[SCM] vlc/lucid: Fix realloc() integer overflow
bdrung at users.alioth.debian.org
bdrung at users.alioth.debian.org
Sat Jun 11 19:38:46 UTC 2011
The following commit has been merged in the lucid branch:
commit 1bbd69eaee27f3cfebebde3387634bd24d4caa86
Author: Benjamin Drung <bdrung at debian.org>
Date: Sat Jun 11 21:25:04 2011 +0200
Fix realloc() integer overflow
diff --git a/debian/patches/fix-xspf-integer-overflow.patch b/debian/patches/fix-xspf-integer-overflow.patch
new file mode 100644
index 0000000..e40edbc
--- /dev/null
+++ b/debian/patches/fix-xspf-integer-overflow.patch
@@ -0,0 +1,16 @@
+From: Rémi Denis-Courmont <remi at remlab.net>
+Subject: XSPF: fix realloc() integer overflow
+Origin: upstream, http://git.videolan.org/?p=vlc/vlc-1.1.git;a=commit;h=74d34b63fdda947c4e92f19e43cac0c51aabc4d7
+
+--- a/modules/demux/playlist/xspf.c
++++ b/modules/demux/playlist/xspf.c
+@@ -504,7 +504,8 @@
+ }
+ free( psz_uri );
+
+- if( p_sys->i_track_id < 0 )
++ if( p_sys->i_track_id < 0
++ || p_sys->i_track_id >= (SIZE_MAX / sizeof(p_new_input)) )
+ {
+ input_item_node_AppendNode( p_input_node, p_new_node );
+ vlc_gc_decref( p_new_input );
diff --git a/debian/patches/series b/debian/patches/series
index b2b6129..d1b5d19 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -22,3 +22,4 @@ xml-heap-corruption.diff
mkv-input-validation.diff
CVE-2010-327x.patch
CVE-2011-1684.patch
+fix-xspf-integer-overflow.patch
--
VLC media player packaging
More information about the pkg-multimedia-commits
mailing list