summaryrefslogtreecommitdiff
path: root/multimedia
diff options
context:
space:
mode:
authordrochner <drochner>2009-02-02 19:20:48 +0000
committerdrochner <drochner>2009-02-02 19:20:48 +0000
commitc1210f86456bbb9754b5eeb0c259201743e51125 (patch)
tree63db29cf14ede2c0ac2f7ef3d8ceffb50b7a9e8b /multimedia
parent2c8d995b2d628770385967b71df71bb4db8fe0b1 (diff)
downloadpkgsrc-c1210f86456bbb9754b5eeb0c259201743e51125.tar.gz
-add a patch from upstream to fix CVE-2008-3162
(stack-based buffer overflow in the str_read_packet function in libavformat/psxstr.c) -add (a modified version of) the ffmpeg 4xm patch which fixes possible memory corruption bump PKGREVISION
Diffstat (limited to 'multimedia')
-rw-r--r--multimedia/mplayer-share/distinfo4
-rw-r--r--multimedia/mplayer-share/patches/patch-ap54
-rw-r--r--multimedia/mplayer-share/patches/patch-aq20
-rw-r--r--multimedia/mplayer/Makefile4
4 files changed, 79 insertions, 3 deletions
diff --git a/multimedia/mplayer-share/distinfo b/multimedia/mplayer-share/distinfo
index 67647e0ceb7..fd3685277c7 100644
--- a/multimedia/mplayer-share/distinfo
+++ b/multimedia/mplayer-share/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.58 2008/12/20 00:43:47 jmcneill Exp $
+$NetBSD: distinfo,v 1.59 2009/02/02 19:20:48 drochner Exp $
SHA1 (mplayer-1.0rc10/MPlayer-1.0rc2.tar.bz2) = e9b496f3527c552004ec6d01d6b43f196b43ce2d
RMD160 (mplayer-1.0rc10/MPlayer-1.0rc2.tar.bz2) = 3b5cba1529856a177a5191e22f8dcc00b5a83c52
@@ -18,6 +18,8 @@ SHA1 (patch-al) = 9538b10cf5b3802381d7aabc798676b3cb9ef00d
SHA1 (patch-am) = bae1e03f7265cb6b07947f052f0774d1c17da88e
SHA1 (patch-an) = a967a47b0d0846fe89f91f9d3faa6055975a5a73
SHA1 (patch-ao) = ddd85a9bfda237ea923faf0c3677b5e14cff4e0d
+SHA1 (patch-ap) = 83777bac06190f71078435721ad2f7055689f64f
+SHA1 (patch-aq) = 8d77f3fbe5796707f591e0890b54b9f34f649709
SHA1 (patch-ba) = 2683c414fed3a4a6d3b4d47287f43d822339bd4e
SHA1 (patch-bb) = 26d000bcbc94b9139e6dbc79237fdb3a109c6057
SHA1 (patch-bc) = fd46ce3cd6d5f7525e210cf6d475b89573ca988d
diff --git a/multimedia/mplayer-share/patches/patch-ap b/multimedia/mplayer-share/patches/patch-ap
new file mode 100644
index 00000000000..ba49c896e34
--- /dev/null
+++ b/multimedia/mplayer-share/patches/patch-ap
@@ -0,0 +1,54 @@
+$NetBSD: patch-ap,v 1.1 2009/02/02 19:20:49 drochner Exp $
+
+--- libavformat/psxstr.c.orig 2007-10-07 21:49:38.000000000 +0200
++++ libavformat/psxstr.c
+@@ -276,12 +276,23 @@ static int str_read_packet(AVFormatConte
+ int current_sector = AV_RL16(&sector[0x1C]);
+ int sector_count = AV_RL16(&sector[0x1E]);
+ int frame_size = AV_RL32(&sector[0x24]);
+- int bytes_to_copy;
++
++ if(!( frame_size>=0
++ && current_sector < sector_count
++ && sector_count*VIDEO_DATA_CHUNK_SIZE >=frame_size)){
