Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
V
vlc-1.1
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Redmine
Redmine
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Operations
Operations
Metrics
Environments
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
videolan
vlc-1.1
Commits
a6c8ae35
Commit
a6c8ae35
authored
May 17, 2008
by
Pavlov Konstantin
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Contrib: fix libvorbis CVEs: 2008-1419, 2008-1420, 2008-1423.
parent
dc040150
Changes
4
Hide whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
63 additions
and
0 deletions
+63
-0
extras/contrib/src/Makefile
extras/contrib/src/Makefile
+3
-0
extras/contrib/src/Patches/libvorbis-r14598-CVE-2008-1420.patch
.../contrib/src/Patches/libvorbis-r14598-CVE-2008-1420.patch
+34
-0
extras/contrib/src/Patches/libvorbis-r14602-CVE-2008-1419.patch
.../contrib/src/Patches/libvorbis-r14602-CVE-2008-1419.patch
+13
-0
extras/contrib/src/Patches/libvorbis-r14602-CVE-2008-1423.patch
.../contrib/src/Patches/libvorbis-r14602-CVE-2008-1423.patch
+13
-0
No files found.
extras/contrib/src/Makefile
View file @
a6c8ae35
...
...
@@ -699,6 +699,9 @@ libvorbis-$(VORBIS_VERSION).tar.gz:
libvorbis
:
libvorbis-$(VORBIS_VERSION).tar.gz
$(EXTRACT_GZ)
patch
-p0
< Patches/libvorbis.patch
patch
-d
libvorbis
-p0
< Patches/libvorbis-r14598-CVE-2008-1420.patch
patch
-d
libvorbis
-p0
< Patches/libvorbis-r14602-CVE-2008-1419.patch
patch
-d
libvorbis
-p0
< Patches/libvorbis-r14602-CVE-2008-1423.patch
(
cd
$@
;
autoconf
)
.vorbis
:
libvorbis .ogg
...
...
extras/contrib/src/Patches/libvorbis-r14598-CVE-2008-1420.patch
0 → 100644
View file @
a6c8ae35
Index: lib/res0.c
===================================================================
--- lib/res0.c (revision 14597)
+++ lib/res0.c (revision 14598)
@@ -223,6 +223,20 @@
for(j=0;j<acc;j++)
if(info->booklist[j]>=ci->books)goto errout;
+ /* verify the phrasebook is not specifying an impossible or
+ inconsistent partitioning scheme. */
+ {
+ int entries = ci->book_param[info->groupbook]->entries;
+ int dim = ci->book_param[info->groupbook]->dim;
+ int partvals = 1;
+ while(dim>0){
+ partvals *= info->partitions;
+ if(partvals > entries) goto errout;
+ dim--;
+ }
+ if(partvals != entries) goto errout;
+ }
+
return(info);
errout:
res0_free_info(info);
@@ -263,7 +277,7 @@
}
}
- look->partvals=rint(pow((float)look->parts,(float)dim));
+ look->partvals=look->phrasebook->entries;
look->stages=maxstage;
look->decodemap=_ogg_malloc(look->partvals*sizeof(*look->decodemap));
for(j=0;j<look->partvals;j++){
extras/contrib/src/Patches/libvorbis-r14602-CVE-2008-1419.patch
0 → 100644
View file @
a6c8ae35
Index: lib/codebook.c
===================================================================
--- lib/codebook.c (revision 14601)
+++ lib/codebook.c (revision 14602)
@@ -225,7 +225,7 @@
int quantvals=0;
switch(s->maptype){
case 1:
- quantvals=_book_maptype1_quantvals(s);
+ quantvals=(s->dim==0?0:_book_maptype1_quantvals(s));
break;
case 2:
quantvals=s->entries*s->dim;
extras/contrib/src/Patches/libvorbis-r14602-CVE-2008-1423.patch
0 → 100644
View file @
a6c8ae35
Index: lib/codebook.c
===================================================================
--- lib/codebook.c (revision 14603)
+++ lib/codebook.c (revision 14604)
@@ -159,6 +159,8 @@
s->entries=oggpack_read(opb,24);
if(s->entries==-1)goto _eofout;
+ if(_ilog(s->dim)+_ilog(s->entries)>24)goto _eofout;
+
/* codeword ordering.... length ordered or unordered? */
switch((int)oggpack_read(opb,1)){
case 0:
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment