summaryrefslogtreecommitdiff
path: root/multimedia/mplayer-share/patches/patch-ca
diff options
context:
space:
mode:
Diffstat (limited to 'multimedia/mplayer-share/patches/patch-ca')
-rw-r--r--multimedia/mplayer-share/patches/patch-ca61
1 files changed, 0 insertions, 61 deletions
diff --git a/multimedia/mplayer-share/patches/patch-ca b/multimedia/mplayer-share/patches/patch-ca
deleted file mode 100644
index 9822526a14d..00000000000
--- a/multimedia/mplayer-share/patches/patch-ca
+++ /dev/null
@@ -1,61 +0,0 @@
-$NetBSD: patch-ca,v 1.1 2008/12/15 15:37:58 tron Exp $
-
-Security fix for vulnerability reported in TKADV2008-014 taken from:
-
-http://svn.mplayerhq.hu/mplayer/branches/1.0rc2/libmpdemux/demux_vqf.c?view=patch&r1=24723&r2=28150&pathrev=28150
-
---- libmpdemux/demux_vqf.c.orig 2007-10-07 20:49:33.000000000 +0100
-+++ libmpdemux/demux_vqf.c 2008-12-15 14:29:58.000000000 +0000
-@@ -50,11 +50,14 @@
- unsigned chunk_size;
- hi->size=chunk_size=stream_read_dword(s); /* include itself */
- stream_read(s,chunk_id,4);
-+ if (chunk_size < 8) return NULL;
-+ chunk_size -= 8;
- if(*((uint32_t *)&chunk_id[0])==mmioFOURCC('C','O','M','M'))
- {
-- char buf[chunk_size-8];
-+ char buf[BUFSIZ];
- unsigned i,subchunk_size;
-- if(stream_read(s,buf,chunk_size-8)!=chunk_size-8) return NULL;
-+ if (chunk_size > sizeof(buf) || chunk_size < 20) return NULL;
-+ if(stream_read(s,buf,chunk_size)!=chunk_size) return NULL;
- i=0;
- subchunk_size=be2me_32(*((uint32_t *)&buf[0]));
- hi->channelMode=be2me_32(*((uint32_t *)&buf[4]));
-@@ -83,13 +86,15 @@
- sh_audio->samplesize = 4;
- w->wBitsPerSample = 8*sh_audio->samplesize;
- w->cbSize = 0;
-+ if (subchunk_size > chunk_size - 4) continue;
- i+=subchunk_size+4;
-- while(i<chunk_size-8)
-+ while(i + 8 < chunk_size)
- {
- unsigned slen,sid;
-- char sdata[chunk_size];
-+ char sdata[BUFSIZ];
- sid=*((uint32_t *)&buf[i]); i+=4;
- slen=be2me_32(*((uint32_t *)&buf[i])); i+=4;
-+ if (slen > sizeof(sdata) - 1 || slen > chunk_size - i) break;
- if(sid==mmioFOURCC('D','S','I','Z'))
- {
- hi->Dsiz=be2me_32(*((uint32_t *)&buf[i]));
-@@ -141,7 +146,7 @@
- if(*((uint32_t *)&chunk_id[0])==mmioFOURCC('D','A','T','A'))
- {
- demuxer->movi_start=stream_tell(s);
-- demuxer->movi_end=demuxer->movi_start+chunk_size-8;
-+ demuxer->movi_end=demuxer->movi_start+chunk_size;
- mp_msg(MSGT_DEMUX, MSGL_V, "Found data at %"PRIX64" size %"PRIu64"\n",demuxer->movi_start,demuxer->movi_end);
- /* Done! play it */
- break;
-@@ -149,7 +154,7 @@
- else
- {
- mp_msg(MSGT_DEMUX, MSGL_V, "Unhandled chunk '%c%c%c%c' %u bytes\n",((char *)&chunk_id)[0],((char *)&chunk_id)[1],((char *)&chunk_id)[2],((char *)&chunk_id)[3],chunk_size);
-- stream_skip(s,chunk_size-8); /*unknown chunk type */
-+ stream_skip(s,chunk_size); /*unknown chunk type */
- }
- }
-
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-06 22:43:54 +0000