rpms
/
mplayer
20
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

- security fix for CVE-2008-3827

Browse Source 
- sync with devel for F-9
el8
Dominik Mierzejewski 17 years ago
parent 543d75d1c5
commit ee7ba3f484
2 changed files with 34 additions and 1 deletions
Show Stats Download Patch File Download Diff File

28
mplayer-CVE-2008-3827.patch
Unescape View File

@ -0,0 +1,28 @@
Index: libmpdemux/demux_real.c
===================================================================
--- libmpdemux/demux_real.c (revision 27674)
+++ libmpdemux/demux_real.c (revision 27675)
@@ -947,6 +947,7 @@
// last fragment!
if(dp_hdr->len!=vpkg_length-vpkg_offset)
mp_msg(MSGT_DEMUX,MSGL_V,"warning! assembled.len=%d frag.len=%d total.len=%d \n",dp->len,vpkg_offset,vpkg_length-vpkg_offset);
+ if (vpkg_offset > dp->len - sizeof(dp_hdr_t) - dp_hdr->len) vpkg_offset = dp->len - sizeof(dp_hdr_t) - dp_hdr->len;
stream_read(demuxer->stream, dp_data+dp_hdr->len, vpkg_offset);
if((dp_data[dp_hdr->len]&0x20) && (sh_video->format==0x30335652)) --dp_hdr->chunks; else
dp_hdr->len+=vpkg_offset;
@@ -970,6 +971,7 @@
// non-last fragment:
if(dp_hdr->len!=vpkg_offset)
mp_msg(MSGT_DEMUX,MSGL_V,"warning! assembled.len=%d offset=%d frag.len=%d total.len=%d \n",dp->len,vpkg_offset,len,vpkg_length);
+ if (len > dp->len - sizeof(dp_hdr_t) - dp_hdr->len) len = dp->len - sizeof(dp_hdr_t) - dp_hdr->len;
stream_read(demuxer->stream, dp_data+dp_hdr->len, len);
if((dp_data[dp_hdr->len]&0x20) && (sh_video->format==0x30335652)) --dp_hdr->chunks; else
dp_hdr->len+=len;
@@ -992,6 +994,7 @@
extra[0]=1; extra[1]=0; // offset of the first chunk
if(0x00==(vpkg_header&0xc0)){
// first fragment:
+ if (len > dp->len - sizeof(dp_hdr_t)) len = dp->len - sizeof(dp_hdr_t);
dp_hdr->len=len;
stream_read(demuxer->stream, dp_data, len);
ds->asf_packet=dp;

7
mplayer.spec
Unescape View File

@ -6,7 +6,7 @@
Name: mplayer
Version: 1.0
Release: 0.99.%{pre}%{?dist}
Release: 0.100.%{pre}%{?dist}
Summary: Movie player playing most video formats and DVDs
Group: Applications/Multimedia
@ -25,6 +25,7 @@ Patch5: %{name}-x86_32-compile.patch
Patch8: %{name}-manlinks.patch
Patch10: %{name}-qcelp.patch
Patch12: %{name}-man-zh_CN.patch
Patch13: %{name}-CVE-2008-3827.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: SDL-devel
@ -145,6 +146,7 @@ MPlayer documentation in various languages.
%patch8 -p1 -b .manlinks
%patch10 -p1 -b .qclp
%patch12 -p1 -b .man-zh_CN
%patch13 -p0 -b .cve
doconv() {
iconv -f $1 -t $2 -o DOCS/man/$3/mplayer.1.utf8 DOCS/man/$3/mplayer.1 && \
@ -386,6 +388,9 @@ rm -rf $RPM_BUILD_ROOT
%changelog
* Sun Oct 12 2008 Dominik Mierzejewski <rpm at greysector.net> - 1.0-0.100.20080903svn
- backport the fix for CVE-2008-3827
* Tue Sep 09 2008 Dominik Mierzejewski <rpm at greysector.net> - 1.0-0.99.20080903svn
- updated to 20080903 SVN snapshot
- added snapshot creation script

Write Preview
Loading…
Cancel
Save