[SCM] vlc/squeeze: Fix MKV improper input validation
xtophe-guest at users.alioth.debian.org
xtophe-guest at users.alioth.debian.org
Thu Feb 3 00:27:19 UTC 2011
The following commit has been merged in the squeeze branch:
commit 5430e22204b2f4cede874dcad037587954a7b0b0
Author: Christophe Mutricy <xtophe at chewa.net>
Date: Wed Feb 2 22:35:20 2011 +0000
Fix MKV improper input validation
VideoLAN-SA-1102
Patch taken from upstream
Thanks: Steve Lhomme
diff --git a/debian/patches/mkv-input-validation.diff b/debian/patches/mkv-input-validation.diff
new file mode 100644
index 0000000..019dba3
--- /dev/null
+++ b/debian/patches/mkv-input-validation.diff
@@ -0,0 +1,17 @@
+Subject: the ID could be OK but the class mismatching
+Author: Steve Lhomme <slhomme at matroska.org>
+Origin: upstream, http://git.videolan.org/gitweb.cgi?p=vlc/vlc-1.1.git;a=commit;h=3101bb7ac8abf56080d943806d666a385c3e9e33
+
+diff --git a/modules/demux/mkv/mkv.hpp b/modules/demux/mkv/mkv.hpp
+index 1461d4a..8e3ec9b 100644
+--- a/modules/demux/mkv/mkv.hpp
++++ b/modules/demux/mkv/mkv.hpp
+@@ -119,7 +119,7 @@ extern "C" {
+
+ #define MKVD_TIMECODESCALE 1000000
+
+-#define MKV_IS_ID( el, C ) ( EbmlId( (*el) ) == C::ClassInfos.GlobalId )
++#define MKV_IS_ID( el, C ) ( el != NULL && typeid( *el ) == typeid( C ) )
+
+
+ using namespace LIBMATROSKA_NAMESPACE;
diff --git a/debian/patches/series b/debian/patches/series
index 5213288..8b791ca 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -6,3 +6,4 @@
CVE-2010-3907.diff
cdg-heap-overflow.diff
xml-heap-corruption.diff
+mkv-input-validation.diff
--
VLC media player packaging
More information about the pkg-multimedia-commits
mailing list