head 1.2; access; symbols pkgsrc-2013Q2:1.2.0.16 pkgsrc-2013Q2-base:1.2 pkgsrc-2012Q4:1.2.0.14 pkgsrc-2012Q4-base:1.2 pkgsrc-2011Q4:1.2.0.12 pkgsrc-2011Q4-base:1.2 pkgsrc-2011Q2:1.2.0.10 pkgsrc-2011Q2-base:1.2 pkgsrc-2009Q4:1.2.0.8 pkgsrc-2009Q4-base:1.2 pkgsrc-2008Q4:1.2.0.6 pkgsrc-2008Q4-base:1.2 pkgsrc-2008Q3:1.2.0.4 pkgsrc-2008Q3-base:1.2 cube-native-xorg:1.2.0.2 cube-native-xorg-base:1.2 pkgsrc-2008Q2:1.1.0.2; locks; strict; comment @# @; 1.2 date 2008.09.07.23.39.38; author ahoka; state dead; branches; next 1.1; 1.1 date 2008.09.01.00.00.10; author tonnerre; state Exp; branches 1.1.2.1; next ; 1.1.2.1 date 2008.09.01.00.00.10; author tron; state dead; branches; next 1.1.2.2; 1.1.2.2 date 2008.09.04.21.01.44; author tron; state Exp; branches; next ; desc @@ 1.2 log @Track FreeBSD's SVN snapshots of ffmpeg as there are no more stable releases produced by the ffmpeg team. Add v4l2 support for NetBSD. @ text @$NetBSD: patch-al,v 1.1 2008/09/01 00:00:10 tonnerre Exp $ --- libavformat/psxstr.c.orig 2004-06-19 05:59:34.000000000 +0200 +++ libavformat/psxstr.c @@@@ -273,12 +273,21 @@@@ static int str_read_packet(AVFormatConte int current_sector = LE_16(§or[0x1C]); int sector_count = LE_16(§or[0x1E]); int frame_size = LE_32(§or[0x24]); - int bytes_to_copy; + + if(!( frame_size>=0 + && current_sector < sector_count + && sector_count*VIDEO_DATA_CHUNK_SIZE >=frame_size)){ + av_log(s, AV_LOG_ERROR, "Invalid parameters %d %d %d\n", current_sector, sector_count, frame_size); + return AVERROR_INVALIDDATA; + } // printf("%d %d %d\n",current_sector,sector_count,frame_size); /* if this is the first sector of the frame, allocate a pkt */ pkt = &str->tmp_pkt; - if (current_sector == 0) { - if (av_new_packet(pkt, frame_size)) + if (pkt->size != sector_count*VIDEO_DATA_CHUNK_SIZE){ + if(pkt->data) + av_log(s, AV_LOG_ERROR, "missmatching sector_count\n"); + av_free_packet(pkt); + if (av_new_packet(pkt, sector_count*VIDEO_DATA_CHUNK_SIZE)) return AVERROR_IO; pkt->stream_index = @@@@ -291,15 +300,15 @@@@ static int str_read_packet(AVFormatConte str->pts += (90000 / 15); } - /* load all the constituent chunks in the video packet */ - bytes_to_copy = frame_size - current_sector*VIDEO_DATA_CHUNK_SIZE; - if (bytes_to_copy>0) { - if (bytes_to_copy>VIDEO_DATA_CHUNK_SIZE) bytes_to_copy=VIDEO_DATA_CHUNK_SIZE; - memcpy(pkt->data + current_sector*VIDEO_DATA_CHUNK_SIZE, - sector + VIDEO_DATA_HEADER_SIZE, bytes_to_copy); - } + memcpy(pkt->data + current_sector*VIDEO_DATA_CHUNK_SIZE, + sector + VIDEO_DATA_HEADER_SIZE, + VIDEO_DATA_CHUNK_SIZE); + if (current_sector == sector_count-1) { + pkt->size= frame_size; *ret_pkt = *pkt; + pkt->data= NULL; + pkt->size= -1; return 0; } @ 1.1 log @Add patch to fix ffmpeg remote system access vulnerability (CVE-2008-3162). @ text @d1 1 a1 1 $NetBSD$ @ 1.1.2.1 log @file patch-al was added on branch pkgsrc-2008Q2 on 2008-09-04 21:01:44 +0000 @ text @d1 52 @ 1.1.2.2 log @Pullup ticket #2515 - requested by tonnerre ffmpeg: security patch Revisions pulled up: - multimedia/ffmpeg/Makefile 1.36 - multimedia/ffmpeg/distinfo 1.15 - multimedia/ffmpeg/patches/patch-al 1.1 --- Module Name: pkgsrc Committed By: tonnerre Date: Mon Sep 1 00:00:10 UTC 2008 Modified Files: pkgsrc/multimedia/ffmpeg: Makefile distinfo Added Files: pkgsrc/multimedia/ffmpeg/patches: patch-al Log Message: Add patch to fix ffmpeg remote system access vulnerability (CVE-2008-3162). @ text @a0 52 $NetBSD: patch-al,v 1.1 2008/09/01 00:00:10 tonnerre Exp $ --- libavformat/psxstr.c.orig 2004-06-19 05:59:34.000000000 +0200 +++ libavformat/psxstr.c @@@@ -273,12 +273,21 @@@@ static int str_read_packet(AVFormatConte int current_sector = LE_16(§or[0x1C]); int sector_count = LE_16(§or[0x1E]); int frame_size = LE_32(§or[0x24]); - int bytes_to_copy; + + if(!( frame_size>=0 + && current_sector < sector_count + && sector_count*VIDEO_DATA_CHUNK_SIZE >=frame_size)){ + av_log(s, AV_LOG_ERROR, "Invalid parameters %d %d %d\n", current_sector, sector_count, frame_size); + return AVERROR_INVALIDDATA; + } // printf("%d %d %d\n",current_sector,sector_count,frame_size); /* if this is the first sector of the frame, allocate a pkt */ pkt = &str->tmp_pkt; - if (current_sector == 0) { - if (av_new_packet(pkt, frame_size)) + if (pkt->size != sector_count*VIDEO_DATA_CHUNK_SIZE){ + if(pkt->data) + av_log(s, AV_LOG_ERROR, "missmatching sector_count\n"); + av_free_packet(pkt); + if (av_new_packet(pkt, sector_count*VIDEO_DATA_CHUNK_SIZE)) return AVERROR_IO; pkt->stream_index = @@@@ -291,15 +300,15 @@@@ static int str_read_packet(AVFormatConte str->pts += (90000 / 15); } - /* load all the constituent chunks in the video packet */ - bytes_to_copy = frame_size - current_sector*VIDEO_DATA_CHUNK_SIZE; - if (bytes_to_copy>0) { - if (bytes_to_copy>VIDEO_DATA_CHUNK_SIZE) bytes_to_copy=VIDEO_DATA_CHUNK_SIZE; - memcpy(pkt->data + current_sector*VIDEO_DATA_CHUNK_SIZE, - sector + VIDEO_DATA_HEADER_SIZE, bytes_to_copy); - } + memcpy(pkt->data + current_sector*VIDEO_DATA_CHUNK_SIZE, + sector + VIDEO_DATA_HEADER_SIZE, + VIDEO_DATA_CHUNK_SIZE); + if (current_sector == sector_count-1) { + pkt->size= frame_size; *ret_pkt = *pkt; + pkt->data= NULL; + pkt->size= -1; return 0; } @