aboutsummaryrefslogtreecommitdiffstats
path: root/multimedia
diff options
context:
space:
mode:
Diffstat (limited to 'multimedia')
-rw-r--r--multimedia/mplayer/Makefile3
-rw-r--r--multimedia/mplayer/files/patch-CVE-2006-150269
2 files changed, 70 insertions, 2 deletions
diff --git a/multimedia/mplayer/Makefile b/multimedia/mplayer/Makefile
index b0ac88fec333..d71e09a3259f 100644
--- a/multimedia/mplayer/Makefile
+++ b/multimedia/mplayer/Makefile
@@ -270,7 +270,7 @@
PORTNAME= mplayer
PORTVERSION= 0.99.7
-PORTREVISION= 11
+PORTREVISION= 12
CATEGORIES= multimedia audio ipv6
MASTER_SITES= http://www1.mplayerhq.hu/MPlayer/releases/ \
http://www2.mplayerhq.hu/MPlayer/releases/ \
@@ -332,7 +332,6 @@ CONFIGURE_ARGS+=--with-x11libdir=${X11BASE}/lib \
WANT_GNOME= yes
WANT_SDL= yes
-USE_REINPLACE= yes
MAN1= mplayer.1
MANCOMPRESSED= no
diff --git a/multimedia/mplayer/files/patch-CVE-2006-1502 b/multimedia/mplayer/files/patch-CVE-2006-1502
new file mode 100644
index 000000000000..4e9fe7e3cf32
--- /dev/null
+++ b/multimedia/mplayer/files/patch-CVE-2006-1502
@@ -0,0 +1,69 @@
+--- libmpdemux/aviheader.c.orig Tue Feb 22 17:24:18 2005
++++ libmpdemux/aviheader.c Fri Apr 7 11:56:53 2006
+@@ -205,8 +205,10 @@
+ break; }
+ case mmioFOURCC('i', 'n', 'd', 'x'): {
+ uint32_t i;
+- unsigned msize = 0;
+ avisuperindex_chunk *s;
++ if(chunksize<=24){
++ break;
++ }
+ priv->suidx_size++;
+ priv->suidx = realloc(priv->suidx, priv->suidx_size * sizeof (avisuperindex_chunk));
+ s = &priv->suidx[priv->suidx_size-1];
+@@ -224,11 +226,18 @@
+
+ print_avisuperindex_chunk(s);
+
+- msize = sizeof (uint32_t) * s->wLongsPerEntry * s->nEntriesInUse;
+- s->aIndex = malloc(msize);
+- memset (s->aIndex, 0, msize);
+- s->stdidx = malloc (s->nEntriesInUse * sizeof (avistdindex_chunk));
+- memset (s->stdidx, 0, s->nEntriesInUse * sizeof (avistdindex_chunk));
++ if( ((chunksize/4)/s->wLongsPerEntry) < s->nEntriesInUse){
++ mp_msg (MSGT_HEADER, MSGL_WARN, "Broken super index chunk\n");
++ s->nEntriesInUse = (chunksize/4)/s->wLongsPerEntry;
++ }
++
++ // Check and fix this useless crap
++ if(s->wLongsPerEntry != sizeof (avisuperindex_entry)/4) {
++ mp_msg (MSGT_HEADER, MSGL_WARN, "Broken super index chunk size: %u\n",s->wLongsPerEntry);
++ s->wLongsPerEntry = sizeof(avisuperindex_entry)/4;
++ }
++ s->aIndex = calloc(s->nEntriesInUse, sizeof (avisuperindex_entry));
++ s->stdidx = calloc(s->nEntriesInUse, sizeof (avistdindex_chunk));
+
+ // now the real index of indices
+ for (i=0; i<s->nEntriesInUse; i++) {
+@@ -636,6 +645,8 @@
+ idx->dwChunkLength=len;
+
+ c=stream_read_dword(demuxer->stream);
++
++ if(!len) idx->dwFlags&=~AVIIF_KEYFRAME;
+
+ // Fix keyframes for DivX files:
+ if(idxfix_divx)
+--- libmpdemux/asfheader.c.orig Sat Dec 25 09:31:32 2004
++++ libmpdemux/asfheader.c Fri Apr 7 11:55:29 2006
+@@ -189,7 +189,7 @@
+ while ((pos = find_asf_guid(hdr, asf_stream_header_guid, pos, hdr_len)) >= 0)
+ {
+ ASF_stream_header_t *streamh = (ASF_stream_header_t *)&hdr[pos];
+- char *buffer;
++ uint8_t *buffer;
+ pos += sizeof(ASF_stream_header_t);
+ if (pos > hdr_len) goto len_err_out;
+ le2me_ASF_stream_header_t(streamh);
+@@ -222,7 +222,9 @@
+ asf_scrambling_h=buffer[0];
+ asf_scrambling_w=(buffer[2]<<8)|buffer[1];
+ asf_scrambling_b=(buffer[4]<<8)|buffer[3];
+- asf_scrambling_w/=asf_scrambling_b;
++ if(asf_scrambling_b>0){
++ asf_scrambling_w/=asf_scrambling_b;
++ }
+ } else {
+ asf_scrambling_b=asf_scrambling_h=asf_scrambling_w=1;
+ }