summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMart Raudsepp <leio@gentoo.org>2017-09-14 22:09:26 +0300
committerMart Raudsepp <leio@gentoo.org>2017-09-16 22:43:16 +0300
commit671b2f55faafbe0a687b64824f08d95d79ada3e6 (patch)
treea77233dc8926ffc407a07811e4a6a3484642e9ee /media-libs
parentmedia-libs/gst-plugins-bad: bump to 1.12.2 (diff)
downloadgentoo-671b2f55faafbe0a687b64824f08d95d79ada3e6.tar.gz
gentoo-671b2f55faafbe0a687b64824f08d95d79ada3e6.tar.bz2
gentoo-671b2f55faafbe0a687b64824f08d95d79ada3e6.zip
media-libs/gst-plugins-bad: remove stale patch
Package-Manager: Portage-2.3.6, Repoman-2.3.2
Diffstat (limited to 'media-libs')
-rw-r--r--media-libs/gst-plugins-bad/files/gst-plugins-bad-1.8.3-CVE-2016-9445.patch47
1 files changed, 0 insertions, 47 deletions
diff --git a/media-libs/gst-plugins-bad/files/gst-plugins-bad-1.8.3-CVE-2016-9445.patch b/media-libs/gst-plugins-bad/files/gst-plugins-bad-1.8.3-CVE-2016-9445.patch
deleted file mode 100644
index 5eff76da5d3e..000000000000
--- a/media-libs/gst-plugins-bad/files/gst-plugins-bad-1.8.3-CVE-2016-9445.patch
+++ /dev/null
@@ -1,47 +0,0 @@
-From 93f9faad751c3069f828dd8d517814b8bf1d0084 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com>
-Date: Wed, 16 Nov 2016 20:41:39 +0200
-Subject: vmncdec: Sanity-check width/height before using it
-
-We will allocate a screen area of width*height*bpp bytes, however this
-calculation can easily overflow if too high width or height are given
-inside the stream. Nonetheless we would just assume that enough memory
-was allocated, try to fill it and overwrite as much memory as wanted.
-
-Also allocate the screen area filled with zeroes to ensure that we start
-with full-black and not any random (or not so random) data.
-
-https://scarybeastsecurity.blogspot.gr/2016/11/0day-poc-risky-design-decisions-in.html
-
-Ideally we should just remove this plugin in favour of the one in
-gst-libav, which generally seems to be of better code quality.
-
-https://bugzilla.gnome.org/show_bug.cgi?id=774533
-
-diff --git a/gst/vmnc/vmncdec.c b/gst/vmnc/vmncdec.c
-index e8d498c..b3c9778 100644
---- a/gst/vmnc/vmncdec.c
-+++ b/gst/vmnc/vmncdec.c
-@@ -260,7 +260,7 @@ vmnc_handle_wmvi_rectangle (GstVMncDec * dec, struct RfbRectangle *rect,
- gst_video_codec_state_unref (state);
-
- g_free (dec->imagedata);
-- dec->imagedata = g_malloc (dec->format.width * dec->format.height *
-+ dec->imagedata = g_malloc0 (dec->format.width * dec->format.height *
- dec->format.bytes_per_pixel);
- GST_DEBUG_OBJECT (dec, "Allocated image data at %p", dec->imagedata);
-
-@@ -790,6 +790,10 @@ vmnc_handle_packet (GstVMncDec * dec, const guint8 * data, int len,
- GST_WARNING_OBJECT (dec, "Rectangle out of range, type %d", r.type);
- return ERROR_INVALID;
- }
-+ } else if (r.width > 16384 || r.height > 16384) {
-+ GST_WARNING_OBJECT (dec, "Width or height too high: %ux%u", r.width,
-+ r.height);
-+ return ERROR_INVALID;
- }
-
- switch (r.type) {
---
-cgit v0.10.2
-