diff options
Diffstat (limited to 'multimedia/mythtv/files/patch-CVE-2017-09992')
| -rw-r--r-- | multimedia/mythtv/files/patch-CVE-2017-09992 | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/multimedia/mythtv/files/patch-CVE-2017-09992 b/multimedia/mythtv/files/patch-CVE-2017-09992 new file mode 100644 index 000000000000..fe00c512b13d --- /dev/null +++ b/multimedia/mythtv/files/patch-CVE-2017-09992 @@ -0,0 +1,29 @@ +From 536af4212100dee1577fe2d30814762c58038efc Mon Sep 17 00:00:00 2001 +From: Michael Niedermayer <michael@niedermayer.cc> +Date: Fri, 5 May 2017 20:42:11 +0200 +Subject: [PATCH] avcodec/dfa: Fix off by 1 error + +Fixes out of array access +Fixes: 1345/clusterfuzz-testcase-minimized-6062963045695488 + +Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg +Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> +(cherry picked from commit f52fbf4f3ed02a7d872d8a102006f29b4421f360) +Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> +--- + libavcodec/dfa.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git libavcodec/dfa.c libavcodec/dfa.c +index f45d019a792..5ddb647c4cb 100644 +--- external/FFmpeg/libavcodec/dfa.c ++++ external/FFmpeg/libavcodec/dfa.c +@@ -175,7 +175,7 @@ static int decode_dds1(GetByteContext *gb, uint8_t *frame, int width, int height + return AVERROR_INVALIDDATA; + frame += v; + } else { +- if (frame_end - frame < width + 3) ++ if (frame_end - frame < width + 4) + return AVERROR_INVALIDDATA; + frame[0] = frame[1] = + frame[width] = frame[width + 1] = bytestream2_get_byte(gb); |