FreeBSD Bugzilla – Attachment 84263 Details for
Bug 120230
Fix remote vulnerabilities of multimedia/mplayer and multimedia/mencoder
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
file.diff
file.diff (text/plain), 4.02 KB, created by
Thomas E. Zander
on 2008-02-03 00:00:04 UTC
(
hide
)
Description:
file.diff
Filename:
MIME Type:
Creator:
Thomas E. Zander
Created:
2008-02-03 00:00:04 UTC
Size:
4.02 KB
patch
obsolete
>diff -ruN /usr/ports/multimedia/mplayer/Makefile mplayer/Makefile >--- /usr/ports/multimedia/mplayer/Makefile 2008-01-23 18:47:02.000000000 +0800 >+++ mplayer/Makefile 2008-02-02 21:06:36.000000000 +0800 >@@ -7,7 +7,7 @@ > > PORTNAME= mplayer > PORTVERSION= ${MPLAYER_PORT_VERSION} >-PORTREVISION= 1 >+PORTREVISION= 2 > > COMMENT= High performance media player supporting many formats > >diff -ruN /usr/ports/multimedia/mplayer/files/patch-overflows-20080202 mplayer/files/patch-overflows-20080202 >--- /usr/ports/multimedia/mplayer/files/patch-overflows-20080202 1970-01-01 08:00:00.000000000 +0800 >+++ mplayer/files/patch-overflows-20080202 2008-02-02 21:04:53.000000000 +0800 >@@ -0,0 +1,98 @@ >+--- libmpdemux/demux_audio.c.orig 2007-10-08 03:49:33.000000000 +0800 >++++ libmpdemux/demux_audio.c 2008-02-02 21:01:44.000000000 +0800 >+@@ -229,6 +229,8 @@ >+ ptr += 4; >+ >+ comment = ptr; >++ if (&comment[length] < comments || &comment[length] >= &comments[blk_len]) >++ return; >+ c = comment[length]; >+ comment[length] = 0; >+ >+--- libmpdemux/demux_mov.c.orig 2007-10-08 03:49:33.000000000 +0800 >++++ libmpdemux/demux_mov.c 2008-02-02 21:01:48.000000000 +0800 >+@@ -173,11 +173,12 @@ >+ i=trak->chunkmap_size; >+ while(i>0){ >+ --i; >+- for(j=trak->chunkmap[i].first;j<last;j++){ >++ j=FFMAX(trak->chunkmap[i].first, 0); >++ for(;j<last;j++){ >+ trak->chunks[j].desc=trak->chunkmap[i].sdid; >+ trak->chunks[j].size=trak->chunkmap[i].spc; >+ } >+- last=trak->chunkmap[i].first; >++ last=FFMIN(trak->chunkmap[i].first, trak->chunks_size); >+ } >+ >+ #if 0 >+@@ -235,6 +236,8 @@ >+ s=0; >+ for(j=0;j<trak->durmap_size;j++){ >+ for(i=0;i<trak->durmap[j].num;i++){ >++ if (s >= trak->samples_size) >++ break; >+ trak->samples[s].pts=pts; >+ ++s; >+ pts+=trak->durmap[j].dur; >+@@ -246,6 +249,8 @@ >+ for(j=0;j<trak->chunks_size;j++){ >+ off_t pos=trak->chunks[j].pos; >+ for(i=0;i<trak->chunks[j].size;i++){ >++ if (s >= trak->samples_size) >++ break; >+ trak->samples[s].pos=pos; >+ mp_msg(MSGT_DEMUX, MSGL_DBG3, "Sample %5d: pts=%8d off=0x%08X size=%d\n",s, >+ trak->samples[s].pts, >+@@ -1568,8 +1573,7 @@ >+ if( udta_len>udta_size) >+ udta_len=udta_size; >+ { >+- char dump[udta_len-4]; >+- stream_read(demuxer->stream, (char *)&dump, udta_len-4-4); >++ stream_skip(demuxer->stream, udta_len-4-4); >+ udta_size -= udta_len; >+ } >+ } >+--- stream/url.c.orig 2007-10-08 03:49:26.000000000 +0800 >++++ stream/url.c 2008-02-02 21:00:22.000000000 +0800 >+@@ -328,6 +328,7 @@ >+ } >+ } >+ >++ tmp = NULL; >+ while(i < len) { >+ // look for the next char that must be kept >+ for (j=i;j<len;j++) { >+--- stream/stream_cddb.c.orig 2007-10-08 03:49:26.000000000 +0800 >++++ stream/stream_cddb.c 2008-02-02 21:02:51.000000000 +0800 >+@@ -53,6 +53,7 @@ >+ #include "version.h" >+ #include "stream.h" >+ #include "network.h" >++#include "libavutil/intreadwrite.h" >+ >+ #define DEFAULT_FREEDB_SERVER "freedb.freedb.org" >+ #define DEFAULT_CACHE_DIR "/.cddb/" >+@@ -453,8 +454,9 @@ >+ } else { >+ len = ptr2-ptr+1; >+ } >++ len = FFMIN(sizeof(album_title) - 1, len); >+ strncpy(album_title, ptr, len); >+- album_title[len-2]='\0'; >++ album_title[len]='\0'; >+ } >+ mp_msg(MSGT_DEMUX, MSGL_STATUS, MSGTR_MPDEMUX_CDDB_ParseOKFoundAlbumTitle, album_title); >+ return 0; >+@@ -490,8 +492,9 @@ >+ } else { >+ len = ptr2-ptr+1; >+ } >++ len = FFMIN(sizeof(album_title) - 1, len); >+ strncpy(album_title, ptr, len); >+- album_title[len-2]='\0'; >++ album_title[len]='\0'; >+ } >+ mp_msg(MSGT_DEMUX, MSGL_STATUS, MSGTR_MPDEMUX_CDDB_ParseOKFoundAlbumTitle, album_title); >+ return cddb_request_titles(cddb_data); >diff -ruN /usr/ports/multimedia/mencoder/Makefile mencoder/Makefile >--- /usr/ports/multimedia/mencoder/Makefile 2007-12-16 13:05:09.000000000 +0800 >+++ mencoder/Makefile 2008-02-02 21:06:56.000000000 +0800 >@@ -6,6 +6,7 @@ > > PORTNAME= mencoder > PORTVERSION= ${MPLAYER_PORT_VERSION} >+PORTREVISION= 1 > COMMENT= Convenient video file and movie encoder > RESTRICTED= Port has restricted dependencies
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=84263">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 120230
: 84263