Bug#512818: Backported patch from upstream

Thadeu Lima de Souza Cascardo cascardo at minaslivre.org
Tue Jan 27 23:54:41 UTC 2009 

tag 512818 +patch
thanks

Backported patch from upstream.

Attached is the NMU diff.
-------------- next part --------------
diff -u gst-plugins-good0.10-0.10.8/debian/changelog gst-plugins-good0.10-0.10.8/debian/changelog
--- gst-plugins-good0.10-0.10.8/debian/changelog
+++ gst-plugins-good0.10-0.10.8/debian/changelog
@@ -1,3 +1,12 @@
+gst-plugins-good0.10 (0.10.8-4.1) unstable; urgency=high
+
+  * NMU
+  * debian/patches/20_Fix_for_security_advisory_TKADV2009-0xx.patch:
+    + Fix SA33650 and TKADV2009-03 (Closes: #512818)
+  * Urgency set to high due to urgency bug
+
+ -- Thadeu Lima de Souza Cascardo <cascardo at minaslivre.org>  Tue, 27 Jan 2009 20:12:10 -0200
+
 gst-plugins-good0.10 (0.10.8-4) unstable; urgency=low
 
   * debian/patches/13_equalizer.patch:
only in patch2:
unchanged:
--- gst-plugins-good0.10-0.10.8.orig/debian/patches/20_Fix_for_security_advisory_TKADV2009-0xx.patch
+++ gst-plugins-good0.10-0.10.8/debian/patches/20_Fix_for_security_advisory_TKADV2009-0xx.patch
@@ -0,0 +1,38 @@
+diff --git a/gst/qtdemux/qtdemux.c b/gst/qtdemux/qtdemux.c
+index 33061f5..bc61e37 100644
+--- a/gst/qtdemux/qtdemux.c
++++ b/gst/qtdemux/qtdemux.c
+@@ -2842,13 +2842,13 @@ qtdemux_parse_samples (GstQTDemux * qtdemux, QtDemuxStream * stream,
+     stream->min_duration = 0;
+     time = 0;
+     index = 0;
+-    for (i = 0; i < n_sample_times; i++) {
++    for (i = 0; (i < n_sample_times) && (index < stream->n_samples); i++) {
+       guint32 n;
+       guint32 duration;
+ 
+       n = QT_UINT32 ((guint8 *) stts->data + 16 + 8 * i);
+       duration = QT_UINT32 ((guint8 *) stts->data + 16 + 8 * i + 4);
+-      for (j = 0; j < n; j++) {
++      for (j = 0; (j < n) && (index < stream->n_samples); j++) {
+         GST_DEBUG_OBJECT (qtdemux, "sample %d: timestamp %" GST_TIME_FORMAT,
+             index, GST_TIME_ARGS (timestamp));
+ 
+@@ -2876,7 +2876,7 @@ qtdemux_parse_samples (GstQTDemux * qtdemux, QtDemuxStream * stream,
+         for (i = 0; i < n_sample_syncs; i++) {
+           /* note that the first sample is index 1, not 0 */
+           index = QT_UINT32 ((guint8 *) stss->data + offset);
+-          if (index > 0) {
++          if (index > 0 && index <= stream->n_samples) {
+             samples[index - 1].keyframe = TRUE;
+             offset += 4;
+           }
+@@ -2975,7 +2975,7 @@ qtdemux_parse_samples (GstQTDemux * qtdemux, QtDemuxStream * stream,
+     for (i = 0, j = 0; (j < stream->n_samples) && (i < n_entries); i++) {
+       count = QT_UINT32 (ctts_data + 16 + i * 8);
+       soffset = QT_UINT32 (ctts_data + 20 + i * 8);
+-      for (k = 0; k < count; k++, j++) {
++      for (k = 0; (k < count) && (j < stream->n_samples); k++, j++) {
+         /* we operate with very small soffset values here, it shouldn't overflow */
+         samples[j].pts_offset = soffset * GST_SECOND / stream->timescale;
+       }
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/pkg-gstreamer-maintainers/attachments/20090127/310fc51d/attachment-0001.pgp

More information about the Pkg-gstreamer-maintainers mailing list