r1562 - in /unstable/ffmpeg-debian/debian: changelog patches/050_CVE-2008-4866-2.patch patches/050_CVE-2008-4866.patch patches/series
siretart at users.alioth.debian.org
siretart at users.alioth.debian.org
Mon Nov 10 16:14:58 UTC 2008
Author: siretart
Date: Mon Nov 10 16:14:57 2008
New Revision: 1562
URL: http://svn.debian.org/wsvn/pkg-multimedia/?sc=1&rev=1562
Log:
import upstream patches for CVE-2008-4866
Added:
unstable/ffmpeg-debian/debian/patches/050_CVE-2008-4866-2.patch
unstable/ffmpeg-debian/debian/patches/050_CVE-2008-4866.patch
Modified:
unstable/ffmpeg-debian/debian/changelog
unstable/ffmpeg-debian/debian/patches/series
Modified: unstable/ffmpeg-debian/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-multimedia/unstable/ffmpeg-debian/debian/changelog?rev=1562&op=diff
==============================================================================
--- unstable/ffmpeg-debian/debian/changelog (original)
+++ unstable/ffmpeg-debian/debian/changelog Mon Nov 10 16:14:57 2008
@@ -1,3 +1,10 @@
+ffmpeg-debian (0.svn20080206-15) unstable; urgency=low
+
+ * Security fix: Multiple buffer overflows in libavformat/utils.c.
+ CVE-2008-4866, closes #504977.
+
+ -- Reinhard Tartler <siretart at tauware.de> Mon, 10 Nov 2008 17:13:25 +0100
+
ffmpeg-debian (0.svn20080206-14) unstable; urgency=low
[ Loic Minier ]
Added: unstable/ffmpeg-debian/debian/patches/050_CVE-2008-4866-2.patch
URL: http://svn.debian.org/wsvn/pkg-multimedia/unstable/ffmpeg-debian/debian/patches/050_CVE-2008-4866-2.patch?rev=1562&op=file
==============================================================================
--- unstable/ffmpeg-debian/debian/patches/050_CVE-2008-4866-2.patch (added)
+++ unstable/ffmpeg-debian/debian/patches/050_CVE-2008-4866-2.patch Mon Nov 10 16:14:57 2008
@@ -1,0 +1,30 @@
+From: bcoudurier <bcoudurier at 9553f0bf-9b14-0410-a0b8-cfaf0461ba5b>
+Date: Tue, 12 Aug 2008 17:28:00 +0000 (+0000)
+Subject: increase MAX_REORDER_DELAY and pts_buffer size to 16, max for h264 atm
+X-Git-Url: http://git.mplayerhq.hu/?p=ffmpeg;a=commitdiff_plain;h=6d72f36df6550aaefa047ad466fca9979b770ab2
+
+increase MAX_REORDER_DELAY and pts_buffer size to 16, max for h264 atm
+
+git-svn-id: file:///var/local/repositories/ffmpeg/trunk@14715 9553f0bf-9b14-0410-a0b8-cfaf0461ba5b
+
+adapted by siretart to actually apply
+---
+
+--- a/libavformat/avformat.h
++++ b/libavformat/avformat.h
+@@ -345,10 +345,13 @@ typedef struct AVStream {
+
+ int64_t nb_frames; ///< number of frames in this stream if known or 0
+
+-#define MAX_REORDER_DELAY 4
+- int64_t pts_buffer[MAX_REORDER_DELAY+1];
++#if LIBAVFORMAT_VERSION_INT < (53<<16)
++ int64_t unused[4+1];
++#endif
+
+ char *filename; /**< source filename of the stream */
++#define MAX_REORDER_DELAY 16
++ int64_t pts_buffer[MAX_REORDER_DELAY+1];
+ } AVStream;
+
+ #define AV_PROGRAM_RUNNING 1
Added: unstable/ffmpeg-debian/debian/patches/050_CVE-2008-4866.patch
URL: http://svn.debian.org/wsvn/pkg-multimedia/unstable/ffmpeg-debian/debian/patches/050_CVE-2008-4866.patch?rev=1562&op=file
==============================================================================
--- unstable/ffmpeg-debian/debian/patches/050_CVE-2008-4866.patch (added)
+++ unstable/ffmpeg-debian/debian/patches/050_CVE-2008-4866.patch Mon Nov 10 16:14:57 2008
@@ -1,0 +1,34 @@
+From: bcoudurier <bcoudurier at 9553f0bf-9b14-0410-a0b8-cfaf0461ba5b>
+Date: Tue, 12 Aug 2008 17:26:36 +0000 (+0000)
+Subject: Prevent dts generation code to be executed when delay is > MAX_REORDER_DELAY,
+X-Git-Url: http://git.mplayerhq.hu/?p=ffmpeg;a=commitdiff_plain;h=9ea55926ccc0496af15a927d15da7a579ea4c4de
+
+Prevent dts generation code to be executed when delay is > MAX_REORDER_DELAY,
+this fixes overflow in AVStream->pts_buffer.
+
+
+git-svn-id: file:///var/local/repositories/ffmpeg/trunk@14714 9553f0bf-9b14-0410-a0b8-cfaf0461ba5b
+---
+
+diff --git a/libavformat/utils.c b/libavformat/utils.c
+index 0ed4798..723427a 100644
+--- a/libavformat/utils.c
++++ b/libavformat/utils.c
+@@ -895,7 +895,7 @@ static void compute_pkt_fields(AVFormatContext *s, AVStream *st,
+ }
+ }
+
+- if(pkt->pts != AV_NOPTS_VALUE){
++ if(pkt->pts != AV_NOPTS_VALUE && delay <= MAX_REORDER_DELAY){
+ st->pts_buffer[0]= pkt->pts;
+ for(i=1; i<delay+1 && st->pts_buffer[i] == AV_NOPTS_VALUE; i++)
+ st->pts_buffer[i]= (i-delay-1) * pkt->duration;
+@@ -2524,7 +2524,7 @@ static int compute_pkt_fields2(AVStream *st, AVPacket *pkt){
+ }
+
+ //calculate dts from pts
+- if(pkt->pts != AV_NOPTS_VALUE && pkt->dts == AV_NOPTS_VALUE){
++ if(pkt->pts != AV_NOPTS_VALUE && pkt->dts == AV_NOPTS_VALUE && delay <= MAX_REORDER_DELAY){
+ st->pts_buffer[0]= pkt->pts;
+ for(i=1; i<delay+1 && st->pts_buffer[i] == AV_NOPTS_VALUE; i++)
+ st->pts_buffer[i]= (i-delay-1) * pkt->duration;
Modified: unstable/ffmpeg-debian/debian/patches/series
URL: http://svn.debian.org/wsvn/pkg-multimedia/unstable/ffmpeg-debian/debian/patches/series?rev=1562&op=diff
==============================================================================
--- unstable/ffmpeg-debian/debian/patches/series (original)
+++ unstable/ffmpeg-debian/debian/patches/series Mon Nov 10 16:14:57 2008
@@ -7,5 +7,7 @@
015_reenable-img_convert.diff
020_fix_libswscale_pic_code
020_bug489965_bufferoverflow_str_demuxer.diff
+050_CVE-2008-4866.patch
+050_CVE-2008-4866-2.patch
300_c++_compliant_headers.diff
900_doxyfile
More information about the pkg-multimedia-commits
mailing list