forked from Lainports/freebsd-ports
- Fix 4xm Processing Memory Corruption Vulnerability
- Bump PORTREVISON PR: 132434 Submitted by: Eygene Ryabinkin <rea-fbsd@codelabs.ru> Security: http://www.vuxml.org/freebsd/6733e1bf-125f-11de-a964-0030843d3802.html
This commit is contained in:
Martin Wilke
parent
9f12e0ff02
commit
ef95eee68f
2 changed files with 18 additions and 1 deletions
|
|
@ -7,7 +7,7 @@
|
|||
|
||||
PORTNAME= ffmpeg
|
||||
DISTVERSION= 2008-07-27
|
||||
PORTREVISION= 8
|
||||
PORTREVISION= 9
|
||||
CATEGORIES= multimedia audio ipv6 net
|
||||
MASTER_SITES= ${MASTER_SITE_LOCAL}
|
||||
MASTER_SITE_SUBDIR= ahze
|
||||
|
|
|
|||
17
multimedia/ffmpeg/files/patch-tkadv2009-004
Normal file
17
multimedia/ffmpeg/files/patch-tkadv2009-004
Normal file
|
|
@ -0,0 +1,17 @@
|
|||
--- libavformat/4xm.c.orig 2008-06-03 20:20:54.000000000 +0400
|
||||
+++ libavformat/4xm.c 2009-03-08 23:38:44.000000000 +0300
|
||||
@@ -163,10 +163,12 @@
|
||||
return AVERROR_INVALIDDATA;
|
||||
}
|
||||
current_track = AV_RL32(&header[i + 8]);
|
||||
+ if((unsigned)current_track >= UINT_MAX / sizeof(AudioTrack) - 1){
|
||||
+ av_log(s, AV_LOG_ERROR, "current_track too large\n");
|
||||
+ return -1;
|
||||
+ }
|
||||
if (current_track + 1 > fourxm->track_count) {
|
||||
fourxm->track_count = current_track + 1;
|
||||
- if((unsigned)fourxm->track_count >= UINT_MAX / sizeof(AudioTrack))
|
||||
- return -1;
|
||||
fourxm->tracks = av_realloc(fourxm->tracks,
|
||||
fourxm->track_count * sizeof(AudioTrack));
|
||||
if (!fourxm->tracks) {
|
||||
Loading…
Add table
Reference in a new issue