summaryrefslogtreecommitdiff
path: root/multimedia/mplayer-share
diff options
context:
space:
mode:
authordrochner <drochner>2007-09-13 19:16:01 +0000
committerdrochner <drochner>2007-09-13 19:16:01 +0000
commitf2c119a310cf83da5afd898e3e9be1f5860fd3ba (patch)
tree8cee033d941914021ef4a28fb02e2c9c627632ff /multimedia/mplayer-share
parent852445265eb1afe752c4a260972e9e7f75f00787 (diff)
downloadpkgsrc-f2c119a310cf83da5afd898e3e9be1f5860fd3ba.tar.gz
apply a security fix from upstream CVS:
Check wLongsPerEntry before using it. This fixes a potential crash for some values of it. As a side effect it works around broken callocs with an integer overflow vulnerability, but using MPlayer on such systems should never be assumed to be safe! This should fix SA26806 (http://secunia.com/advisories/26806/). bump PKGREVISIONs
Diffstat (limited to 'multimedia/mplayer-share')
-rw-r--r--multimedia/mplayer-share/distinfo3
-rw-r--r--multimedia/mplayer-share/patches/patch-al26
2 files changed, 28 insertions, 1 deletions
diff --git a/multimedia/mplayer-share/distinfo b/multimedia/mplayer-share/distinfo
index 201e5c031b5..9680bc4fdd9 100644
--- a/multimedia/mplayer-share/distinfo
+++ b/multimedia/mplayer-share/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.41 2007/07/05 05:18:50 wiz Exp $
+$NetBSD: distinfo,v 1.42 2007/09/13 19:16:01 drochner Exp $
SHA1 (mplayer-1.0rc9/MPlayer-1.0rc1.tar.bz2) = a450c0b0749c343a8496ba7810363c9d46dfa73c
RMD160 (mplayer-1.0rc9/MPlayer-1.0rc1.tar.bz2) = 8cea02e832aec5d9e090829d61d0f131dcc177a2
@@ -13,6 +13,7 @@ SHA1 (patch-ah) = 7aeb9f04d622fcad8c40dc9edbb0a58277fc622b
SHA1 (patch-ai) = bcf45db81587d99fc69ae5fcf89ff4a4b8f6f53c
SHA1 (patch-aj) = 40ba1625f85f0264628013ad0209aa095e8e5d3f
SHA1 (patch-ak) = f095e2824fd54ec7a8ea7a8a59641743c1b65191
+SHA1 (patch-al) = cd378430de97b2492d524764e2f4f010bab4474c
SHA1 (patch-ba) = bdb20f4ead6f55c0847534b5b1f06ea865e438e6
SHA1 (patch-bb) = 554ca2074716ada4f817f55be61e808e1dc5c93e
SHA1 (patch-bc) = c073f6e5d2d71030346fda82ff3a1f474ad49c0f
diff --git a/multimedia/mplayer-share/patches/patch-al b/multimedia/mplayer-share/patches/patch-al
new file mode 100644
index 00000000000..eaf84a00084
--- /dev/null
+++ b/multimedia/mplayer-share/patches/patch-al
@@ -0,0 +1,26 @@
+$NetBSD: patch-al,v 1.1 2007/09/13 19:16:01 drochner Exp $
+
+--- libmpdemux/aviheader.c.orig 2007-09-13 20:25:34.000000000 +0200
++++ libmpdemux/aviheader.c
+@@ -227,16 +227,16 @@ while(1){
+
+ print_avisuperindex_chunk(s,MSGL_V);
+
+- if( ((chunksize/4)/s->wLongsPerEntry) < s->nEntriesInUse){
+- mp_msg (MSGT_HEADER, MSGL_WARN, "Broken super index chunk\n");
+- s->nEntriesInUse = (chunksize/4)/s->wLongsPerEntry;
+- }
+-
+ // Check and fix this useless crap
+ if(s->wLongsPerEntry != sizeof (avisuperindex_entry)/4) {
+ mp_msg (MSGT_HEADER, MSGL_WARN, "Broken super index chunk size: %u\n",s->wLongsPerEntry);
+ s->wLongsPerEntry = sizeof(avisuperindex_entry)/4;
+ }
++ if( ((chunksize/4)/s->wLongsPerEntry) < s->nEntriesInUse){
++ mp_msg (MSGT_HEADER, MSGL_WARN, "Broken super index chunk\n");
++ s->nEntriesInUse = (chunksize/4)/s->wLongsPerEntry;
++ }
++
+ s->aIndex = calloc(s->nEntriesInUse, sizeof (avisuperindex_entry));
+ s->stdidx = calloc(s->nEntriesInUse, sizeof (avistdindex_chunk));
+