1
#! /bin/sh /usr/share/dpatch/dpatch-run
2
## 04_SECURITY_cdda_server_overflow.dpatch by Marc Deslauriers <marc.deslauriers@ubuntu.com>
4
## All lines beginning with `## DP:' are a description of the patch.
5
## DP: Description: fix integer overflow in the CDDA server.
6
## DP: Patch: http://hg.debian.org/hg/xine-lib/xine-lib?cmd=changeset;node=30eb014e9b320035de309ee442ebbff6d405987b;style=gitweb
9
diff -urNad xine-lib-1.1.15~/misc/cdda_server.c xine-lib-1.1.15/misc/cdda_server.c
10
--- xine-lib-1.1.15~/misc/cdda_server.c 2008-04-28 09:30:54.000000000 -0400
11
+++ xine-lib-1.1.15/misc/cdda_server.c 2009-01-15 09:49:54.000000000 -0500
14
sscanf(cmd,"%*s %d %d", &start_frame, &num_frames);
16
+ if (num_frames > INT_MAX / CD_RAW_FRAME_SIZE)
18
+ printf ("fatal error: integer overflow\n");
22
n = num_frames * CD_RAW_FRAME_SIZE;
28
sscanf(cmd,"%*s %d %d", &blocks, &flags);
29
+ if (blocks > INT_MAX / DVD_BLOCK_SIZE)
31
+ printf ("fatal error: integer overflow\n");
35
n = blocks * DVD_BLOCK_SIZE;