diff options
Diffstat (limited to 'multimedia')
-rw-r--r-- | multimedia/mplayer/Makefile | 3 | ||||
-rw-r--r-- | multimedia/mplayer/files/patch-CVE-2006-1502 | 69 |
2 files changed, 70 insertions, 2 deletions
diff --git a/multimedia/mplayer/Makefile b/multimedia/mplayer/Makefile index b0ac88fec333..d71e09a3259f 100644 --- a/multimedia/mplayer/Makefile +++ b/multimedia/mplayer/Makefile @@ -270,7 +270,7 @@ PORTNAME= mplayer PORTVERSION= 0.99.7 -PORTREVISION= 11 +PORTREVISION= 12 CATEGORIES= multimedia audio ipv6 MASTER_SITES= http://www1.mplayerhq.hu/MPlayer/releases/ \ http://www2.mplayerhq.hu/MPlayer/releases/ \ @@ -332,7 +332,6 @@ CONFIGURE_ARGS+=--with-x11libdir=${X11BASE}/lib \ WANT_GNOME= yes WANT_SDL= yes -USE_REINPLACE= yes MAN1= mplayer.1 MANCOMPRESSED= no diff --git a/multimedia/mplayer/files/patch-CVE-2006-1502 b/multimedia/mplayer/files/patch-CVE-2006-1502 new file mode 100644 index 000000000000..4e9fe7e3cf32 --- /dev/null +++ b/multimedia/mplayer/files/patch-CVE-2006-1502 @@ -0,0 +1,69 @@ +--- libmpdemux/aviheader.c.orig Tue Feb 22 17:24:18 2005 ++++ libmpdemux/aviheader.c Fri Apr 7 11:56:53 2006 +@@ -205,8 +205,10 @@ + break; } + case mmioFOURCC('i', 'n', 'd', 'x'): { + uint32_t i; +- unsigned msize = 0; + avisuperindex_chunk *s; ++ if(chunksize<=24){ ++ break; ++ } + priv->suidx_size++; + priv->suidx = realloc(priv->suidx, priv->suidx_size * sizeof (avisuperindex_chunk)); + s = &priv->suidx[priv->suidx_size-1]; +@@ -224,11 +226,18 @@ + + print_avisuperindex_chunk(s); + +- msize = sizeof (uint32_t) * s->wLongsPerEntry * s->nEntriesInUse; +- s->aIndex = malloc(msize); +- memset (s->aIndex, 0, msize); +- s->stdidx = malloc (s->nEntriesInUse * sizeof (avistdindex_chunk)); +- memset (s->stdidx, 0, s->nEntriesInUse * sizeof (avistdindex_chunk)); ++ if( ((chunksize/4)/s->wLongsPerEntry) < s->nEntriesInUse){ ++ mp_msg (MSGT_HEADER, MSGL_WARN, "Broken super index chunk\n"); ++ s->nEntriesInUse = (chunksize/4)/s->wLongsPerEntry; ++ } ++ ++ // Check and fix this useless crap ++ if(s->wLongsPerEntry != sizeof (avisuperindex_entry)/4) { ++ mp_msg (MSGT_HEADER, MSGL_WARN, "Broken super index chunk size: %u\n",s->wLongsPerEntry); ++ s->wLongsPerEntry = sizeof(avisuperindex_entry)/4; ++ } ++ s->aIndex = calloc(s->nEntriesInUse, sizeof (avisuperindex_entry)); ++ s->stdidx = calloc(s->nEntriesInUse, sizeof (avistdindex_chunk)); + + // now the real index of indices + for (i=0; i<s->nEntriesInUse; i++) { +@@ -636,6 +645,8 @@ + idx->dwChunkLength=len; + + c=stream_read_dword(demuxer->stream); ++ ++ if(!len) idx->dwFlags&=~AVIIF_KEYFRAME; + + // Fix keyframes for DivX files: + if(idxfix_divx) +--- libmpdemux/asfheader.c.orig Sat Dec 25 09:31:32 2004 ++++ libmpdemux/asfheader.c Fri Apr 7 11:55:29 2006 +@@ -189,7 +189,7 @@ + while ((pos = find_asf_guid(hdr, asf_stream_header_guid, pos, hdr_len)) >= 0) + { + ASF_stream_header_t *streamh = (ASF_stream_header_t *)&hdr[pos]; +- char *buffer; ++ uint8_t *buffer; + pos += sizeof(ASF_stream_header_t); + if (pos > hdr_len) goto len_err_out; + le2me_ASF_stream_header_t(streamh); +@@ -222,7 +222,9 @@ + asf_scrambling_h=buffer[0]; + asf_scrambling_w=(buffer[2]<<8)|buffer[1]; + asf_scrambling_b=(buffer[4]<<8)|buffer[3]; +- asf_scrambling_w/=asf_scrambling_b; ++ if(asf_scrambling_b>0){ ++ asf_scrambling_w/=asf_scrambling_b; ++ } + } else { + asf_scrambling_b=asf_scrambling_h=asf_scrambling_w=1; + } |