[vlc-commits] Contribs: fix libavcodec xwd crash

Jean-Baptiste Kempf git at videolan.org
Tue Dec 6 16:30:58 CET 2016 

vlc/vlc-2.2 | branch: master | Jean-Baptiste Kempf <jb at videolan.org> | Tue Dec  6 16:30:36 2016 +0100| [fd409b86d82f27cd6626bc22730b87f9d57407bb] | committer: Jean-Baptiste Kempf

Contribs: fix libavcodec xwd crash

Close #17418

> http://git.videolan.org/gitweb.cgi/vlc/vlc-2.2.git/?a=commit;h=fd409b86d82f27cd6626bc22730b87f9d57407bb
---

 contrib/src/ffmpeg/rules.mak                       |  1 +
 ...-8431629dd112874293380a6d8a852459fc1a76b6.patch | 31 ++++++++++++++++++++++
 2 files changed, 32 insertions(+)

diff --git a/contrib/src/ffmpeg/rules.mak b/contrib/src/ffmpeg/rules.mak
index 80fdc29..e84c39a 100644
--- a/contrib/src/ffmpeg/rules.mak
+++ b/contrib/src/ffmpeg/rules.mak
@@ -165,6 +165,7 @@ ffmpeg: ffmpeg-$(HASH).tar.xz .sum-ffmpeg
 	rm -Rf $@ $@-$(HASH)
 	mkdir -p $@-$(HASH)
 	$(XZCAT) "$<" | (cd $@-$(HASH) && tar xv --strip-components=1)
+	$(APPLY) $(SRC)/ffmpeg/xwd-8431629dd112874293380a6d8a852459fc1a76b6.patch
 	$(MOVE)
 
 .ffmpeg: ffmpeg
diff --git a/contrib/src/ffmpeg/xwd-8431629dd112874293380a6d8a852459fc1a76b6.patch b/contrib/src/ffmpeg/xwd-8431629dd112874293380a6d8a852459fc1a76b6.patch
new file mode 100644
index 0000000..b53b1a1
--- /dev/null
+++ b/contrib/src/ffmpeg/xwd-8431629dd112874293380a6d8a852459fc1a76b6.patch
@@ -0,0 +1,31 @@
+From 8431629dd112874293380a6d8a852459fc1a76b6 Mon Sep 17 00:00:00 2001
+From: Andreas Cadhalpun <Andreas.Cadhalpun at googlemail.com>
+Date: Fri, 18 Dec 2015 19:28:51 +0100
+Subject: [PATCH 1/1] xwddec: prevent overflow of lsize * avctx->height
+
+This is used to check if the input buffer is larger enough, so if this
+overflows it can cause a false negative leading to a segmentation fault
+in bytestream2_get_bufferu.
+
+Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun at googlemail.com>
+Signed-off-by: Anton Khirnov <anton at khirnov.net>
+---
+ libavcodec/xwddec.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/libavcodec/xwddec.c b/libavcodec/xwddec.c
+index f6d3d97..1c9874a 100644
+--- a/libavcodec/xwddec.c
++++ b/libavcodec/xwddec.c
+@@ -141,7 +141,7 @@ static int xwd_decode_frame(AVCodecContext *avctx, void *data,
+         return AVERROR_INVALIDDATA;
+     }
+ 
+-    if (bytestream2_get_bytes_left(&gb) < ncolors * XWD_CMAP_SIZE + avctx->height * lsize) {
++    if (bytestream2_get_bytes_left(&gb) < ncolors * XWD_CMAP_SIZE + (uint64_t)avctx->height * lsize) {
+         av_log(avctx, AV_LOG_ERROR, "input buffer too small\n");
+         return AVERROR_INVALIDDATA;
+     }
+-- 
+1.7.10.4
+

More information about the vlc-commits mailing list