xine-lib/xine-lib-1.1.4-CVE-2007-1246.patch

---------------------
PatchSet 8656 
Date: 2007/03/10 02:41:34
Author: dgp85
Branch: HEAD
Tag: (none) 
Log:
  * Security fixes:
    - Fix heap overflow in DMO loader. (CVE-2007-1246) [bug #1676925]
      Thanks to Kees Cook for reporting.

Members: 
	ChangeLog:1.724->1.725 
	src/libw32dll/DirectShow/DS_VideoDecoder.c:1.9->1.10 
	src/libw32dll/dmo/DMO_VideoDecoder.c:1.4->1.5 

Index: xine-lib/src/libw32dll/DirectShow/DS_VideoDecoder.c
diff -u xine-lib/src/libw32dll/DirectShow/DS_VideoDecoder.c:1.9 xine-lib/src/libw32dll/DirectShow/DS_VideoDecoder.c:1.10
--- xine-lib/src/libw32dll/DirectShow/DS_VideoDecoder.c:1.9	Wed Dec 24 16:55:36 2003
+++ xine-lib/src/libw32dll/DirectShow/DS_VideoDecoder.c	Sat Mar 10 00:41:34 2007
@@ -110,6 +110,7 @@
      
         this->iv.m_bh = (BITMAPINFOHEADER*)malloc(bihs);
         memcpy(this->iv.m_bh, format, bihs);
+        this->iv.m_bh->biSize = bihs;
 
         this->iv.m_State = STOP;
         //this->iv.m_pFrame = 0;
Index: xine-lib/src/libw32dll/dmo/DMO_VideoDecoder.c
diff -u xine-lib/src/libw32dll/dmo/DMO_VideoDecoder.c:1.4 xine-lib/src/libw32dll/dmo/DMO_VideoDecoder.c:1.5
--- xine-lib/src/libw32dll/dmo/DMO_VideoDecoder.c:1.4	Wed Dec 24 16:55:36 2003
+++ xine-lib/src/libw32dll/dmo/DMO_VideoDecoder.c	Sat Mar 10 00:41:34 2007
@@ -118,6 +118,7 @@
      
         this->iv.m_bh = (BITMAPINFOHEADER*)malloc(bihs);
         memcpy(this->iv.m_bh, format, bihs);
+        this->iv.m_bh->biSize = bihs;
 
         this->iv.m_State = STOP;
         //this->iv.m_pFrame = 0;
* Sat Mar 10 2007 Ville Skyttä <ville.skytta at iki.fi> - 1.1.4-3 - Apply upstream fix for CVE-2007-1246. 2007-03-10 22:13:01 +00:00			`---------------------`
			`PatchSet 8656`
			`Date: 2007/03/10 02:41:34`
			`Author: dgp85`
			`Branch: HEAD`
			`Tag: (none)`
			`Log:`
			`* Security fixes:`
			`- Fix heap overflow in DMO loader. (CVE-2007-1246) [bug #1676925]`
			`Thanks to Kees Cook for reporting.`

			`Members:`
			`ChangeLog:1.724->1.725`
			`src/libw32dll/DirectShow/DS_VideoDecoder.c:1.9->1.10`
			`src/libw32dll/dmo/DMO_VideoDecoder.c:1.4->1.5`

			`Index: xine-lib/src/libw32dll/DirectShow/DS_VideoDecoder.c`
			`diff -u xine-lib/src/libw32dll/DirectShow/DS_VideoDecoder.c:1.9 xine-lib/src/libw32dll/DirectShow/DS_VideoDecoder.c:1.10`
			`--- xine-lib/src/libw32dll/DirectShow/DS_VideoDecoder.c:1.9 Wed Dec 24 16:55:36 2003`
			`+++ xine-lib/src/libw32dll/DirectShow/DS_VideoDecoder.c Sat Mar 10 00:41:34 2007`
			`@@ -110,6 +110,7 @@`

			`this->iv.m_bh = (BITMAPINFOHEADER*)malloc(bihs);`
			`memcpy(this->iv.m_bh, format, bihs);`
			`+ this->iv.m_bh->biSize = bihs;`

			`this->iv.m_State = STOP;`
			`//this->iv.m_pFrame = 0;`
			`Index: xine-lib/src/libw32dll/dmo/DMO_VideoDecoder.c`
			`diff -u xine-lib/src/libw32dll/dmo/DMO_VideoDecoder.c:1.4 xine-lib/src/libw32dll/dmo/DMO_VideoDecoder.c:1.5`
			`--- xine-lib/src/libw32dll/dmo/DMO_VideoDecoder.c:1.4 Wed Dec 24 16:55:36 2003`
			`+++ xine-lib/src/libw32dll/dmo/DMO_VideoDecoder.c Sat Mar 10 00:41:34 2007`
			`@@ -118,6 +118,7 @@`

			`this->iv.m_bh = (BITMAPINFOHEADER*)malloc(bihs);`
			`memcpy(this->iv.m_bh, format, bihs);`
			`+ this->iv.m_bh->biSize = bihs;`

			`this->iv.m_State = STOP;`
			`//this->iv.m_pFrame = 0;`