diff options
author | Mart Raudsepp <leio@gentoo.org> | 2017-09-14 22:09:26 +0300 |
---|---|---|
committer | Mart Raudsepp <leio@gentoo.org> | 2017-09-16 22:43:16 +0300 |
commit | 671b2f55faafbe0a687b64824f08d95d79ada3e6 (patch) | |
tree | a77233dc8926ffc407a07811e4a6a3484642e9ee /media-libs | |
parent | media-libs/gst-plugins-bad: bump to 1.12.2 (diff) | |
download | gentoo-671b2f55faafbe0a687b64824f08d95d79ada3e6.tar.gz gentoo-671b2f55faafbe0a687b64824f08d95d79ada3e6.tar.bz2 gentoo-671b2f55faafbe0a687b64824f08d95d79ada3e6.zip |
media-libs/gst-plugins-bad: remove stale patch
Package-Manager: Portage-2.3.6, Repoman-2.3.2
Diffstat (limited to 'media-libs')
-rw-r--r-- | media-libs/gst-plugins-bad/files/gst-plugins-bad-1.8.3-CVE-2016-9445.patch | 47 |
1 files changed, 0 insertions, 47 deletions
diff --git a/media-libs/gst-plugins-bad/files/gst-plugins-bad-1.8.3-CVE-2016-9445.patch b/media-libs/gst-plugins-bad/files/gst-plugins-bad-1.8.3-CVE-2016-9445.patch deleted file mode 100644 index 5eff76da5d3e..000000000000 --- a/media-libs/gst-plugins-bad/files/gst-plugins-bad-1.8.3-CVE-2016-9445.patch +++ /dev/null @@ -1,47 +0,0 @@ -From 93f9faad751c3069f828dd8d517814b8bf1d0084 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Sebastian=20Dr=C3=B6ge?= <sebastian@centricular.com> -Date: Wed, 16 Nov 2016 20:41:39 +0200 -Subject: vmncdec: Sanity-check width/height before using it - -We will allocate a screen area of width*height*bpp bytes, however this -calculation can easily overflow if too high width or height are given -inside the stream. Nonetheless we would just assume that enough memory -was allocated, try to fill it and overwrite as much memory as wanted. - -Also allocate the screen area filled with zeroes to ensure that we start -with full-black and not any random (or not so random) data. - -https://scarybeastsecurity.blogspot.gr/2016/11/0day-poc-risky-design-decisions-in.html - -Ideally we should just remove this plugin in favour of the one in -gst-libav, which generally seems to be of better code quality. - -https://bugzilla.gnome.org/show_bug.cgi?id=774533 - -diff --git a/gst/vmnc/vmncdec.c b/gst/vmnc/vmncdec.c -index e8d498c..b3c9778 100644 ---- a/gst/vmnc/vmncdec.c -+++ b/gst/vmnc/vmncdec.c -@@ -260,7 +260,7 @@ vmnc_handle_wmvi_rectangle (GstVMncDec * dec, struct RfbRectangle *rect, - gst_video_codec_state_unref (state); - - g_free (dec->imagedata); -- dec->imagedata = g_malloc (dec->format.width * dec->format.height * -+ dec->imagedata = g_malloc0 (dec->format.width * dec->format.height * - dec->format.bytes_per_pixel); - GST_DEBUG_OBJECT (dec, "Allocated image data at %p", dec->imagedata); - -@@ -790,6 +790,10 @@ vmnc_handle_packet (GstVMncDec * dec, const guint8 * data, int len, - GST_WARNING_OBJECT (dec, "Rectangle out of range, type %d", r.type); - return ERROR_INVALID; - } -+ } else if (r.width > 16384 || r.height > 16384) { -+ GST_WARNING_OBJECT (dec, "Width or height too high: %ux%u", r.width, -+ r.height); -+ return ERROR_INVALID; - } - - switch (r.type) { --- -cgit v0.10.2 - |