add a patch from upstream to fix a buffer overflow in vorbis coverart
code (CVE-2009-0586), bump PKGREVISION
This commit is contained in:
parent
002231483d
commit
789ba336e9
3 changed files with 91 additions and 2 deletions
|
@ -1,9 +1,11 @@
|
|||
# $NetBSD: Makefile,v 1.10 2009/01/26 10:39:01 drochner Exp $
|
||||
# $NetBSD: Makefile,v 1.11 2009/03/23 12:03:24 drochner Exp $
|
||||
#
|
||||
PKG_DESTDIR_SUPPORT= user-destdir
|
||||
|
||||
.include "Makefile.common"
|
||||
|
||||
PKGREVISION= 1
|
||||
|
||||
COMMENT+= base plugins
|
||||
|
||||
# some plugins were moved from bad to base
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
$NetBSD: distinfo,v 1.20 2009/01/26 10:39:01 drochner Exp $
|
||||
$NetBSD: distinfo,v 1.21 2009/03/23 12:03:24 drochner Exp $
|
||||
|
||||
SHA1 (gst-plugins-base-0.10.22.tar.bz2) = 8e6a894858f5412234ce1591bbb773102c150cb7
|
||||
RMD160 (gst-plugins-base-0.10.22.tar.bz2) = 013de77422d6e89b64cf55ff7299b0ff1e38ef8a
|
||||
|
@ -6,3 +6,4 @@ Size (gst-plugins-base-0.10.22.tar.bz2) = 2118085 bytes
|
|||
SHA1 (patch-aa) = be36e5a0f1de11900df7c510e7a9a03dd19d6e85
|
||||
SHA1 (patch-ab) = 0a739fbee2c49d75e9164c2b083820fd9d27c34a
|
||||
SHA1 (patch-ac) = 3a8a102f2c0740f481e115d68bc44d9e2bf66aae
|
||||
SHA1 (patch-ad) = f10ef3184acacf800ca50839e95fbd358f892cc9
|
||||
|
|
86
multimedia/gst-plugins0.10-base/patches/patch-ad
Normal file
86
multimedia/gst-plugins0.10-base/patches/patch-ad
Normal file
|
@ -0,0 +1,86 @@
|
|||
$NetBSD: patch-ad,v 1.1 2009/03/23 12:03:24 drochner Exp $
|
||||
|
||||
--- gst-libs/gst/tag/gstvorbistag.c.orig 2008-10-11 01:22:50.000000000 +0200
|
||||
+++ gst-libs/gst/tag/gstvorbistag.c
|
||||
@@ -305,30 +305,32 @@ gst_vorbis_tag_add (GstTagList * list, c
|
||||
}
|
||||
|
||||
static void
|
||||
-gst_vorbis_tag_add_coverart (GstTagList * tags, const gchar * img_data_base64,
|
||||
+gst_vorbis_tag_add_coverart (GstTagList * tags, gchar * img_data_base64,
|
||||
gint base64_len)
|
||||
{
|
||||
GstBuffer *img;
|
||||
- guchar *img_data;
|
||||
gsize img_len;
|
||||
+ guchar *out;
|
||||
guint save = 0;
|
||||
gint state = 0;
|
||||
|
||||
if (base64_len < 2)
|
||||
goto not_enough_data;
|
||||
|
||||
- img_data = g_try_malloc0 (base64_len * 3 / 4);
|
||||
-
|
||||
- if (img_data == NULL)
|
||||
- goto alloc_failed;
|
||||
-
|
||||
- img_len = g_base64_decode_step (img_data_base64, base64_len, img_data,
|
||||
- &state, &save);
|
||||
+ /* img_data_base64 points to a temporary copy of the base64 encoded data, so
|
||||
+ * it's safe to do inpace decoding here
|
||||
+ * TODO: glib 2.20 and later provides g_base64_decode_inplace, so change this
|
||||
+ * to use glib's API instead once it's in wider use:
|
||||
+ * http://bugzilla.gnome.org/show_bug.cgi?id=564728
|
||||
+ * http://svn.gnome.org/viewvc/glib?view=revision&revision=7807 */
|
||||
+ out = (guchar *) img_data_base64;
|
||||
+ img_len = g_base64_decode_step (img_data_base64, base64_len,
|
||||
+ out, &state, &save);
|
||||
|
||||
if (img_len == 0)
|
||||
goto decode_failed;
|
||||
|
||||
- img = gst_tag_image_data_to_image_buffer (img_data, img_len,
|
||||
+ img = gst_tag_image_data_to_image_buffer (out, img_len,
|
||||
GST_TAG_IMAGE_TYPE_NONE);
|
||||
|
||||
if (img == NULL)
|
||||
@@ -338,7 +340,6 @@ gst_vorbis_tag_add_coverart (GstTagList
|
||||
GST_TAG_PREVIEW_IMAGE, img, NULL);
|
||||
|
||||
gst_buffer_unref (img);
|
||||
- g_free (img_data);
|
||||
return;
|
||||
|
||||
/* ERRORS */
|
||||
@@ -347,21 +348,14 @@ not_enough_data:
|
||||
GST_WARNING ("COVERART tag with too little base64-encoded data");
|
||||
return;
|
||||
}
|
||||
-alloc_failed:
|
||||
- {
|
||||
- GST_WARNING ("Couldn't allocate enough memory to decode COVERART tag");
|
||||
- return;
|
||||
- }
|
||||
decode_failed:
|
||||
{
|
||||
- GST_WARNING ("Couldn't decode bas64 image data from COVERART tag");
|
||||
- g_free (img_data);
|
||||
+ GST_WARNING ("Couldn't decode base64 image data from COVERART tag");
|
||||
return;
|
||||
}
|
||||
convert_failed:
|
||||
{
|
||||
GST_WARNING ("Couldn't extract image or image type from COVERART tag");
|
||||
- g_free (img_data);
|
||||
return;
|
||||
}
|
||||
}
|
||||
@@ -457,6 +451,7 @@ error:
|
||||
return NULL;
|
||||
#undef ADVANCE
|
||||
}
|
||||
+
|
||||
typedef struct
|
||||
{
|
||||
guint count;
|
Loading…
Reference in a new issue