++ av_log(s, AV_LOG_ERROR, "Invalid parameters %d %d %d\n", current_sector, sector_count, frame_size);
++ return AVERROR_INVALIDDATA;
++ }
++
+ // printf("%d %d %d\n",current_sector,sector_count,frame_size);
+ /* if this is the first sector of the frame, allocate a pkt */
+ pkt = &str->tmp_pkt;
+- if (current_sector == 0) {
+- if (av_new_packet(pkt, frame_size))
++
++ if(pkt->size != sector_count*VIDEO_DATA_CHUNK_SIZE){
++ if(pkt->data)
++ av_log(s, AV_LOG_ERROR, "missmatching sector_count\n");
++ av_free_packet(pkt);
++ if (av_new_packet(pkt, sector_count*VIDEO_DATA_CHUNK_SIZE))
+ return AVERROR(EIO);
+
+ pkt->pos= url_ftell(pb) - RAW_CD_SECTOR_SIZE;
+@@ -295,15 +306,15 @@ static int str_read_packet(AVFormatConte
+ str->pts += (90000 / 15);
+ }
+
+- /* load all the constituent chunks in the video packet */
+- bytes_to_copy = frame_size - current_sector*VIDEO_DATA_CHUNK_SIZE;
+- if (bytes_to_copy>0) {
+- if (bytes_to_copy>VIDEO_DATA_CHUNK_SIZE) bytes_to_copy=VIDEO_DATA_CHUNK_SIZE;
+- memcpy(pkt->data + current_sector*VIDEO_DATA_CHUNK_SIZE,
+- sector + VIDEO_DATA_HEADER_SIZE, bytes_to_copy);
+- }
++ memcpy(pkt->data + current_sector*VIDEO_DATA_CHUNK_SIZE,
++ sector + VIDEO_DATA_HEADER_SIZE,
++ VIDEO_DATA_CHUNK_SIZE);
++
+ if (current_sector == sector_count-1) {
++ pkt->size= frame_size;
+ *ret_pkt = *pkt;
++ pkt->data= NULL;
++ pkt->size= -1;
+ return 0;
+ }
+
diff --git a/multimedia/mplayer-share/patches/patch-aq b/multimedia/mplayer-share/patches/patch-aq
new file mode 100644
index 00000000000..bd6c6e720fe
--- /dev/null
+++ b/multimedia/mplayer-share/patches/patch-aq
@@ -0,0 +1,20 @@
+$NetBSD: patch-aq,v 1.1 2009/02/02 19:20:49 drochner Exp $
+
+--- libavformat/4xm.c.orig 2009-01-29 13:36:59.000000000 +0100
++++ libavformat/4xm.c
+@@ -163,10 +163,13 @@ static int fourxm_read_header(AVFormatCo
+ return AVERROR_INVALIDDATA;
+ }
+ current_track = AV_RL32(&header[i + 8]);
++ if((unsigned)current_track >= UINT_MAX / sizeof(AudioTrack) - 1){
++ av_log(s, AV_LOG_ERROR, "current_track too large\n");
++ av_free(header);
++ return AVERROR_INVALIDDATA;
++ }
+ if (current_track + 1 > fourxm->track_count) {
+ fourxm->track_count = current_track + 1;
+- if((unsigned)fourxm->track_count >= UINT_MAX / sizeof(AudioTrack))
+- return -1;
+ fourxm->tracks = av_realloc(fourxm->tracks,
+ fourxm->track_count * sizeof(AudioTrack));
+ if (!fourxm->tracks) {
diff --git a/multimedia/mplayer/Makefile b/multimedia/mplayer/Makefile
index 2ae94d3e4db..c427328a978 100644
--- a/multimedia/mplayer/Makefile
+++ b/multimedia/mplayer/Makefile
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.65 2008/12/20 00:44:46 jmcneill Exp $
+# $NetBSD: Makefile,v 1.66 2009/02/02 19:20:48 drochner Exp $
PKGNAME= mplayer-${MPLAYER_PKG_VERSION}
-PKGREVISION= 12
+PKGREVISION= 13
COMMENT= Software-only MPEG-1/2/4 video decoder