074bb17cdc
- Apply upstream fix for CVE-2007-1246.
41 lines
1.5 KiB
Diff
41 lines
1.5 KiB
Diff
---------------------
|
|
PatchSet 8656
|
|
Date: 2007/03/10 02:41:34
|
|
Author: dgp85
|
|
Branch: HEAD
|
|
Tag: (none)
|
|
Log:
|
|
* Security fixes:
|
|
- Fix heap overflow in DMO loader. (CVE-2007-1246) [bug #1676925]
|
|
Thanks to Kees Cook for reporting.
|
|
|
|
Members:
|
|
ChangeLog:1.724->1.725
|
|
src/libw32dll/DirectShow/DS_VideoDecoder.c:1.9->1.10
|
|
src/libw32dll/dmo/DMO_VideoDecoder.c:1.4->1.5
|
|
|
|
Index: xine-lib/src/libw32dll/DirectShow/DS_VideoDecoder.c
|
|
diff -u xine-lib/src/libw32dll/DirectShow/DS_VideoDecoder.c:1.9 xine-lib/src/libw32dll/DirectShow/DS_VideoDecoder.c:1.10
|
|
--- xine-lib/src/libw32dll/DirectShow/DS_VideoDecoder.c:1.9 Wed Dec 24 16:55:36 2003
|
|
+++ xine-lib/src/libw32dll/DirectShow/DS_VideoDecoder.c Sat Mar 10 00:41:34 2007
|
|
@@ -110,6 +110,7 @@
|
|
|
|
this->iv.m_bh = (BITMAPINFOHEADER*)malloc(bihs);
|
|
memcpy(this->iv.m_bh, format, bihs);
|
|
+ this->iv.m_bh->biSize = bihs;
|
|
|
|
this->iv.m_State = STOP;
|
|
//this->iv.m_pFrame = 0;
|
|
Index: xine-lib/src/libw32dll/dmo/DMO_VideoDecoder.c
|
|
diff -u xine-lib/src/libw32dll/dmo/DMO_VideoDecoder.c:1.4 xine-lib/src/libw32dll/dmo/DMO_VideoDecoder.c:1.5
|
|
--- xine-lib/src/libw32dll/dmo/DMO_VideoDecoder.c:1.4 Wed Dec 24 16:55:36 2003
|
|
+++ xine-lib/src/libw32dll/dmo/DMO_VideoDecoder.c Sat Mar 10 00:41:34 2007
|
|
@@ -118,6 +118,7 @@
|
|
|
|
this->iv.m_bh = (BITMAPINFOHEADER*)malloc(bihs);
|
|
memcpy(this->iv.m_bh, format, bihs);
|
|
+ this->iv.m_bh->biSize = bihs;
|
|
|
|
this->iv.m_State = STOP;
|
|
//this->iv.m_pFrame = 0;
|