ports/contrib
3
3
Fork 2
Code Issues Pull Requests Activity

vlc: 1.1.5 -> 1.1.6

Browse Source
This commit is contained in:
Thomas Penteker 2011-01-24 18:23:39 +01:00
parent a777579800
commit fc6dce3e8f
4 changed files with 7 additions and 73 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
vlc/.footprint
View File

@ -93,9 +93,9 @@ lrwxrwxrwx root/root usr/lib/libvlc.so -> libvlc.so.5.2.0
lrwxrwxrwx root/root usr/lib/libvlc.so.5 -> libvlc.so.5.2.0
-rwxr-xr-x root/root usr/lib/libvlc.so.5.2.0
-rwxr-xr-x root/root usr/lib/libvlccore.la
lrwxrwxrwx root/root usr/lib/libvlccore.so -> libvlccore.so.4.0.1
lrwxrwxrwx root/root usr/lib/libvlccore.so.4 -> libvlccore.so.4.0.1
-rwxr-xr-x root/root usr/lib/libvlccore.so.4.0.1
lrwxrwxrwx root/root usr/lib/libvlccore.so -> libvlccore.so.4.0.2
lrwxrwxrwx root/root usr/lib/libvlccore.so.4 -> libvlccore.so.4.0.2
-rwxr-xr-x root/root usr/lib/libvlccore.so.4.0.2
drwxr-xr-x root/root usr/lib/pkgconfig/
-rw-r--r-- root/root usr/lib/pkgconfig/libvlc.pc
-rw-r--r-- root/root usr/lib/pkgconfig/vlc-plugin.pc

3
vlc/.md5sum
View File

@ -1,2 +1 @@
6a70d4161bad4e2630176999a4a04465 fix-heap-corruption.diff
fdc23693351ed57af9f4c85ea885b536 vlc-1.1.5.tar.bz2
c47f3ebc886f2aff8c95b98c564d1759 vlc-1.1.6.tar.bz2

12
vlc/Pkgfile
View File

@ -5,19 +5,13 @@
# Depends on: libmad, ffmpeg, qt4, libdvdnav, alsa-lib, liba52, libgcrypt
name=vlc
version=1.1.5
release=2
source=(http://download.videolan.org/pub/videolan/$name/$version/$name-$version.tar.bz2 \
fix-heap-corruption.diff)
version=1.1.6
release=1
source=(http://download.videolan.org/pub/videolan/$name/$version/$name-$version.tar.bz2)
build() {
cd $name-$version
# See
# http://git.videolan.org/?p=vlc.git;h=f9b664eac0e1a7bceed9d7b5854fd9fc351b4aab
# for details
patch -i $SRC/fix-heap-corruption.diff -p1
./configure --prefix=/usr \
--disable-nls \
--disable-fribidi \

59
vlc/fix-heap-corruption.diff
View File

@ -1,59 +0,0 @@
From f9b664eac0e1a7bceed9d7b5854fd9fc351b4aab Mon Sep 17 00:00:00 2001
From: Dan Rosenberg <drosenberg@vsecurity.com>
Date: Fri, 7 Jan 2011 11:06:08 -0500
Subject: [PATCH] Fix heap overflows in CDG decoder
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit
This patch resolves two heap corruption vulnerabilities in the CDG
decoder for VLC media player. In both cases, a failure to properly
validate indexes into statically-sized arrays on the heap could allow a
maliciously crafted CDG video to corrupt the heap in a controlled
manner, potentially leading to code execution.
The patch is against v1.1.5 from vlc git, but this decoder hasn't been
touched in awhile, so I'd expect it to cleanly apply to older versions.
I've tested it and confirmed it resolves the heap corruption issues and
does not break functionality.
(...)
Signed-off-by: Rémi Denis-Courmont <remi@remlab.net>
---
modules/codec/cdg.c | 12 +++++++++---
1 files changed, 9 insertions(+), 3 deletions(-)
diff --git a/modules/codec/cdg.c b/modules/codec/cdg.c
index 31ecd0e..fe7b62d 100644
--- a/modules/codec/cdg.c
+++ b/modules/codec/cdg.c
@@ -254,7 +254,13 @@ static int DecodeTileBlock( decoder_sys_t *p_cdg, const uint8_t *p_data, int doX
for( x = 0; x < 6; x++ )
{
const int idx = ( p_data[4+y] >> (5-x) ) & 0x01;
- uint8_t *p = &p_cdg->p_screen[(sy+y)*CDG_SCREEN_PITCH+(sx+x)];
+
+ int index = (sy+y)*CDG_SCREEN_PITCH+(sx+x);
+ if( index >= CDG_SCREEN_PITCH*CDG_SCREEN_HEIGHT )
+ return 0;
+
+ uint8_t *p = &p_cdg->p_screen[index];
+
if( doXor )
*p ^= p_color[idx];
else
@@ -319,8 +325,8 @@ static int DecodeScroll( decoder_sys_t *p_cdg, const uint8_t *p_data, int b_copy
if( b_copy )
{
- dy = ( dy + CDG_SCREEN_HEIGHT ) % CDG_SCREEN_HEIGHT;
- dy = ( dy + CDG_SCREEN_WIDTH ) % CDG_SCREEN_WIDTH;
+ dy %= CDG_SCREEN_HEIGHT;
+ dx %= CDG_SCREEN_WIDTH;
}
else
{
--
1.7.2.3