blob: 5dda4cca2817a76c1cf6b48cf06a793d092b0c02 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
|
From dc68faf8339a885bc55fabe5b01f1de4f8f3782c Mon Sep 17 00:00:00 2001
From: Kai Kang <kai.kang@windriver.com>
Date: Wed, 13 May 2015 16:30:53 +0800
Subject: [PATCH 1/2] gst-ffmpeg: fix CVE-2014-9603
Upstream-Status: Backport
Upstream is version 2.x and vmdav.c is splitted into 2 files vmdaudio.c
and vmdvideo.c. Becuase source code changes, just partly backport commit which
is applicable to version 0.10.13 to fix CVE-2014-9603.
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=3030fb7e0d41836f8add6399e9a7c7b740b48bfd
Signed-off-by: Kai Kang <kai.kang@windriver.com>
---
gst-libs/ext/libav/libavcodec/vmdav.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/gst-libs/ext/libav/libavcodec/vmdav.c b/gst-libs/ext/libav/libavcodec/vmdav.c
index d258252..ba88ad8 100644
--- a/gst-libs/ext/libav/libavcodec/vmdav.c
+++ b/gst-libs/ext/libav/libavcodec/vmdav.c
@@ -294,10 +294,13 @@ static void vmd_decode(VmdVideoContext *s)
len = *pb++;
if (len & 0x80) {
len = (len & 0x7F) + 1;
- if (*pb++ == 0xFF)
+ if (*pb++ == 0xFF) {
len = rle_unpack(pb, &dp[ofs], len, frame_width - ofs);
- else
+ } else {
+ if (ofs + len > frame_width)
+ return;
memcpy(&dp[ofs], pb, len);
+ }
pb += len;
ofs += len;
} else {
--
1.9.1
|
