Bug#507165: patch
tags 507165 patch
thanks
attached is what i believe is a patch for this problem against the version
in unstable. i haven't tested this yet, but it looks very straightforward...
review appreciated in any event.
i'm rolling this along with the patch for the CVE-2008-5234 into an
upcoming nmu.
sean
--
--- old/src/demuxers/demux_qt.c 2008-12-26 20:20:39.0 +0100
+++ good/src/demuxers/demux_qt.c 2008-12-26 20:26:32.0 +0100
@@ -947,10 +947,18 @@
/* allocate space for each of the properties unions */
trak-stsd_atoms_count = _X_BE_32(trak_atom[i + 8]);
- trak-stsd_atoms = calloc(trak-stsd_atoms_count, sizeof(properties_t));
- if (!trak-stsd_atoms) {
-last_error = QT_NO_MEMORY;
+ /* add sanity check on user-supplied data */
+ if(trak-stsd_atoms_count = 0) {
+last_error = QT_NOT_A_VALID_FILE;
+trak-stsd_atoms_count = 0;
+trak-stsd_atoms = NULL;
goto free_trak;
+ } else {
+trak-stsd_atoms = calloc(trak-stsd_atoms_count, sizeof(properties_t));
+if (!trak-stsd_atoms) {
+ last_error = QT_NO_MEMORY;
+ goto free_trak;
+}
}
atom_pos = i + 0x10;
signature.asc
Description: Digital signature
Bug#507165: patch
I demand that sean finney may or may not have written... attached is what i believe is a patch for this problem against the version in unstable. i haven't tested this yet, but it looks very straightforward... review appreciated in any event. i'm rolling this along with the patch for the CVE-2008-5234 into an upcoming nmu. Not needed. We already have a patch which, along with some others, is waiting for review before I commit them, release 1.1.16 then backport the patches for lenny. [m-f-t set] -- | Darren Salt| linux or ds at | nr. Ashington, | Toon | RISC OS, Linux | youmustbejoking,demon,co,uk | Northumberland | Army | + Generate power using sun, wind, water, nuclear. FORGET COAL AND OIL. The tigers of wrath are wiser than the horses of instruction. -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
