r1562 - in /unstable/ffmpeg-debian/debian: changelog patches/050_CVE-2008-4866-2.patch patches/050_CVE-2008-4866.patch patches/series

siretart at users.alioth.debian.org siretart at users.alioth.debian.org
Mon Nov 10 16:14:58 UTC 2008 

Author: siretart
Date: Mon Nov 10 16:14:57 2008
New Revision: 1562

URL: http://svn.debian.org/wsvn/pkg-multimedia/?sc=1&rev=1562
Log:
import upstream patches for CVE-2008-4866

Added:
    unstable/ffmpeg-debian/debian/patches/050_CVE-2008-4866-2.patch
    unstable/ffmpeg-debian/debian/patches/050_CVE-2008-4866.patch
Modified:
    unstable/ffmpeg-debian/debian/changelog
    unstable/ffmpeg-debian/debian/patches/series

Modified: unstable/ffmpeg-debian/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-multimedia/unstable/ffmpeg-debian/debian/changelog?rev=1562&op=diff
==============================================================================
--- unstable/ffmpeg-debian/debian/changelog (original)
+++ unstable/ffmpeg-debian/debian/changelog Mon Nov 10 16:14:57 2008
@@ -1,3 +1,10 @@
+ffmpeg-debian (0.svn20080206-15) unstable; urgency=low
+
+  * Security fix: Multiple buffer overflows in libavformat/utils.c. 
+    CVE-2008-4866, closes #504977.
+
+ -- Reinhard Tartler <siretart at tauware.de>  Mon, 10 Nov 2008 17:13:25 +0100
+
 ffmpeg-debian (0.svn20080206-14) unstable; urgency=low
 
   [ Loic Minier ]

Added: unstable/ffmpeg-debian/debian/patches/050_CVE-2008-4866-2.patch
URL: http://svn.debian.org/wsvn/pkg-multimedia/unstable/ffmpeg-debian/debian/patches/050_CVE-2008-4866-2.patch?rev=1562&op=file
==============================================================================
--- unstable/ffmpeg-debian/debian/patches/050_CVE-2008-4866-2.patch (added)
+++ unstable/ffmpeg-debian/debian/patches/050_CVE-2008-4866-2.patch Mon Nov 10 16:14:57 2008
@@ -1,0 +1,30 @@
+From: bcoudurier <bcoudurier at 9553f0bf-9b14-0410-a0b8-cfaf0461ba5b>
+Date: Tue, 12 Aug 2008 17:28:00 +0000 (+0000)
+Subject: increase MAX_REORDER_DELAY and pts_buffer size to 16, max for h264 atm
+X-Git-Url: http://git.mplayerhq.hu/?p=ffmpeg;a=commitdiff_plain;h=6d72f36df6550aaefa047ad466fca9979b770ab2
+
+increase MAX_REORDER_DELAY and pts_buffer size to 16, max for h264 atm
+
+git-svn-id: file:///var/local/repositories/ffmpeg/trunk@14715 9553f0bf-9b14-0410-a0b8-cfaf0461ba5b
+
+adapted by siretart to actually apply
+---
+
+--- a/libavformat/avformat.h
++++ b/libavformat/avformat.h
+@@ -345,10 +345,13 @@ typedef struct AVStream {
+ 
+     int64_t nb_frames;                 ///< number of frames in this stream if known or 0
+ 
+-#define MAX_REORDER_DELAY 4
+-    int64_t pts_buffer[MAX_REORDER_DELAY+1];
++#if LIBAVFORMAT_VERSION_INT < (53<<16)
++    int64_t unused[4+1];
++#endif
+ 
+     char *filename; /**< source filename of the stream */
++#define MAX_REORDER_DELAY 16
++    int64_t pts_buffer[MAX_REORDER_DELAY+1];
+ } AVStream;
+ 
+ #define AV_PROGRAM_RUNNING 1

Added: unstable/ffmpeg-debian/debian/patches/050_CVE-2008-4866.patch
URL: http://svn.debian.org/wsvn/pkg-multimedia/unstable/ffmpeg-debian/debian/patches/050_CVE-2008-4866.patch?rev=1562&op=file
==============================================================================
--- unstable/ffmpeg-debian/debian/patches/050_CVE-2008-4866.patch (added)
+++ unstable/ffmpeg-debian/debian/patches/050_CVE-2008-4866.patch Mon Nov 10 16:14:57 2008
@@ -1,0 +1,34 @@
+From: bcoudurier <bcoudurier at 9553f0bf-9b14-0410-a0b8-cfaf0461ba5b>
+Date: Tue, 12 Aug 2008 17:26:36 +0000 (+0000)
+Subject: Prevent dts generation code to be executed when delay is > MAX_REORDER_DELAY,
+X-Git-Url: http://git.mplayerhq.hu/?p=ffmpeg;a=commitdiff_plain;h=9ea55926ccc0496af15a927d15da7a579ea4c4de
+
+Prevent dts generation code to be executed when delay is > MAX_REORDER_DELAY,
+this fixes overflow in AVStream->pts_buffer.
+
+
+git-svn-id: file:///var/local/repositories/ffmpeg/trunk@14714 9553f0bf-9b14-0410-a0b8-cfaf0461ba5b
+---
+
+diff --git a/libavformat/utils.c b/libavformat/utils.c
+index 0ed4798..723427a 100644
+--- a/libavformat/utils.c
++++ b/libavformat/utils.c
+@@ -895,7 +895,7 @@ static void compute_pkt_fields(AVFormatContext *s, AVStream *st,
+         }
+     }
+ 
+-    if(pkt->pts != AV_NOPTS_VALUE){
++    if(pkt->pts != AV_NOPTS_VALUE && delay <= MAX_REORDER_DELAY){
+         st->pts_buffer[0]= pkt->pts;
+         for(i=1; i<delay+1 && st->pts_buffer[i] == AV_NOPTS_VALUE; i++)
+             st->pts_buffer[i]= (i-delay-1) * pkt->duration;
+@@ -2524,7 +2524,7 @@ static int compute_pkt_fields2(AVStream *st, AVPacket *pkt){
+     }
+ 
+     //calculate dts from pts
+-    if(pkt->pts != AV_NOPTS_VALUE && pkt->dts == AV_NOPTS_VALUE){
++    if(pkt->pts != AV_NOPTS_VALUE && pkt->dts == AV_NOPTS_VALUE && delay <= MAX_REORDER_DELAY){
+         st->pts_buffer[0]= pkt->pts;
+         for(i=1; i<delay+1 && st->pts_buffer[i] == AV_NOPTS_VALUE; i++)
+             st->pts_buffer[i]= (i-delay-1) * pkt->duration;

Modified: unstable/ffmpeg-debian/debian/patches/series
URL: http://svn.debian.org/wsvn/pkg-multimedia/unstable/ffmpeg-debian/debian/patches/series?rev=1562&op=diff
==============================================================================
--- unstable/ffmpeg-debian/debian/patches/series (original)
+++ unstable/ffmpeg-debian/debian/patches/series Mon Nov 10 16:14:57 2008
@@ -7,5 +7,7 @@
 015_reenable-img_convert.diff
 020_fix_libswscale_pic_code
 020_bug489965_bufferoverflow_str_demuxer.diff
+050_CVE-2008-4866.patch
+050_CVE-2008-4866-2.patch
 300_c++_compliant_headers.diff
 900_doxyfile

More information about the pkg-multimedia-commits mailing list