pool/xine-lib
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/xine-lib?expand=0&rev=23

Browse Source
This commit is contained in:
OBS User unknown 2009-03-20 18:40:46 +00:00 committed by Git OBS Bridge
parent ccb9014128
commit f0ef4c8124
3 changed files with 17 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
xine-lib-TKADV2009-004.diff
View File

@ -2,14 +2,21 @@ Index: xine-lib-1.1.16.1/src/demuxers/demux_4xm.c
===================================================================
--- xine-lib-1.1.16.1.orig/src/demuxers/demux_4xm.c
+++ xine-lib-1.1.16.1/src/demuxers/demux_4xm.c
@@ -190,6 +190,10 @@ static int open_fourxm_file(demux_fourxm
@@ -190,8 +190,16 @@ static int open_fourxm_file(demux_fourxm
return 0;
}
const uint32_t current_track = _X_LE_32(&header[i + 8]);
- if (current_track + 1 > fourxm->track_count) {
+ if(current_track >= UINT_MAX / sizeof(audio_track_t) - 1){
+ free(header);
+ return 0;
+ }
if (current_track + 1 > fourxm->track_count) {
+ if (current_track >= fourxm->track_count) {
fourxm->track_count = current_track + 1;
+ if (!fourxm->track_count || fourxm->track_count >= UINT_MAX / sizeof(audio_track_t)) {
+ free(header);
+ return 0;
+ }
fourxm->tracks = realloc(fourxm->tracks,
fourxm->track_count * sizeof(audio_track_t));
if (!fourxm->tracks) {

5
xine-lib.changes
View File

@ -1,3 +1,8 @@
-------------------------------------------------------------------
Fri Mar 6 19:25:25 CET 2009 - mhopf@suse.de
- Updated security fix for 4xm demuxer (TKADV2009-004, bnc#473825)
-------------------------------------------------------------------
Tue Feb 17 11:50:57 CET 2009 - lnussel@suse.de

4
xine-lib.spec
View File

@ -94,7 +94,7 @@ BuildRequires: DirectFB
BuildRequires: libmodplug
%endif
Version: 1.1.16.1
Release: 3
Release: 4
# XINE_MAJOR.XINE_LT_CURRENT in configure.ac
%define abiversion 1.25
# bug437293
@ -814,6 +814,8 @@ rm -rf %{buildroot}
%endif
%changelog
* Fri Mar 06 2009 mhopf@suse.de
- Updated security fix for 4xm demuxer (TKADV2009-004, bnc#473825)
* Tue Feb 17 2009 lnussel@suse.de
- fix libtool breakage on older distributions with hack
* Tue Feb 10 2009 mhopf@suse.de