rpm/libquicktime
SHA256
1
0
Fork 0
forked from pool/libquicktime
Code Pull Requests Activity
af2ea14bd7
libquicktime/libquicktime-1.2.4-multiple_vulnerabilities.patch
Tomáš Chvátal 63a6e62cac Accepting request 506564 from home:kstreitova:branches:multimedia:libs 
- add libquicktime-1.2.4-multiple_vulnerabilities.patch to fix the
  following security issues:
  * CVE-2017-9122 [bsc#1044077]
  * CVE-2017-9123 [bsc#1044009]
  * CVE-2017-9124 [bsc#1044008]
  * CVE-2017-9125 [bsc#1044122]
  * CVE-2017-9126 [bsc#1044006]
  * CVE-2017-9127 [bsc#1044002]
  * CVE-2017-9128 [bsc#1044000]

OBS-URL: https://build.opensuse.org/request/show/506564
OBS-URL: https://build.opensuse.org/package/show/multimedia:libs/libquicktime?expand=0&rev=70
2017-06-28 07:16:27 +00:00

63 lines
2.2 KiB
Diff
Raw Blame History

Index: libquicktime/src/atom.c
===================================================================
--- libquicktime.orig/src/atom.c
+++ libquicktime/src/atom.c
@@ -131,6 +131,9 @@ int quicktime_atom_read_header(quicktime
atom->size = read_size64(header);
atom->end = atom->start + atom->size;
}
+/* Avoid broken files */
+ if(atom->end > file->total_length)
+ result = 1;
}
Index: libquicktime/src/lqt_quicktime.c
===================================================================
--- libquicktime.orig/src/lqt_quicktime.c
+++ libquicktime/src/lqt_quicktime.c
@@ -993,8 +993,8 @@ int quicktime_read_info(quicktime_t *fil
quicktime_set_position(file, start_position);
free(temp);
- quicktime_read_moov(file, &file->moov, &leaf_atom);
- got_header = 1;
+ if(!quicktime_read_moov(file, &file->moov, &leaf_atom))
+ got_header = 1;
}
else
if(((leaf_atom.type[0] | leaf_atom.type[1] | leaf_atom.type[2] | leaf_atom.type[3]) == 0) &&
Index: libquicktime/src/moov.c
===================================================================
--- libquicktime.orig/src/moov.c
+++ libquicktime/src/moov.c
@@ -218,7 +218,8 @@ int quicktime_read_moov(quicktime_t *fil
if(quicktime_atom_is(&leaf_atom, "trak"))
{
quicktime_trak_t *trak = quicktime_add_trak(file);
- quicktime_read_trak(file, trak, &leaf_atom);
+ if(quicktime_read_trak(file, trak, &leaf_atom))
+ return 1;
}
else
if(quicktime_atom_is(&leaf_atom, "udta"))
Index: libquicktime/src/trak.c
===================================================================
--- libquicktime.orig/src/trak.c
+++ libquicktime/src/trak.c
@@ -272,6 +272,14 @@ int quicktime_read_trak(quicktime_t *fil
else quicktime_atom_skip(file, &leaf_atom);
} while(quicktime_position(file) < trak_atom->end);
+ /* Do some sanity checks to prevent later crashes */
+ if(trak->mdia.minf.is_video || trak->mdia.minf.is_video)
+ {
+ if(!trak->mdia.minf.stbl.stsc.table ||
+ !trak->mdia.minf.stbl.stco.table)
+ return 1;
+ }
+
#if 1
if(trak->mdia.minf.is_video &&
quicktime_match_32(trak->mdia.minf.stbl.stsd.table[0].format, "drac"))
View Git Blame Copy Permalink