diff options
Diffstat (limited to 'multimedia/mythtv/files/patch-CVE-2017-09608c')
| -rw-r--r-- | multimedia/mythtv/files/patch-CVE-2017-09608c | 45 |
1 files changed, 0 insertions, 45 deletions
diff --git a/multimedia/mythtv/files/patch-CVE-2017-09608c b/multimedia/mythtv/files/patch-CVE-2017-09608c deleted file mode 100644 index a8fb3eb8897b..000000000000 --- a/multimedia/mythtv/files/patch-CVE-2017-09608c +++ /dev/null @@ -1,45 +0,0 @@ -From 0a709e2a10b8288a0cc383547924ecfe285cef89 Mon Sep 17 00:00:00 2001 -From: Michael Niedermayer <michael@niedermayer.cc> -Date: Wed, 14 Jun 2017 16:58:20 +0200 -Subject: [PATCH] avcodec/dnxhd_parser: Do not return invalid value from - dnxhd_find_frame_end() on error - -Fixes: Null pointer dereference - -Fixes: CVE-2017-9608 -Found-by: Yihan Lian -Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> -(cherry picked from commit 611b35627488a8d0763e75c25ee0875c5b7987dd) -Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> ---- - libavcodec/dnxhd_parser.c | 12 +++++++----- - 1 file changed, 7 insertions(+), 5 deletions(-) - -diff --git a/libavcodec/dnxhd_parser.c b/libavcodec/dnxhd_parser.c -index a1f632a620e..f1166be1007 100644 ---- external/FFmpeg/libavcodec/dnxhd_parser.c -+++ external/FFmpeg/libavcodec/dnxhd_parser.c -@@ -81,16 +81,18 @@ static int dnxhd_find_frame_end(DNXHDParserContext *dctx, - dctx->w = (state >> 32) & 0xFFFF; - } else if (dctx->cur_byte == 42) { - int cid = (state >> 32) & 0xFFFFFFFF; -+ int remaining; - - if (cid <= 0) - continue; - -- dctx->remaining = avpriv_dnxhd_get_frame_size(cid); -- if (dctx->remaining <= 0) { -- dctx->remaining = dnxhd_get_hr_frame_size(cid, dctx->w, dctx->h); -- if (dctx->remaining <= 0) -- return dctx->remaining; -+ remaining = avpriv_dnxhd_get_frame_size(cid); -+ if (remaining <= 0) { -+ remaining = dnxhd_get_hr_frame_size(cid, dctx->w, dctx->h); -+ if (remaining <= 0) -+ continue; - } -+ dctx->remaining = remaining; - if (buf_size - i + 47 >= dctx->remaining) { - int remaining = dctx->remaining; - |