Bug#509954: marked as done (mpegdemux: integer overflow)

Sat, 11 Apr 2009 07:23:24 -0700 

Your message dated Sat, 11 Apr 2009 13:55:53 +0000
with message-id <[email protected]>
and subject line Bug#509954: fixed in mpegdemux 0.1.3-1
has caused the Debian Bug report #509954,
regarding mpegdemux: integer overflow
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
509954: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=509954
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: mpegdemux
Version: 0.1.2-5
Severity: important
Tags: patch

I was using mpegdemux to demux an mpeg stream I ripped from a dvd, when it
started to malloc about 4 GB of memory and trashing my system.  A bit of
investigation exposed an integer overflow in mpeg_demux.c.

This patch should fix it:


[...@eleanor]/tmp/mpegdemux-0.1.2/src> diff -Naur mpeg_demux.c.orig mpeg_demux.c
diff -Naur mpeg_demux.c.orig mpeg_demux.c
--- mpeg_demux.c.orig   2008-12-27 23:53:03.340719670 +0100
+++ mpeg_demux.c    2008-12-27 23:54:17.506861997 +0100
@@ -186,6 +186,13 @@
     mpegd_skip (mpeg, cnt);
   }
 
+  if ( cnt > mpeg->packet.size )
+  {
+    fprintf( stderr, "Whoopsie, count is less than packet size\n" );
+    fprintf( stderr, "broken MPEG stream bailing out\n" );
+    exit(1);
+  }
+
   cnt = mpeg->packet.size - cnt;
 
   if ((sid == 0xbd) && par_dvdsub) {



-- System Information:
Debian Release: 5.0
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.27.8 (SMP w/2 CPU cores; PREEMPT)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages mpegdemux depends on:
ii  libc6                         2.7-16     GNU C Library: Shared libraries

mpegdemux recommends no packages.

mpegdemux suggests no packages.

-- no debconf information

--- End Message ---
--- Begin Message --- 
Source: mpegdemux
Source-Version: 0.1.3-1

We believe that the bug you reported is fixed in the latest version of
mpegdemux, which is due to be installed in the Debian FTP archive:

mpegdemux_0.1.3-1.diff.gz
  to pool/main/m/mpegdemux/mpegdemux_0.1.3-1.diff.gz
mpegdemux_0.1.3-1.dsc
  to pool/main/m/mpegdemux/mpegdemux_0.1.3-1.dsc
mpegdemux_0.1.3-1_powerpc.deb
  to pool/main/m/mpegdemux/mpegdemux_0.1.3-1_powerpc.deb
mpegdemux_0.1.3.orig.tar.gz
  to pool/main/m/mpegdemux/mpegdemux_0.1.3.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Santiago Vila <[email protected]> (supplier of updated mpegdemux package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sat, 11 Apr 2009 15:32:40 +0200
Source: mpegdemux
Binary: mpegdemux
Architecture: source powerpc
Version: 0.1.3-1
Distribution: unstable
Urgency: low
Maintainer: Santiago Vila <[email protected]>
Changed-By: Santiago Vila <[email protected]>
Description: 
 mpegdemux  - MPEG1/2 system stream demultiplexer
Closes: 509954
Changes: 
 mpegdemux (0.1.3-1) unstable; urgency=low
 .
   * New upstream release.
   * Added debian/watch, fixes lintian warning.
   * Added packet size check and clarified manpage. Closes: #509954.
Checksums-Sha1: 
 a7745a1c7c3d41fab90359ac613bc4d07063a77e 915 mpegdemux_0.1.3-1.dsc
 d764cc9964ec938cd987e274194cec9924248852 60973 mpegdemux_0.1.3.orig.tar.gz
 4eb0cd9576bf48bc02932e7cb8662ea7e5d8ce26 1827 mpegdemux_0.1.3-1.diff.gz
 89c5df56d144bf76240cee52b59f5c6d9dcd3128 22066 mpegdemux_0.1.3-1_powerpc.deb
Checksums-Sha256: 
 0a00ede62f75a61261e99c2a6c3d1205dedc2c2dc5c55397ba2c20dc2f94c3b9 915 
mpegdemux_0.1.3-1.dsc
 dbcedcdab40efcc3436fd7653caf0197076a01c5dd7f0d1c80b21b49b6bc7f20 60973 
mpegdemux_0.1.3.orig.tar.gz
 687e0b22cd70b22aae657253b8a2ad8551bd1ba37d41ea988007ed8922d9b6df 1827 
mpegdemux_0.1.3-1.diff.gz
 d86a5dc716fca7548f5e8caa79ffec7b43536103dcecb7ae4413b9842fd9582e 22066 
mpegdemux_0.1.3-1_powerpc.deb
Files: 
 b8c1eba1471ce608a9d744dc68858086 915 sound optional mpegdemux_0.1.3-1.dsc
 8c1c61d865dc509190a24064330e5910 60973 sound optional 
mpegdemux_0.1.3.orig.tar.gz
 f062b04f5937b5b1ba6b298ec1b6a685 1827 sound optional mpegdemux_0.1.3-1.diff.gz
 ae4e403b9e75de0063f00d06ac838fa7 22066 sound optional 
mpegdemux_0.1.3-1_powerpc.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFJ4J9td9Uuvj7yPNYRAs1/AJ9yEabVeu3dXB+bFH5nZ5JGShhi2gCg1ckH
1rcZ0Oa4YWU+aaH50weIbQc=
=paJI
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to