Accepting request 727247 from home:atopt:branches:multimedia:libs

- Backported commit 47e5890 and 64875fa to fix CVE-2019-15784 (boo#1148844)
  and avoid a potential array overflow.
  * Added CVE-2019-15784.patch

OBS-URL: https://build.opensuse.org/request/show/727247
OBS-URL: https://build.opensuse.org/package/show/multimedia:libs/srt?expand=0&rev=18

CVE-2019-15784.patch

@@ -0,0 +1,192 @@
+Index: srt-1.3.4/srtcore/queue.cpp
+===================================================================
+--- srt-1.3.4.orig/srtcore/queue.cpp
++++ srt-1.3.4/srtcore/queue.cpp
+@@ -256,7 +256,7 @@ void CUnitQueue::makeUnitGood(CUnit * un
+ 
+ CSndUList::CSndUList():
+     m_pHeap(NULL),
+-    m_iArrayLength(4096),
++    m_iArrayLength(512),
+     m_iLastEntry(-1),
+     m_ListLock(),
+     m_pWindowLock(NULL),
+@@ -273,32 +273,6 @@ CSndUList::~CSndUList()
+     pthread_mutex_destroy(&m_ListLock);
+ }
+ 
+-void CSndUList::insert(int64_t ts, const CUDT* u)
+-{
+-   CGuard listguard(m_ListLock);
+-
+-   // increase the heap array size if necessary
+-   if (m_iLastEntry == m_iArrayLength - 1)
+-   {
+-      CSNode** temp = NULL;
+-
+-      try
+-      {
+-         temp = new CSNode*[m_iArrayLength * 2];
+-      }
+-      catch(...)
+-      {
+-         return;
+-      }
+-
+-      memcpy(temp, m_pHeap, sizeof(CSNode*) * m_iArrayLength);
+-      m_iArrayLength *= 2;
+-      delete [] m_pHeap;
+-      m_pHeap = temp;
+-   }
+-
+-   insert_(ts, u);
+-}
+ 
+ void CSndUList::update(const CUDT* u, EReschedule reschedule)
+ {
+@@ -319,6 +293,8 @@ void CSndUList::update(const CUDT* u, ER
+       }
+ 
+       remove_(u);
++      insert_norealloc_(1, u);
++      return;
+    }
+ 
+    insert_(1, u);
+@@ -366,7 +342,7 @@ int CSndUList::pop(sockaddr*& addr, CPac
+ 
+    // insert a new entry, ts is the next processing time
+    if (ts > 0)
+-      insert_(ts, u);
++      insert_norealloc_(ts, u);
+ 
+    return 1;
+ }
+@@ -388,14 +364,47 @@ uint64_t CSndUList::getNextProcTime()
+    return m_pHeap[0]->m_llTimeStamp_tk;
+ }
+ 
++
++void CSndUList::realloc_()
++{
++   CSNode** temp = NULL;
++
++   try
++   {
++       temp = new CSNode *[2 * m_iArrayLength];
++   }
++   catch (...)
++   {
++       throw CUDTException(MJ_SYSTEMRES, MN_MEMORY, 0);
++   }
++
++   memcpy(temp, m_pHeap, sizeof(CSNode*) * m_iArrayLength);
++   m_iArrayLength *= 2;
++   delete[] m_pHeap;
++   m_pHeap = temp;
++}
++
++
+ void CSndUList::insert_(int64_t ts, const CUDT* u)
+ {
++    // increase the heap array size if necessary
++    if (m_iLastEntry == m_iArrayLength - 1)
++        realloc_();
++
++    insert_norealloc_(ts, u);
++}
++
++
++void CSndUList::insert_norealloc_(int64_t ts, const CUDT* u)
++{
+    CSNode* n = u->m_pSNode;
+ 
+    // do not insert repeated node
+    if (n->m_iHeapLoc >= 0)
+       return;
+ 
++   SRT_ASSERT(m_iLastEntry < m_iArrayLength);
++
+    m_iLastEntry ++;
+    m_pHeap[m_iLastEntry] = n;
+    n->m_llTimeStamp_tk = ts;
+@@ -405,16 +414,12 @@ void CSndUList::insert_(int64_t ts, cons
+    while (p != 0)
+    {
+       p = (q - 1) >> 1;
+-      if (m_pHeap[p]->m_llTimeStamp_tk > m_pHeap[q]->m_llTimeStamp_tk)
+-      {
+-         CSNode* t = m_pHeap[p];
+-         m_pHeap[p] = m_pHeap[q];
