From ef95eee68fc4cb7e5a330c477d90e9bdcfa7452c Mon Sep 17 00:00:00 2001 From: Martin Wilke Date: Mon, 16 Mar 2009 19:38:08 +0000 Subject: [PATCH] - Fix 4xm Processing Memory Corruption Vulnerability - Bump PORTREVISON PR: 132434 Submitted by: Eygene Ryabinkin Security: http://www.vuxml.org/freebsd/6733e1bf-125f-11de-a964-0030843d3802.html --- multimedia/ffmpeg/Makefile | 2 +- multimedia/ffmpeg/files/patch-tkadv2009-004 | 17 +++++++++++++++++ 2 files changed, 18 insertions(+), 1 deletion(-) create mode 100644 multimedia/ffmpeg/files/patch-tkadv2009-004 diff --git a/multimedia/ffmpeg/Makefile b/multimedia/ffmpeg/Makefile index 2d986cf25f7f..1bf86fd9d34e 100644 --- a/multimedia/ffmpeg/Makefile +++ b/multimedia/ffmpeg/Makefile @@ -7,7 +7,7 @@ PORTNAME= ffmpeg DISTVERSION= 2008-07-27 -PORTREVISION= 8 +PORTREVISION= 9 CATEGORIES= multimedia audio ipv6 net MASTER_SITES= ${MASTER_SITE_LOCAL} MASTER_SITE_SUBDIR= ahze diff --git a/multimedia/ffmpeg/files/patch-tkadv2009-004 b/multimedia/ffmpeg/files/patch-tkadv2009-004 new file mode 100644 index 000000000000..9aeb49b8ee8e --- /dev/null +++ b/multimedia/ffmpeg/files/patch-tkadv2009-004 @@ -0,0 +1,17 @@ +--- libavformat/4xm.c.orig 2008-06-03 20:20:54.000000000 +0400 ++++ libavformat/4xm.c 2009-03-08 23:38:44.000000000 +0300 +@@ -163,10 +163,12 @@ + return AVERROR_INVALIDDATA; + } + current_track = AV_RL32(&header[i + 8]); ++ if((unsigned)current_track >= UINT_MAX / sizeof(AudioTrack) - 1){ ++ av_log(s, AV_LOG_ERROR, "current_track too large\n"); ++ return -1; ++ } + if (current_track + 1 > fourxm->track_count) { + fourxm->track_count = current_track + 1; +- if((unsigned)fourxm->track_count >= UINT_MAX / sizeof(AudioTrack)) +- return -1; + fourxm->tracks = av_realloc(fourxm->tracks, + fourxm->track_count * sizeof(AudioTrack)); + if (!fourxm->tracks) {