Date: Thu, 16 Jul 2015 20:31:45 +0000 (UTC) From: Mark Felder <feld@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-branches@freebsd.org Subject: svn commit: r392320 - in branches/2015Q3/multimedia/libav: . files Message-ID: <201507162031.t6GKVjYb071920@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: feld Date: Thu Jul 16 20:31:44 2015 New Revision: 392320 URL: https://svnweb.freebsd.org/changeset/ports/392320 Log: MFH: r392316 Add patch to resolve divide-by-zero CVE Security: CVE-2015-5479 Security: a928960a-2bdc-11e5-86ff-14dae9d210b8 Approved by: ports-secteam (with hat) Added: branches/2015Q3/multimedia/libav/files/patch-CVE-2015-5479 - copied unchanged from r392316, head/multimedia/libav/files/patch-CVE-2015-5479 Modified: branches/2015Q3/multimedia/libav/Makefile Directory Properties: branches/2015Q3/ (props changed) Modified: branches/2015Q3/multimedia/libav/Makefile ============================================================================== --- branches/2015Q3/multimedia/libav/Makefile Thu Jul 16 20:30:21 2015 (r392319) +++ branches/2015Q3/multimedia/libav/Makefile Thu Jul 16 20:31:44 2015 (r392320) @@ -2,7 +2,7 @@ PORTNAME= libav PORTVERSION= 11.3 -PORTREVISION= 1 +PORTREVISION= 3 CATEGORIES= multimedia audio ipv6 net MASTER_SITES= http://libav.org/releases/ Copied: branches/2015Q3/multimedia/libav/files/patch-CVE-2015-5479 (from r392316, head/multimedia/libav/files/patch-CVE-2015-5479) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ branches/2015Q3/multimedia/libav/files/patch-CVE-2015-5479 Thu Jul 16 20:31:44 2015 (r392320, copy of r392316, head/multimedia/libav/files/patch-CVE-2015-5479) @@ -0,0 +1,51 @@ +From: Luca Barbato <lu_zero@gentoo.org> +Date: Fri, 26 Jun 2015 13:57:16 +0000 (+0200) +Subject: h263: Always check both dimensions +X-Git-Url: https://git.libav.org/?p=libav.git;a=commitdiff_plain;h=0a49a62f998747cfa564d98d36a459fe70d3299b;hp=6f4cd33efb5a9ec75db1677d5f7846c60337129f + +h263: Always check both dimensions + +CC: libav-stable@libav.org +Found-By: ago@gentoo.org +--- + +diff --git a/libavcodec/ituh263dec.c b/libavcodec/ituh263dec.c +index b1da22f..b9189b2 100644 +--- libavcodec/ituh263dec.c.orig ++++ libavcodec/ituh263dec.c +@@ -30,6 +30,7 @@ + #include <limits.h> + + #include "libavutil/attributes.h" ++#include "libavutil/imgutils.h" + #include "libavutil/internal.h" + #include "libavutil/mathematics.h" + #include "avcodec.h" +@@ -868,7 +869,7 @@ end: + /* most is hardcoded. should extend to handle all h263 streams */ + int ff_h263_decode_picture_header(MpegEncContext *s) + { +- int format, width, height, i; ++ int format, width, height, i, ret; + uint32_t startcode; + + align_get_bits(&s->gb); +@@ -919,8 +920,6 @@ int ff_h263_decode_picture_header(MpegEncContext *s) + /* H.263v1 */ + width = ff_h263_format[format][0]; + height = ff_h263_format[format][1]; +- if (!width) +- return -1; + + s->pict_type = AV_PICTURE_TYPE_I + get_bits1(&s->gb); + +@@ -1073,6 +1072,9 @@ int ff_h263_decode_picture_header(MpegEncContext *s) + s->qscale = get_bits(&s->gb, 5); + } + ++ if ((ret = av_image_check_size(s->width, s->height, 0, s)) < 0) ++ return ret; ++ + s->mb_width = (s->width + 15) / 16; + s->mb_height = (s->height + 15) / 16; + s->mb_num = s->mb_width * s->mb_height;
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201507162031.t6GKVjYb071920>