diff options
Diffstat (limited to 'meta-multimedia/recipes-multimedia/gstreamer-0.10/gst-ffmpeg-0.10.13/gst-ffmpeg-fix-CVE-2014-9603.patch')
| -rw-r--r-- | meta-multimedia/recipes-multimedia/gstreamer-0.10/gst-ffmpeg-0.10.13/gst-ffmpeg-fix-CVE-2014-9603.patch | 41 |
1 files changed, 41 insertions, 0 deletions
diff --git a/meta-multimedia/recipes-multimedia/gstreamer-0.10/gst-ffmpeg-0.10.13/gst-ffmpeg-fix-CVE-2014-9603.patch b/meta-multimedia/recipes-multimedia/gstreamer-0.10/gst-ffmpeg-0.10.13/gst-ffmpeg-fix-CVE-2014-9603.patch new file mode 100644 index 0000000000..5dda4cca28 --- /dev/null +++ b/meta-multimedia/recipes-multimedia/gstreamer-0.10/gst-ffmpeg-0.10.13/gst-ffmpeg-fix-CVE-2014-9603.patch @@ -0,0 +1,41 @@ +From dc68faf8339a885bc55fabe5b01f1de4f8f3782c Mon Sep 17 00:00:00 2001 +From: Kai Kang <kai.kang@windriver.com> +Date: Wed, 13 May 2015 16:30:53 +0800 +Subject: [PATCH 1/2] gst-ffmpeg: fix CVE-2014-9603 + +Upstream-Status: Backport + +Upstream is version 2.x and vmdav.c is splitted into 2 files vmdaudio.c +and vmdvideo.c. Becuase source code changes, just partly backport commit which +is applicable to version 0.10.13 to fix CVE-2014-9603. + +http://git.videolan.org/?p=ffmpeg.git;a=commit;h=3030fb7e0d41836f8add6399e9a7c7b740b48bfd + +Signed-off-by: Kai Kang <kai.kang@windriver.com> +--- + gst-libs/ext/libav/libavcodec/vmdav.c | 7 +++++-- + 1 file changed, 5 insertions(+), 2 deletions(-) + +diff --git a/gst-libs/ext/libav/libavcodec/vmdav.c b/gst-libs/ext/libav/libavcodec/vmdav.c +index d258252..ba88ad8 100644 +--- a/gst-libs/ext/libav/libavcodec/vmdav.c ++++ b/gst-libs/ext/libav/libavcodec/vmdav.c +@@ -294,10 +294,13 @@ static void vmd_decode(VmdVideoContext *s) + len = *pb++; + if (len & 0x80) { + len = (len & 0x7F) + 1; +- if (*pb++ == 0xFF) ++ if (*pb++ == 0xFF) { + len = rle_unpack(pb, &dp[ofs], len, frame_width - ofs); +- else ++ } else { ++ if (ofs + len > frame_width) ++ return; + memcpy(&dp[ofs], pb, len); ++ } + pb += len; + ofs += len; + } else { +-- +1.9.1 + |