Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 200419 Details for
Bug 280590
<media-libs/libvorbis-1.2.3 vorbis_book_decodevv_add() arbitrary code execution (CVE-2009-2663)
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
0002-Second-half-of-fix-to-Mozilla-BZ-5000254-sanity-chec.patch
0002-Second-half-of-fix-to-Mozilla-BZ-5000254-sanity-chec.patch (text/plain), 1.83 KB, created by
Robert Buchholz (RETIRED)
on 2009-08-06 19:48:54 UTC
(
hide
)
Description:
0002-Second-half-of-fix-to-Mozilla-BZ-5000254-sanity-chec.patch
Filename:
MIME Type:
Creator:
Robert Buchholz (RETIRED)
Created:
2009-08-06 19:48:54 UTC
Size:
1.83 KB
patch
obsolete
>From 69b8b42a0c14c8542f4ca1822bbf0f0d486dca85 Mon Sep 17 00:00:00 2001 >From: xiphmont <xiphmont@0101bb08-14d6-0310-b084-bc0e0c8e3800> >Date: Thu, 25 Jun 2009 03:53:49 +0000 >Subject: [PATCH 2/2] Second half of fix to Mozilla BZ # 5000254: sanity check the floor 1 > post list to reject files with repeated values that would result in > floor line segments with zero length. > >git-svn-id: http://svn.xiph.org/trunk/vorbis@16182 0101bb08-14d6-0310-b084-bc0e0c8e3800 >--- > lib/floor1.c | 18 ++++++++++++++---- > 1 files changed, 14 insertions(+), 4 deletions(-) > >diff --git a/lib/floor1.c b/lib/floor1.c >index 7052304..6d47459 100644 >--- a/lib/floor1.c >+++ b/lib/floor1.c >@@ -120,6 +120,9 @@ static void floor1_pack (vorbis_info_floor *i,oggpack_buffer *opb){ > } > } > >+static int icomp(const void *a,const void *b){ >+ return(**(int **)a-**(int **)b); >+} > > static vorbis_info_floor *floor1_unpack (vorbis_info *vi,oggpack_buffer *opb){ > codec_setup_info *ci=vi->codec_setup; >@@ -164,6 +167,17 @@ static vorbis_info_floor *floor1_unpack (vorbis_info *vi,oggpack_buffer *opb){ > info->postlist[0]=0; > info->postlist[1]=1<<rangebits; > >+ /* don't allow repeated values in post list as they'd result in >+ zero-length segments */ >+ { >+ int *sortpointer[VIF_POSIT+2]; >+ for(j=0;j<count+2;j++)sortpointer[j]=info->postlist+j; >+ qsort(sortpointer,count+2,sizeof(*sortpointer),icomp); >+ >+ for(j=1;j<count+2;j++) >+ if(*sortpointer[j-1]==*sortpointer[j])goto err_out; >+ } >+ > return(info); > > err_out: >@@ -171,10 +185,6 @@ static vorbis_info_floor *floor1_unpack (vorbis_info *vi,oggpack_buffer *opb){ > return(NULL); > } > >-static int icomp(const void *a,const void *b){ >- return(**(int **)a-**(int **)b); >-} >- > static vorbis_look_floor *floor1_look(vorbis_dsp_state *vd, > vorbis_info_floor *in){ > >-- >1.6.3.3 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=200419">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 280590
:
200418
| 200419
