Attachment #84263 for bug #120230

View | Details | Raw Unified | Return to bug 120230
Collapse All | Expand All

Lines 7-13 Link Here

(-)mplayer/Makefile (-1 / +1 lines)
7		7
8	PORTNAME= mplayer	8	PORTNAME= mplayer
9	PORTVERSION= ${MPLAYER_PORT_VERSION}	9	PORTVERSION= ${MPLAYER_PORT_VERSION}
10	PORTREVISION= 1	10	PORTREVISION= 2
11		11
12	COMMENT= High performance media player supporting many formats	12	COMMENT= High performance media player supporting many formats
13		13




--- libmpdemux/demux_audio.c.orig	2007-10-08 03:49:33.000000000 +0800
+++ libmpdemux/demux_audio.c	2008-02-02 21:01:44.000000000 +0800
@@ -229,6 +229,8 @@
           ptr += 4;
 
           comment = ptr;
+          if (&comment[length] < comments || &comment[length] >= &comments[blk_len])
+            return;
           c = comment[length];
           comment[length] = 0;
 
--- libmpdemux/demux_mov.c.orig	2007-10-08 03:49:33.000000000 +0800
+++ libmpdemux/demux_mov.c	2008-02-02 21:01:48.000000000 +0800
@@ -173,11 +173,12 @@
     i=trak->chunkmap_size;
     while(i>0){
 	--i;
-	for(j=trak->chunkmap[i].first;j<last;j++){
+	j=FFMAX(trak->chunkmap[i].first, 0);
+	for(;j<last;j++){
 	    trak->chunks[j].desc=trak->chunkmap[i].sdid;
 	    trak->chunks[j].size=trak->chunkmap[i].spc;
 	}
-	last=trak->chunkmap[i].first;
+	last=FFMIN(trak->chunkmap[i].first, trak->chunks_size);
     }
 
 #if 0
@@ -235,6 +236,8 @@
     s=0;
     for(j=0;j<trak->durmap_size;j++){
 	for(i=0;i<trak->durmap[j].num;i++){
+	    if (s >= trak->samples_size)
+		break;
 	    trak->samples[s].pts=pts;
 	    ++s;
 	    pts+=trak->durmap[j].dur;
@@ -246,6 +249,8 @@
     for(j=0;j<trak->chunks_size;j++){
 	off_t pos=trak->chunks[j].pos;
 	for(i=0;i<trak->chunks[j].size;i++){
+	    if (s >= trak->samples_size)
+		break;
 	    trak->samples[s].pos=pos;
 	    mp_msg(MSGT_DEMUX, MSGL_DBG3, "Sample %5d: pts=%8d  off=0x%08X  size=%d\n",s,
 		trak->samples[s].pts,
@@ -1568,8 +1573,7 @@
 			if( udta_len>udta_size)
 				udta_len=udta_size;
 			{
-			char dump[udta_len-4];
-			stream_read(demuxer->stream, (char *)&dump, udta_len-4-4);
+			stream_skip(demuxer->stream, udta_len-4-4);
 			udta_size -= udta_len;
 			}
 		    }
--- stream/url.c.orig	2007-10-08 03:49:26.000000000 +0800
+++ stream/url.c	2008-02-02 21:00:22.000000000 +0800
@@ -328,6 +328,7 @@
 		}
 	}
 	
+	tmp = NULL;
 	while(i < len) {
 		// look for the next char that must be kept
 		for  (j=i;j<len;j++) {
--- stream/stream_cddb.c.orig	2007-10-08 03:49:26.000000000 +0800
+++ stream/stream_cddb.c	2008-02-02 21:02:51.000000000 +0800
@@ -53,6 +53,7 @@
 #include "version.h"
 #include "stream.h"
 #include "network.h"
+#include "libavutil/intreadwrite.h"
 
 #define DEFAULT_FREEDB_SERVER	"freedb.freedb.org"
 #define DEFAULT_CACHE_DIR	"/.cddb/"
@@ -453,8 +454,9 @@
 		} else {
 			len = ptr2-ptr+1;
 		}
+		len = FFMIN(sizeof(album_title) - 1, len);
 		strncpy(album_title, ptr, len);
-		album_title[len-2]='\0';
+		album_title[len]='\0';
 	}
 	mp_msg(MSGT_DEMUX, MSGL_STATUS, MSGTR_MPDEMUX_CDDB_ParseOKFoundAlbumTitle, album_title);
 	return 0;
@@ -490,8 +492,9 @@
 				} else {
 					len = ptr2-ptr+1;
 				}
+				len = FFMIN(sizeof(album_title) - 1, len);
 				strncpy(album_title, ptr, len);
-				album_title[len-2]='\0';
+				album_title[len]='\0';
 			}
 			mp_msg(MSGT_DEMUX, MSGL_STATUS, MSGTR_MPDEMUX_CDDB_ParseOKFoundAlbumTitle, album_title);
 			return cddb_request_titles(cddb_data);

