vlc/vlc-2.2 | branch: master | Jean-Baptiste Kempf <[email protected]> | Tue Dec 6 16:30:36 2016 +0100| [fd409b86d82f27cd6626bc22730b87f9d57407bb] | committer: Jean-Baptiste Kempf
Contribs: fix libavcodec xwd crash Close #17418 > http://git.videolan.org/gitweb.cgi/vlc/vlc-2.2.git/?a=commit;h=fd409b86d82f27cd6626bc22730b87f9d57407bb --- contrib/src/ffmpeg/rules.mak | 1 + ...-8431629dd112874293380a6d8a852459fc1a76b6.patch | 31 ++++++++++++++++++++++ 2 files changed, 32 insertions(+) diff --git a/contrib/src/ffmpeg/rules.mak b/contrib/src/ffmpeg/rules.mak index 80fdc29..e84c39a 100644 --- a/contrib/src/ffmpeg/rules.mak +++ b/contrib/src/ffmpeg/rules.mak @@ -165,6 +165,7 @@ ffmpeg: ffmpeg-$(HASH).tar.xz .sum-ffmpeg rm -Rf $@ $@-$(HASH) mkdir -p $@-$(HASH) $(XZCAT) "$<" | (cd $@-$(HASH) && tar xv --strip-components=1) + $(APPLY) $(SRC)/ffmpeg/xwd-8431629dd112874293380a6d8a852459fc1a76b6.patch $(MOVE) .ffmpeg: ffmpeg diff --git a/contrib/src/ffmpeg/xwd-8431629dd112874293380a6d8a852459fc1a76b6.patch b/contrib/src/ffmpeg/xwd-8431629dd112874293380a6d8a852459fc1a76b6.patch new file mode 100644 index 0000000..b53b1a1 --- /dev/null +++ b/contrib/src/ffmpeg/xwd-8431629dd112874293380a6d8a852459fc1a76b6.patch @@ -0,0 +1,31 @@ +From 8431629dd112874293380a6d8a852459fc1a76b6 Mon Sep 17 00:00:00 2001 +From: Andreas Cadhalpun <[email protected]> +Date: Fri, 18 Dec 2015 19:28:51 +0100 +Subject: [PATCH 1/1] xwddec: prevent overflow of lsize * avctx->height + +This is used to check if the input buffer is larger enough, so if this +overflows it can cause a false negative leading to a segmentation fault +in bytestream2_get_bufferu. + +Signed-off-by: Andreas Cadhalpun <[email protected]> +Signed-off-by: Anton Khirnov <[email protected]> +--- + libavcodec/xwddec.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/libavcodec/xwddec.c b/libavcodec/xwddec.c +index f6d3d97..1c9874a 100644 +--- a/libavcodec/xwddec.c ++++ b/libavcodec/xwddec.c +@@ -141,7 +141,7 @@ static int xwd_decode_frame(AVCodecContext *avctx, void *data, + return AVERROR_INVALIDDATA; + } + +- if (bytestream2_get_bytes_left(&gb) < ncolors * XWD_CMAP_SIZE + avctx->height * lsize) { ++ if (bytestream2_get_bytes_left(&gb) < ncolors * XWD_CMAP_SIZE + (uint64_t)avctx->height * lsize) { + av_log(avctx, AV_LOG_ERROR, "input buffer too small\n"); + return AVERROR_INVALIDDATA; + } +-- +1.7.10.4 + _______________________________________________ vlc-commits mailing list [email protected] https://mailman.videolan.org/listinfo/vlc-commits
