diff options
author | tonnerre <tonnerre@pkgsrc.org> | 2008-07-03 21:50:02 +0000 |
---|---|---|
committer | tonnerre <tonnerre@pkgsrc.org> | 2008-07-03 21:50:02 +0000 |
commit | 2ffe894336c19ab0456942afe7ca783254ff70e9 (patch) | |
tree | 5892b45fe7860b2d11533d7b1e1b8fa25b10b5ab /multimedia/vlc | |
parent | e2494a0a750bf28f3f568dd2f38d313bdb1b45e7 (diff) | |
download | pkgsrc-2ffe894336c19ab0456942afe7ca783254ff70e9.tar.gz |
Fix vlc wav handling heap overflow. A specially crafted .WAV file could
be used to achieve that with an overly large fmt chunk. (CVE-2008-2430)
Diffstat (limited to 'multimedia/vlc')
-rw-r--r-- | multimedia/vlc/Makefile | 4 | ||||
-rw-r--r-- | multimedia/vlc/distinfo | 3 | ||||
-rw-r--r-- | multimedia/vlc/patches/patch-ae | 43 |
3 files changed, 47 insertions, 3 deletions
diff --git a/multimedia/vlc/Makefile b/multimedia/vlc/Makefile index 5c3e1295fbe..02658a6358f 100644 --- a/multimedia/vlc/Makefile +++ b/multimedia/vlc/Makefile @@ -1,9 +1,9 @@ -# $NetBSD: Makefile,v 1.56 2008/06/20 01:09:29 joerg Exp $ +# $NetBSD: Makefile,v 1.57 2008/07/03 21:50:02 tonnerre Exp $ # DISTNAME= vlc-${VLC_VER} VLC_VER= 0.8.6f -PKGREVISION= 1 +PKGREVISION= 2 CATEGORIES= multimedia MASTER_SITES= http://download.videolan.org/pub/videolan/vlc/${VLC_VER}/ EXTRACT_SUFX= .tar.bz2 diff --git a/multimedia/vlc/distinfo b/multimedia/vlc/distinfo index 6e3332e5204..11d25665d65 100644 --- a/multimedia/vlc/distinfo +++ b/multimedia/vlc/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.16 2008/04/20 15:31:02 tonnerre Exp $ +$NetBSD: distinfo,v 1.17 2008/07/03 21:50:02 tonnerre Exp $ SHA1 (vlc-0.8.6f.tar.bz2) = 9684bb7504636d3e3143734698c2bbac250f4a03 RMD160 (vlc-0.8.6f.tar.bz2) = c52d0cb7e8ba36f9d0959b9d6e1e8b1b36b71b04 @@ -7,3 +7,4 @@ SHA1 (patch-aa) = 497a83bb0f1e2c095a81aa84115e66b56dd47e2c SHA1 (patch-ab) = c311b82c00f1eea164189a9759c9ca576faec671 SHA1 (patch-ac) = 69f90b13aa4c398a00c12279c8bd8af922e9e8aa SHA1 (patch-ad) = 29660533b468e6871fa8104e081f9321cfb30aa5 +SHA1 (patch-ae) = 21b6292e77469375edbfb7b828e298427e1ed118 diff --git a/multimedia/vlc/patches/patch-ae b/multimedia/vlc/patches/patch-ae new file mode 100644 index 00000000000..51701369f3e --- /dev/null +++ b/multimedia/vlc/patches/patch-ae @@ -0,0 +1,43 @@ +$NetBSD: patch-ae,v 1.5 2008/07/03 21:50:02 tonnerre Exp $ + +--- modules/demux/wav.c.orig 2008-03-23 23:41:49.000000000 +0100 ++++ modules/demux/wav.c +@@ -103,7 +103,8 @@ static int Open( vlc_object_t * p_this ) + demux_sys_t *p_sys; + + uint8_t *p_peek; +- unsigned int i_size, i_extended; ++ uint32_t i_size; ++ unsigned int i_extended; + char *psz_name; + + WAVEFORMATEXTENSIBLE *p_wf_ext = NULL; +@@ -136,7 +137,8 @@ static int Open( vlc_object_t * p_this ) + msg_Err( p_demux, "cannot find 'fmt ' chunk" ); + goto error; + } +- if( i_size < sizeof( WAVEFORMATEX ) - 2 ) /* XXX -2 isn't a typo */ ++ i_size += 2; ++ if( i_size < sizeof( WAVEFORMATEX ) ) + { + msg_Err( p_demux, "invalid 'fmt ' chunk" ); + goto error; +@@ -144,14 +146,15 @@ static int Open( vlc_object_t * p_this ) + stream_Read( p_demux->s, NULL, 8 ); /* Cannot fail */ + + /* load waveformatex */ +- p_wf_ext = malloc( __EVEN( i_size ) + 2 ); ++ p_wf_ext = malloc( i_size ); + if( p_wf_ext == NULL ) + goto error; + + p_wf = (WAVEFORMATEX *)p_wf_ext; + p_wf->cbSize = 0; +- if( stream_Read( p_demux->s, +- p_wf, __EVEN( i_size ) ) < (int)__EVEN( i_size ) ) ++ i_size -= 2; ++ if( stream_Read( p_demux->s, p_wf, i_size ) != (int)i_size ++ || ( ( i_size & 1 ) && stream_Read( p_demux->s, NULL, 1 ) != 1 ) ) + { + msg_Err( p_demux, "cannot load 'fmt ' chunk" ); + goto error; |