[vlc-devel] commit: Contrib: fix libvorbis CVEs: 2008-1419, 2008-1420, 2008-1423. ( Pavlov Konstantin )
git version control
git at videolan.org
Sat May 17 01:12:02 CEST 2008
vlc | branch: master | Pavlov Konstantin <thresh at videolan.org> | Sat May 17 02:56:00 2008 +0400| [a6c8ae352629fb178d6af03c67f64501d7027df2]
Contrib: fix libvorbis CVEs: 2008-1419, 2008-1420, 2008-1423.
> http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=a6c8ae352629fb178d6af03c67f64501d7027df2
---
extras/contrib/src/Makefile | 3 ++
.../Patches/libvorbis-r14598-CVE-2008-1420.patch | 34 ++++++++++++++++++++
.../Patches/libvorbis-r14602-CVE-2008-1419.patch | 13 +++++++
.../Patches/libvorbis-r14602-CVE-2008-1423.patch | 13 +++++++
4 files changed, 63 insertions(+), 0 deletions(-)
diff --git a/extras/contrib/src/Makefile b/extras/contrib/src/Makefile
index d51e7dd..4c2b485 100644
--- a/extras/contrib/src/Makefile
+++ b/extras/contrib/src/Makefile
@@ -699,6 +699,9 @@ libvorbis-$(VORBIS_VERSION).tar.gz:
libvorbis: libvorbis-$(VORBIS_VERSION).tar.gz
$(EXTRACT_GZ)
patch -p0 < Patches/libvorbis.patch
+ patch -d libvorbis -p0 < Patches/libvorbis-r14598-CVE-2008-1420.patch
+ patch -d libvorbis -p0 < Patches/libvorbis-r14602-CVE-2008-1419.patch
+ patch -d libvorbis -p0 < Patches/libvorbis-r14602-CVE-2008-1423.patch
(cd $@; autoconf)
.vorbis: libvorbis .ogg
diff --git a/extras/contrib/src/Patches/libvorbis-r14598-CVE-2008-1420.patch b/extras/contrib/src/Patches/libvorbis-r14598-CVE-2008-1420.patch
new file mode 100644
index 0000000..819cbf0
--- /dev/null
+++ b/extras/contrib/src/Patches/libvorbis-r14598-CVE-2008-1420.patch
@@ -0,0 +1,34 @@
+Index: lib/res0.c
+===================================================================
+--- lib/res0.c (revision 14597)
++++ lib/res0.c (revision 14598)
+@@ -223,6 +223,20 @@
+ for(j=0;j<acc;j++)
+ if(info->booklist[j]>=ci->books)goto errout;
+
++ /* verify the phrasebook is not specifying an impossible or
++ inconsistent partitioning scheme. */
++ {
++ int entries = ci->book_param[info->groupbook]->entries;
++ int dim = ci->book_param[info->groupbook]->dim;
++ int partvals = 1;
++ while(dim>0){
++ partvals *= info->partitions;
++ if(partvals > entries) goto errout;
++ dim--;
++ }
++ if(partvals != entries) goto errout;
++ }
++
+ return(info);
+ errout:
+ res0_free_info(info);
+@@ -263,7 +277,7 @@
+ }
+ }
+
+- look->partvals=rint(pow((float)look->parts,(float)dim));
++ look->partvals=look->phrasebook->entries;
+ look->stages=maxstage;
+ look->decodemap=_ogg_malloc(look->partvals*sizeof(*look->decodemap));
+ for(j=0;j<look->partvals;j++){
diff --git a/extras/contrib/src/Patches/libvorbis-r14602-CVE-2008-1419.patch b/extras/contrib/src/Patches/libvorbis-r14602-CVE-2008-1419.patch
new file mode 100644
index 0000000..fd73f23
--- /dev/null
+++ b/extras/contrib/src/Patches/libvorbis-r14602-CVE-2008-1419.patch
@@ -0,0 +1,13 @@
+Index: lib/codebook.c
+===================================================================
+--- lib/codebook.c (revision 14601)
++++ lib/codebook.c (revision 14602)
+@@ -225,7 +225,7 @@
+ int quantvals=0;
+ switch(s->maptype){
+ case 1:
+- quantvals=_book_maptype1_quantvals(s);
++ quantvals=(s->dim==0?0:_book_maptype1_quantvals(s));
+ break;
+ case 2:
+ quantvals=s->entries*s->dim;
diff --git a/extras/contrib/src/Patches/libvorbis-r14602-CVE-2008-1423.patch b/extras/contrib/src/Patches/libvorbis-r14602-CVE-2008-1423.patch
new file mode 100644
index 0000000..8c7c479
--- /dev/null
+++ b/extras/contrib/src/Patches/libvorbis-r14602-CVE-2008-1423.patch
@@ -0,0 +1,13 @@
+Index: lib/codebook.c
+===================================================================
+--- lib/codebook.c (revision 14603)
++++ lib/codebook.c (revision 14604)
+@@ -159,6 +159,8 @@
+ s->entries=oggpack_read(opb,24);
+ if(s->entries==-1)goto _eofout;
+
++ if(_ilog(s->dim)+_ilog(s->entries)>24)goto _eofout;
++
+ /* codeword ordering.... length ordered or unordered? */
+ switch((int)oggpack_read(opb,1)){
+ case 0:
More information about the vlc-devel
mailing list