~ubuntu-branches/ubuntu/intrepid/xine-lib/intrepid-updates

« back to all changes in this revision

Viewing changes to debian/patches/04_SECURITY_cdda_server_overflow.dpatch

  • Committer: Bazaar Package Importer
  • Author(s): Marc Deslauriers
  • Date: 2009-01-21 08:32:25 UTC
  • Revision ID: james.westby@ubuntu.com-20090121083225-gca4jd9ig6r7qv2b
Tags: 1.1.15-0ubuntu3.1
* SECURITY UPDATE: backported security fixes from upstream xine-lib hg repo:
  - debian/patches/01_SECURITY_invalid_track_type.dpatch: Avoid segfault on
    invalid track type in Matroska files.
  - debian/patches/02_SECURITY_ffmpeg_video_overflow.dpatch: Heap buffer
    overflow in the ffmpeg video decoder.
  - debian/patches/03_SECURITY_ffmpeg_audio_overflow.dpatch: Integer overflow
    in the ffmpeg audio decoder
  - debian/patches/04_SECURITY_cdda_server_overflow.dpatch: Integer overflow
    in the the CDDA server.
  - debian/patches/05_SECURITY_CVE-2008-5234.dpatch: Heap overflow and
    unchecked malloc in Quicktime atom parsing. (CVE-2008-5234, CVE-2008-5242)
  - debian/patches/06_SECURITY_CVE-2008-5236.dpatch: Buffer overflows in
    Matroska, Real and RealAudio demuxers. (CVE-2008-5236)
  - debian/patches/07_SECURITY_CVE-2008-5237.dpatch: Integer overflows in
    MNG and QT demuxers. (CVE-2008-5237)
  - debian/patches/08_SECURITY_CVE-2008-5239.dpatch: Out-of-bounds reads and
    heap-based buffer overflows from unchecked or incompletely-checked read
    function results. (CVE-2008-5239)
  - debian/patches/09_SECURITY_CVE-2008-5240.dpatch: Unchecked malloc using
    untrusted values. (CVE-2008-5240)
  - debian/patches/10_SECURITY_CVE-2008-5241.dpatch: Integer underflow in qt
    compressed atom handling. (CVE-2008-5241)
  - debian/patches/11_SECURITY_CVE-2008-5243.dpatch: Buffer indexing using
    untrusted or unchecked values. (CVE-2008-5243)

Show diffs side-by-side

added added

removed removed

Lines of Context:
 
1
#! /bin/sh /usr/share/dpatch/dpatch-run
 
2
## 04_SECURITY_cdda_server_overflow.dpatch by Marc Deslauriers <marc.deslauriers@ubuntu.com>
 
3
##
 
4
## All lines beginning with `## DP:' are a description of the patch.
 
5
## DP: Description: fix integer overflow in the CDDA server.
 
6
## DP: Patch: http://hg.debian.org/hg/xine-lib/xine-lib?cmd=changeset;node=30eb014e9b320035de309ee442ebbff6d405987b;style=gitweb
 
7
 
 
8
@DPATCH@
 
9
diff -urNad xine-lib-1.1.15~/misc/cdda_server.c xine-lib-1.1.15/misc/cdda_server.c
 
10
--- xine-lib-1.1.15~/misc/cdda_server.c 2008-04-28 09:30:54.000000000 -0400
 
11
+++ xine-lib-1.1.15/misc/cdda_server.c  2009-01-15 09:49:54.000000000 -0500
 
12
@@ -480,6 +480,12 @@
 
13
 
 
14
         sscanf(cmd,"%*s %d %d", &start_frame, &num_frames);
 
15
 
 
16
+        if (num_frames > INT_MAX / CD_RAW_FRAME_SIZE)
 
17
+        {
 
18
+          printf ("fatal error: integer overflow\n");
 
19
+          exit (1);
 
20
+        }
 
21
+
 
22
         n = num_frames * CD_RAW_FRAME_SIZE;
 
23
         buf = malloc( n );
 
24
         if( !buf )
 
25
@@ -556,6 +562,11 @@
 
26
         char *buf;
 
27
 
 
28
         sscanf(cmd,"%*s %d %d", &blocks, &flags);
 
29
+        if (blocks > INT_MAX / DVD_BLOCK_SIZE)
 
30
+        {
 
31
+          printf ("fatal error: integer overflow\n");
 
32
+          exit (1);
 
33
+        }
 
34
 
 
35
         n = blocks * DVD_BLOCK_SIZE;
 
36
         buf = malloc( n );