~ubuntu-branches/ubuntu/lucid/ffmpeg-extra/lucid

« back to all changes in this revision

Viewing changes to debian/patches/security/libavcodec/vorbis_dec/0005-Check-classbook-value.patch

Committer: Bazaar Package Importer
Author(s): Reinhard Tartler
Date: 2009-11-10 13:18:24 UTC
Revision ID: james.westby@ubuntu.com-20091110131824-ddrnmcvt76dcb8gk

Tags: 4:0.5+svn20090706-2ubuntu4

merge from 'ffmpeg' package

files added:
debian/patches/security

debian/patches/security/libavcodec

debian/patches/security/libavcodec/ffv1

debian/patches/security/libavcodec/ffv1/0001-Fix-a-possibly-exploitable-buffer-overflow.patch

debian/patches/security/libavcodec/h264

debian/patches/security/libavcodec/h264/0001-Check-num_units_in_tick-time_scale-to-be-valid-and-w.patch

debian/patches/security/libavcodec/mpegaudiodec

debian/patches/security/libavcodec/mpegaudiodec/0001-check-data_size-in-decode_frame.patch

debian/patches/security/libavcodec/mpegaudiodec/0002-Check-data_size-in-decode_frame_mp3on4.patch

debian/patches/security/libavcodec/mpegaudiodec/0003-Set-data_size-to-0-to-avoid-having-it-uninitialized.patch

debian/patches/security/libavcodec/vorbis_dec

debian/patches/security/libavcodec/vorbis_dec/0001-Check-dimensions-against-0-too.patch

debian/patches/security/libavcodec/vorbis_dec/0002-typo.patch

debian/patches/security/libavcodec/vorbis_dec/0003-Sanity-checks-for-magnitude-and-angle.patch

debian/patches/security/libavcodec/vorbis_dec/0004-Fix-book_idx-check.patch

debian/patches/security/libavcodec/vorbis_dec/0005-Check-classbook-value.patch

debian/patches/security/libavcodec/vorbis_dec/0006-Add-checks-for-per-packet-mode-indexes-and-per-heade.patch

debian/patches/security/libavcodec/vorbis_dec/0007-Check-masterbook-index-and-subclass-book-index.patch

debian/patches/security/libavcodec/vorbis_dec/0008-Check-res_setup-books.patch

debian/patches/security/libavcodec/vorbis_dec/0009-Check-begin-end-partition_size.patch

debian/patches/security/libavcodec/vorbis_dec/0010-Make-error-return-sign-consistent.patch

debian/patches/security/libavcodec/vorbis_dec/0011-Check-submap-indexes.patch

debian/patches/security/libavcodec/vorbis_dec/0012-Fix-format-string-to-match-the-types-printed.patch

debian/patches/security/libavcodec/vp3

debian/patches/security/libavcodec/vp3/0001-Fix-init_get_bits-buffer-size.patch

debian/patches/security/libavcodec/vp3/0003-Make-sure-that-all-memory-allocations-succeed.patch

debian/patches/security/libavformat

debian/patches/security/libavformat/mov

debian/patches/security/libavformat/mov/0000-MOV-Support-stz2-Compact-Sample-Size-Box.patch

debian/patches/security/libavformat/mov/0001-check-entries-against-field_size-potential-malloc-ov.patch

debian/patches/security/libavformat/mov/0002-add-one-missing-check-for-stream-existence-in-read_e.patch

debian/patches/security/libavformat/mov/0003-check-stream-existence-before-assignment-fix-1222.patch

debian/patches/security/libavformat/oggdec

debian/patches/security/libavformat/oggdec/0001-Disable-parsing-for-ogg-streams-where-no-ogg-header-.patch

debian/patches/security/libavformat/oggparsevorbis

debian/patches/security/libavformat/oggparsevorbis/0001-Fix-possible-buffer-over-read-in-vorbis_comment-fix-.patch

files modified:
debian/changelog

debian/gbp.conf

debian/patches/series

Show diffs side-by-side

added added

removed removed

debian/patches/security/libavcodec/vorbis_dec/0005-Check-classbook-value.patch

From 093a791b172df483199fe81ac59ffcdbb63bf6c7 Mon Sep 17 00:00:00 2001

From: michael <michael@9553f0bf-9b14-0410-a0b8-cfaf0461ba5b>

Date: Wed, 23 Sep 2009 12:02:31 +0000

Subject: [PATCH 05/12] Check classbook value.

11_vorbis_residue_book_index.patch by chrome.

git-svn-id: file:///var/local/repositories/ffmpeg/trunk@19989 9553f0bf-9b14-0410-a0b8-cfaf0461ba5b

---

libavcodec/vorbis_dec.c | 4 ++++

1 files changed, 4 insertions(+), 0 deletions(-)

diff --git a/libavcodec/vorbis_dec.c b/libavcodec/vorbis_dec.c

index ce5a139..2d5e610 100644

--- a/libavcodec/vorbis_dec.c

+++ b/libavcodec/vorbis_dec.c

@@ -630,6 +630,10 @@ static int vorbis_parse_setup_hdr_residues(vorbis_context *vc){

res_setup->partition_size=get_bits(gb, 24)+1;

res_setup->classifications=get_bits(gb, 6)+1;

res_setup->classbook=get_bits(gb, 8);

+ if (res_setup->classbook>=vc->codebook_count) {

+ av_log(vc->avccontext, AV_LOG_ERROR, "classbook value %d out of range. \n", res_setup->classbook);

+ return 1;

+ }

AV_DEBUG(" begin %d end %d part.size %d classif.s %d classbook %d \n", res_setup->begin, res_setup->end, res_setup->partition_size,

res_setup->classifications, res_setup->classbook);

1.6.3.3

Older »