1
#! /bin/sh /usr/share/dpatch/dpatch-run
2
## 03_SECURITY_ffmpeg_audio_overflow.dpatch by Marc Deslauriers <marc.deslauriers@ubuntu.com>
4
## All lines beginning with `## DP:' are a description of the patch.
5
## DP: Description: fix integer overflow in the ffmpeg audio decoder
6
## DP: Patch: http://hg.debian.org/hg/xine-lib/xine-lib?cmd=changeset;node=0779a86cae2827b3325177b792b0fe1dc5b5706d;style=gitweb
9
diff -urNad xine-lib-1.1.15~/src/combined/ffmpeg/ff_audio_decoder.c xine-lib-1.1.15/src/combined/ffmpeg/ff_audio_decoder.c
10
--- xine-lib-1.1.15~/src/combined/ffmpeg/ff_audio_decoder.c 2008-07-15 19:13:03.000000000 -0400
11
+++ xine-lib-1.1.15/src/combined/ffmpeg/ff_audio_decoder.c 2009-01-15 09:48:39.000000000 -0500
14
if (extradata + data_len > this->size)
15
break; /* abort early - extradata length is bad */
16
+ if (extradata > INT_MAX - data_len)
17
+ break;/*integer overflow*/
19
this->context->extradata_size = data_len;
20
this->context->extradata = malloc(this->context->extradata_size +