[SCM] vlc/lucid: Fix MKV improper input validation
bdrung at users.alioth.debian.org
bdrung at users.alioth.debian.org
Wed Feb 9 23:11:06 UTC 2011
The following commit has been merged in the lucid branch:
commit 9ca4045f13ce2600e723ec18a5d71f6187dc688c
Author: Christophe Mutricy <xtophe at chewa.net>
Date: Wed Feb 2 22:35:20 2011 +0000
Fix MKV improper input validation
VideoLAN-SA-1102
Patch taken from upstream
Thanks: Steve Lhomme
diff --git a/debian/patches/mkv-input-validation.diff b/debian/patches/mkv-input-validation.diff
new file mode 100644
index 0000000..019dba3
--- /dev/null
+++ b/debian/patches/mkv-input-validation.diff
@@ -0,0 +1,17 @@
+Subject: the ID could be OK but the class mismatching
+Author: Steve Lhomme <slhomme at matroska.org>
+Origin: upstream, http://git.videolan.org/gitweb.cgi?p=vlc/vlc-1.1.git;a=commit;h=3101bb7ac8abf56080d943806d666a385c3e9e33
+
+diff --git a/modules/demux/mkv/mkv.hpp b/modules/demux/mkv/mkv.hpp
+index 1461d4a..8e3ec9b 100644
+--- a/modules/demux/mkv/mkv.hpp
++++ b/modules/demux/mkv/mkv.hpp
+@@ -119,7 +119,7 @@ extern "C" {
+
+ #define MKVD_TIMECODESCALE 1000000
+
+-#define MKV_IS_ID( el, C ) ( EbmlId( (*el) ) == C::ClassInfos.GlobalId )
++#define MKV_IS_ID( el, C ) ( el != NULL && typeid( *el ) == typeid( C ) )
+
+
+ using namespace LIBMATROSKA_NAMESPACE;
diff --git a/debian/patches/series b/debian/patches/series
index 09d44c1..3b7437f 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -19,3 +19,4 @@ CVE-2010-2937.patch
CVE-2010-3907.diff
cdg-heap-overflow.diff
xml-heap-corruption.diff
+mkv-input-validation.diff
--
VLC media player packaging
More information about the pkg-multimedia-commits
mailing list