avs
/
avs_mtk_voice
1
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity
avs_mtk_voice/meta/meta-openembedded/meta-multimedia/recipes-multimedia/gstreamer-0.10/gst-ffmpeg-0.10.13/gst-ffmpeg-fix-CVE-2014-960...

42 lines
1.6 KiB
Diff
Raw Blame History

From dc68faf8339a885bc55fabe5b01f1de4f8f3782c Mon Sep 17 00:00:00 2001
From: Kai Kang <kai.kang@windriver.com>
Date: Wed, 13 May 2015 16:30:53 +0800
Subject: [PATCH 1/2] gst-ffmpeg: fix CVE-2014-9603
Upstream-Status: Backport
Upstream is version 2.x and vmdav.c is splitted into 2 files vmdaudio.c
and vmdvideo.c. Becuase source code changes, just partly backport commit which
is applicable to version 0.10.13 to fix CVE-2014-9603.
http://git.videolan.org/?p=ffmpeg.git;a=commit;h=3030fb7e0d41836f8add6399e9a7c7b740b48bfd
Signed-off-by: Kai Kang <kai.kang@windriver.com>
---
gst-libs/ext/libav/libavcodec/vmdav.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/gst-libs/ext/libav/libavcodec/vmdav.c b/gst-libs/ext/libav/libavcodec/vmdav.c
index d258252..ba88ad8 100644
--- a/gst-libs/ext/libav/libavcodec/vmdav.c
+++ b/gst-libs/ext/libav/libavcodec/vmdav.c
@@ -294,10 +294,13 @@ static void vmd_decode(VmdVideoContext *s)
len = *pb++;
if (len & 0x80) {
len = (len & 0x7F) + 1;
- if (*pb++ == 0xFF)
+ if (*pb++ == 0xFF) {
len = rle_unpack(pb, &dp[ofs], len, frame_width - ofs);
- else
+ } else {
+ if (ofs + len > frame_width)
+ return;
memcpy(&dp[ofs], pb, len);
+ }
pb += len;
ofs += len;
} else {
--
1.9.1
Reference in New Issue View Git Blame Copy Permalink