+-         m_pHeap[q] = t;
+-         t->m_iHeapLoc = q;
+-         q = p;
+-      }
+-      else
+-         break;
++      if (m_pHeap[p]->m_llTimeStamp_tk <= m_pHeap[q]->m_llTimeStamp_tk)
++          break;
++
++      swap(m_pHeap[p], m_pHeap[q]);
++      m_pHeap[q]->m_iHeapLoc = q;
++      q = p;
+    }
+ 
+    n->m_iHeapLoc = q;
+@@ -452,10 +457,8 @@ void CSndUList::remove_(const CUDT* u)
+ 
+          if (m_pHeap[q]->m_llTimeStamp_tk > m_pHeap[p]->m_llTimeStamp_tk)
+          {
+-            CSNode* t = m_pHeap[p];
+-            m_pHeap[p] = m_pHeap[q];
+-            m_pHeap[p]->m_iHeapLoc = p;
+-            m_pHeap[q] = t;
++            swap(m_pHeap[p], m_pHeap[q]);
++  	    m_pHeap[p]->m_iHeapLoc = p;
+             m_pHeap[q]->m_iHeapLoc = q;
+ 
+             q = p;
+Index: srt-1.3.4/srtcore/queue.h
+===================================================================
+--- srt-1.3.4.orig/srtcore/queue.h
++++ srt-1.3.4/srtcore/queue.h
+@@ -166,12 +166,6 @@ public:
+ 
+    static EReschedule rescheduleIf(bool cond) { return cond ? DO_RESCHEDULE : DONT_RESCHEDULE; }
+ 
+-      /// Insert a new UDT instance into the list.
+-      /// @param [in] ts time stamp: next processing time
+-      /// @param [in] u pointer to the UDT instance
+-
+-   void insert(int64_t ts, const CUDT* u);
+-
+       /// Update the timestamp of the UDT instance on the list.
+       /// @param [in] u pointer to the UDT instance
+       /// @param [in] resechedule if the timestampe shoudl be rescheduled
+@@ -196,7 +190,26 @@ public:
+    uint64_t getNextProcTime();
+ 
+ private:
++
++   /// Doubles the size of the list.
++   ///
++   void realloc_();
++
++   /// Insert a new UDT instance into the list with realloc if required.
++   ///
++   /// @param [in] ts time stamp: next processing time
++   /// @param [in] u pointer to the UDT instance
+    void insert_(int64_t ts, const CUDT* u);
++
++   /// Insert a new UDT instance into the list without realloc.
++   /// Should be called if there is a gauranteed space for the element.
++   ///
++   /// @param [in] ts time stamp: next processing time
++   /// @param [in] u pointer to the UDT instance
++
++   void insert_norealloc_(int64_t ts, const CUDT* u);
++
++
+    void remove_(const CUDT* u);
+ 
+ private:

srt.changes

@@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Fri Aug 30 12:47:57 UTC 2019 - Alexandros Toptsoglou <atoptsoglou@suse.com>
+
+- Backported commit 47e5890 and 64875fa to fix CVE-2019-15784 (boo#1148844)
+  and avoid a potential array overflow.
+  * Added CVE-2019-15784.patch 
+
 -------------------------------------------------------------------
 Thu Aug 29 16:02:56 UTC 2019 - Alexandros Toptsoglou <atoptsoglou@suse.com>
 

srt.spec

@@ -27,6 +27,7 @@ Group:          Development/Libraries/C and C++
 URL:            https://www.srtalliance.org
 Source0:        https://github.com/Haivision/%{name}/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
 Source99:       baselibs.conf
+Patch0:         CVE-2019-15784.patch
 
 BuildRequires:  cmake
 BuildRequires:  fdupes
@@ -62,7 +63,6 @@ needed to develop applications with Secure Reliable Transport
 
 %prep
 %autosetup -p1
-
 %build
 %cmake \
 	-DCMAKE_INSTALL_PREFIX=%{_prefix} \