| From dc68faf8339a885bc55fabe5b01f1de4f8f3782c Mon Sep 17 00:00:00 2001 |
| From: Kai Kang <kai.kang@windriver.com> |
| Date: Wed, 13 May 2015 16:30:53 +0800 |
| Subject: [PATCH 1/2] gst-ffmpeg: fix CVE-2014-9603 |
| |
| Upstream-Status: Backport |
| |
| Upstream is version 2.x and vmdav.c is splitted into 2 files vmdaudio.c |
| and vmdvideo.c. Becuase source code changes, just partly backport commit which |
| is applicable to version 0.10.13 to fix CVE-2014-9603. |
| |
| http://git.videolan.org/?p=ffmpeg.git;a=commit;h=3030fb7e0d41836f8add6399e9a7c7b740b48bfd |
| |
| Signed-off-by: Kai Kang <kai.kang@windriver.com> |
| --- |
| gst-libs/ext/libav/libavcodec/vmdav.c | 7 +++++-- |
| 1 file changed, 5 insertions(+), 2 deletions(-) |
| |
| diff --git a/gst-libs/ext/libav/libavcodec/vmdav.c b/gst-libs/ext/libav/libavcodec/vmdav.c |
| index d258252..ba88ad8 100644 |
| --- a/gst-libs/ext/libav/libavcodec/vmdav.c |
| +++ b/gst-libs/ext/libav/libavcodec/vmdav.c |
| @@ -294,10 +294,13 @@ static void vmd_decode(VmdVideoContext *s) |
| len = *pb++; |
| if (len & 0x80) { |
| len = (len & 0x7F) + 1; |
| - if (*pb++ == 0xFF) |
| + if (*pb++ == 0xFF) { |
| len = rle_unpack(pb, &dp[ofs], len, frame_width - ofs); |
| - else |
| + } else { |
| + if (ofs + len > frame_width) |
| + return; |
| memcpy(&dp[ofs], pb, len); |
| + } |
| pb += len; |
| ofs += len; |
| } else { |
| -- |
| 1.9.1 |
| |