diff options
Diffstat (limited to 'multimedia/mythtv/files/patch-CVE-2017-05025')
| -rw-r--r-- | multimedia/mythtv/files/patch-CVE-2017-05025 | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/multimedia/mythtv/files/patch-CVE-2017-05025 b/multimedia/mythtv/files/patch-CVE-2017-05025 new file mode 100644 index 000000000000..8d790d11542c --- /dev/null +++ b/multimedia/mythtv/files/patch-CVE-2017-05025 @@ -0,0 +1,30 @@ +From cf8e004a51b08c6e8ceaeebca85ab84c7ed0b4cf Mon Sep 17 00:00:00 2001 +From: Matt Wolenetz <wolenetz@google.com> +Date: Wed, 14 Dec 2016 15:24:42 -0800 +Subject: [PATCH] lavf/mov.c: Avoid heap allocation wrap in mov_read_hdlr + +Core of patch is from paul@paulmehta.com +Reference https://crbug.com/643950 + +Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> +Check value reduced as the code does not support larger lengths + +(cherry picked from commit fd30e4d57fe5841385f845440688505b88c0f4a9) +Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> +--- + libavformat/mov.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git libavformat/mov.c libavformat/mov.c +index 1e2141808da..17d0475aae1 100644 +--- external/FFmpeg/libavformat/mov.c ++++ external/FFmpeg/libavformat/mov.c +@@ -739,6 +739,8 @@ static int mov_read_hdlr(MOVContext *c, AVIOContext *pb, MOVAtom atom) + + title_size = atom.size - 24; + if (title_size > 0) { ++ if (title_size > FFMIN(INT_MAX, SIZE_MAX-1)) ++ return AVERROR_INVALIDDATA; + title_str = av_malloc(title_size + 1); /* Add null terminator */ + if (!title_str) + return AVERROR(ENOMEM); |