1 files changed, 31 insertions, 0 deletions

diff --git a/multimedia/mythtv/files/patch-CVE-2017-05024 b/multimedia/mythtv/files/patch-CVE-2017-05024
new file mode 100644
index 000000000000..8df4a058c343
--- /dev/null
+++ b/multimedia/mythtv/files/patch-CVE-2017-05024
@@ -0,0 +1,31 @@
+From ed2572b9c8f885e2a4764d2e34604442a71899a1 Mon Sep 17 00:00:00 2001
+From: Matt Wolenetz <wolenetz@google.com>
+Date: Wed, 14 Dec 2016 15:26:19 -0800
+Subject: [PATCH] lavf/mov.c: Avoid heap allocation wrap in mov_read_uuid
+
+Core of patch is from paul@paulmehta.com
+Reference https://crbug.com/643951
+
+Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
+Check value reduced as the code does not support values beyond INT_MAX
+Also the check is moved to a more common place and before integer truncation
+
+(cherry picked from commit 2d453188c2303da641dafb048dc1806790526dfd)
+Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
+---
+ libavformat/mov.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git libavformat/mov.c libavformat/mov.c
+index 17d0475aae1..74b58255784 100644
+--- external/FFmpeg/libavformat/mov.c
++++ external/FFmpeg/libavformat/mov.c
+@@ -4436,7 +4436,7 @@ static int mov_read_uuid(MOVContext *c, AVIOContext *pb, MOVAtom atom)
+         0x9c, 0x71, 0x99, 0x94, 0x91, 0xe3, 0xaf, 0xac
+     };
+ 
+-    if (atom.size < sizeof(uuid) || atom.size == INT64_MAX)
++    if (atom.size < sizeof(uuid) || atom.size >= FFMIN(INT_MAX, SIZE_MAX))
+         return AVERROR_INVALIDDATA;
+ 
+     ret = avio_read(pb, uuid, sizeof(uuid));