerdec-Check-that-the-last-indexes-are-within-th.patch
new file mode 100644
index 0000000000..15b161469c
--- /dev/null
+++ b/meta/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/0001-smackerdec-Check-that-the-last-indexes-are-within-th.patch
@@ -0,0 +1,32 @@
+gst-ffmpeg: smackerdec: Check that the last indexes are within the
+ table.
+
+Fixes CVE-2011-3944
+
+Upstream-Status: Backport 
+
+Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
+Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
+---
+ libavcodec/smacker.c |    5 +++++
+ 1 files changed, 5 insertions(+), 0 deletions(-)
+
+diff --git a/libavcodec/smacker.c b/libavcodec/smacker.c
+index 30f99b4..2a8bae8 100644
+--- a/gst-libs/ext/libav/libavcodec/smacker.c
++++ b/gst-libs/ext/libav/libavcodec/smacker.c
+@@ -259,6 +259,11 @@ static int smacker_decode_header_tree(SmackVContext *smk, GetBitContext *gb, int
+     if(ctx.last[0] == -1) ctx.last[0] = huff.current++;
+     if(ctx.last[1] == -1) ctx.last[1] = huff.current++;
+     if(ctx.last[2] == -1) ctx.last[2] = huff.current++;
++    if(huff.current > huff.length){
++        ctx.last[0] = ctx.last[1] = ctx.last[2] = 1;
++        av_log(smk->avctx, AV_LOG_ERROR, "bigtree damaged\n");
++        return -1;
++    }
+ 
+     *recodes = huff.values;
+ 
+-- 
+1.7.5.4
+