summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--graphics/gst-plugins0.10-png/Makefile4
-rw-r--r--multimedia/gst-plugins0.10-good/distinfo3
-rw-r--r--multimedia/gst-plugins0.10-good/patches/patch-ad52
3 files changed, 57 insertions, 2 deletions
diff --git a/graphics/gst-plugins0.10-png/Makefile b/graphics/gst-plugins0.10-png/Makefile
index c05ba0b580a..18e15ee6db6 100644
--- a/graphics/gst-plugins0.10-png/Makefile
+++ b/graphics/gst-plugins0.10-png/Makefile
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.2 2008/06/20 01:09:22 joerg Exp $
+# $NetBSD: Makefile,v 1.3 2009/06/05 10:48:38 drochner Exp $
#
GST_PLUGINS0.10_NAME= png
@@ -9,5 +9,7 @@ PKG_DESTDIR_SUPPORT= user-destdir
.include "../../multimedia/gst-plugins0.10-good/Makefile.common"
+PKGREVISION= 1
+
.include "../../graphics/png/buildlink3.mk"
.include "../../mk/bsd.pkg.mk"
diff --git a/multimedia/gst-plugins0.10-good/distinfo b/multimedia/gst-plugins0.10-good/distinfo
index 595b583de43..664fa546ed5 100644
--- a/multimedia/gst-plugins0.10-good/distinfo
+++ b/multimedia/gst-plugins0.10-good/distinfo
@@ -1,8 +1,9 @@
-$NetBSD: distinfo,v 1.20 2009/05/25 15:50:12 drochner Exp $
+$NetBSD: distinfo,v 1.21 2009/06/05 10:48:37 drochner Exp $
SHA1 (gst-plugins-good-0.10.15.tar.bz2) = b37611f5b4e28c19159ed3f71aeaf7dfff513174
RMD160 (gst-plugins-good-0.10.15.tar.bz2) = 6caa4c4f93285f03c15c23ac0ae5d390c20bfd07
Size (gst-plugins-good-0.10.15.tar.bz2) = 2354906 bytes
SHA1 (patch-ab) = ab70993a71c4b288c21e72847186011c33bd0fb1
SHA1 (patch-ac) = 8867119011dc8cca89cc3a35fb3f095212887bf7
+SHA1 (patch-ad) = af76828f5ee9ae7b41fd66da8703fbede3d464c1
SHA1 (patch-ba) = e296bbcfc606967b71765988ae1c3ffe96b9359a
diff --git a/multimedia/gst-plugins0.10-good/patches/patch-ad b/multimedia/gst-plugins0.10-good/patches/patch-ad
new file mode 100644
index 00000000000..461d933fc9b
--- /dev/null
+++ b/multimedia/gst-plugins0.10-good/patches/patch-ad
@@ -0,0 +1,52 @@
+$NetBSD: patch-ad,v 1.5 2009/06/05 10:48:38 drochner Exp $
+
+--- ext/libpng/gstpngdec.c.orig 2009-05-12 02:00:06.000000000 +0200
++++ ext/libpng/gstpngdec.c
+@@ -201,7 +201,14 @@ user_info_callback (png_structp png_ptr,
+
+ /* Allocate output buffer */
+ pngdec->rowbytes = png_get_rowbytes (pngdec->png, pngdec->info);
+- buffer_size = pngdec->height * GST_ROUND_UP_4 (pngdec->rowbytes);
++ if (pngdec->rowbytes > (G_MAXUINT32 - 3)
++ || pngdec->height > G_MAXUINT32 / pngdec->rowbytes) {
++ ret = GST_FLOW_ERROR;
++ goto beach;
++ }
++ pngdec->rowbytes = GST_ROUND_UP_4 (pngdec->rowbytes);
++ buffer_size = pngdec->height * pngdec->rowbytes;
++
+ ret =
+ gst_pad_alloc_buffer_and_set_caps (pngdec->srcpad, GST_BUFFER_OFFSET_NONE,
+ buffer_size, GST_PAD_CAPS (pngdec->srcpad), &buffer);
+@@ -228,7 +235,7 @@ user_endrow_callback (png_structp png_pt
+ /* If buffer_out doesn't exist, it means buffer_alloc failed, which
+ * will already have set the return code */
+ if (GST_IS_BUFFER (pngdec->buffer_out)) {
+- size_t offset = row_num * GST_ROUND_UP_4 (pngdec->rowbytes);
++ size_t offset = row_num * pngdec->rowbytes;
+
+ GST_LOG ("got row %u, copying in buffer %p at offset %" G_GSIZE_FORMAT,
+ (guint) row_num, pngdec->buffer_out, offset);
+@@ -496,7 +503,12 @@ gst_pngdec_task (GstPad * pad)
+
+ /* Allocate output buffer */
+ rowbytes = png_get_rowbytes (pngdec->png, pngdec->info);
+- buffer_size = pngdec->height * GST_ROUND_UP_4 (rowbytes);
++ if (rowbytes > (G_MAXUINT32 - 3) || pngdec->height > G_MAXUINT32 / rowbytes) {
++ ret = GST_FLOW_ERROR;
++ goto pause;
++ }
++ rowbytes = GST_ROUND_UP_4 (rowbytes);
++ buffer_size = pngdec->height * rowbytes;
+ ret =
+ gst_pad_alloc_buffer_and_set_caps (pngdec->srcpad, GST_BUFFER_OFFSET_NONE,
+ buffer_size, GST_PAD_CAPS (pngdec->srcpad), &buffer);
+@@ -509,7 +521,7 @@ gst_pngdec_task (GstPad * pad)
+
+ for (i = 0; i < pngdec->height; i++) {
+ rows[i] = inp;
+- inp += GST_ROUND_UP_4 (rowbytes);
++ inp += rowbytes;
+ }
+
+ /* Read the actual picture */
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-29 02:22:37 +0000