Lines 6-11 Link Here

(-)mencoder/Makefile (+1 lines)
6		6
7	PORTNAME= mencoder	7	PORTNAME= mencoder
8	PORTVERSION= ${MPLAYER_PORT_VERSION}	8	PORTVERSION= ${MPLAYER_PORT_VERSION}
		9	PORTREVISION= 1
9	COMMENT= Convenient video file and movie encoder	10	COMMENT= Convenient video file and movie encoder
10	RESTRICTED= Port has restricted dependencies	11	RESTRICTED= Port has restricted dependencies

Return to bug 120230

Line 0 Link Here

(-)mplayer/files/patch-overflows-20080202 (+98 lines)
		1	--- libmpdemux/demux_audio.c.orig 2007-10-08 03:49:33.000000000 +0800
		2	+++ libmpdemux/demux_audio.c 2008-02-02 21:01:44.000000000 +0800
		3	@@ -229,6 +229,8 @@
		4	ptr += 4;
		5
		6	comment = ptr;
		7	+ if (&comment[length] < comments \|\| &comment[length] >= &comments[blk_len])
		8	+ return;
		9	c = comment[length];
		10	comment[length] = 0;
		11
		12	--- libmpdemux/demux_mov.c.orig 2007-10-08 03:49:33.000000000 +0800
		13	+++ libmpdemux/demux_mov.c 2008-02-02 21:01:48.000000000 +0800
		14	@@ -173,11 +173,12 @@
		15	i=trak->chunkmap_size;
		16	while(i>0){
		17	--i;
		18	- for(j=trak->chunkmap[i].first;j<last;j++){
		19	+ j=FFMAX(trak->chunkmap[i].first, 0);
		20	+ for(;j<last;j++){
		21	trak->chunks[j].desc=trak->chunkmap[i].sdid;
		22	trak->chunks[j].size=trak->chunkmap[i].spc;
		23	}
		24	- last=trak->chunkmap[i].first;
		25	+ last=FFMIN(trak->chunkmap[i].first, trak->chunks_size);
		26	}
		27
		28	#if 0
		29	@@ -235,6 +236,8 @@
		30	s=0;
		31	for(j=0;j<trak->durmap_size;j++){
		32	for(i=0;i<trak->durmap[j].num;i++){
		33	+ if (s >= trak->samples_size)
		34	+ break;
		35	trak->samples[s].pts=pts;
		36	++s;
		37	pts+=trak->durmap[j].dur;
		38	@@ -246,6 +249,8 @@
		39	for(j=0;j<trak->chunks_size;j++){
		40	off_t pos=trak->chunks[j].pos;
		41	for(i=0;i<trak->chunks[j].size;i++){
		42	+ if (s >= trak->samples_size)
		43	+ break;
		44	trak->samples[s].pos=pos;
		45	mp_msg(MSGT_DEMUX, MSGL_DBG3, "Sample %5d: pts=%8d off=0x%08X size=%d\n",s,
		46	trak->samples[s].pts,
		47	@@ -1568,8 +1573,7 @@
		48	if( udta_len>udta_size)
		49	udta_len=udta_size;
		50	{
		51	- char dump[udta_len-4];
		52	- stream_read(demuxer->stream, (char *)&dump, udta_len-4-4);
		53	+ stream_skip(demuxer->stream, udta_len-4-4);
		54	udta_size -= udta_len;
		55	}
		56	}
		57	--- stream/url.c.orig 2007-10-08 03:49:26.000000000 +0800
		58	+++ stream/url.c 2008-02-02 21:00:22.000000000 +0800
		59	@@ -328,6 +328,7 @@
		60	}
		61	}
		62
		63	+ tmp = NULL;
		64	while(i < len) {
65	// look for the next char that must be kept
66	for (j=i;j<len;j++) {
67	--- stream/stream_cddb.c.orig 2007-10-08 03:49:26.000000000 +0800
68	+++ stream/stream_cddb.c 2008-02-02 21:02:51.000000000 +0800
69	@@ -53,6 +53,7 @@
70	#include "version.h"
71	#include "stream.h"
72	#include "network.h"
73	+#include "libavutil/intreadwrite.h"
74
75	#define DEFAULT_FREEDB_SERVER "freedb.freedb.org"
76	#define DEFAULT_CACHE_DIR "/.cddb/"
77	@@ -453,8 +454,9 @@
78	} else {
79	len = ptr2-ptr+1;
80	}
81	+ len = FFMIN(sizeof(album_title) - 1, len);
82	strncpy(album_title, ptr, len);
83	- album_title[len-2]='\0';
84	+ album_title[len]='\0';
85	}
86	mp_msg(MSGT_DEMUX, MSGL_STATUS, MSGTR_MPDEMUX_CDDB_ParseOKFoundAlbumTitle, album_title);
87	return 0;
88	@@ -490,8 +492,9 @@
89	} else {
90	len = ptr2-ptr+1;
91	}
92	+ len = FFMIN(sizeof(album_title) - 1, len);
93	strncpy(album_title, ptr, len);
94	- album_title[len-2]='\0';
95	+ album_title[len]='\0';
96	}
97	mp_msg(MSGT_DEMUX, MSGL_STATUS, MSGTR_MPDEMUX_CDDB_ParseOKFoundAlbumTitle, album_title);
98	return cddb_request_titles(cddb_data);