summaryrefslogtreecommitdiff
path: root/libre/libquicktime/libquicktime-1.2.4-CVE-2017-9122_et_al.patch
diff options
context:
space:
mode:
Diffstat (limited to 'libre/libquicktime/libquicktime-1.2.4-CVE-2017-9122_et_al.patch')
-rw-r--r--libre/libquicktime/libquicktime-1.2.4-CVE-2017-9122_et_al.patch151
1 files changed, 0 insertions, 151 deletions
diff --git a/libre/libquicktime/libquicktime-1.2.4-CVE-2017-9122_et_al.patch b/libre/libquicktime/libquicktime-1.2.4-CVE-2017-9122_et_al.patch
deleted file mode 100644
index 06fb7b337..000000000
--- a/libre/libquicktime/libquicktime-1.2.4-CVE-2017-9122_et_al.patch
+++ /dev/null
@@ -1,151 +0,0 @@
-From: Burkhard Plaum <plaum@ipf.uni-stuttgart.de>
-Origin: https://sourceforge.net/p/libquicktime/mailman/libquicktime-devel/?viewmonth=201706
-
-Hi,
-
-I committed some (mostly trivial) updates to CVS. The following CVE's
-are fixed and/or no longer reproducible:
-
-CVE-2017-9122
-CVE-2017-9123
-CVE-2017-9124
-CVE-2017-9125
-CVE-2017-9126
-CVE-2017-9127
-CVE-2017-9128
-
-I was a bit surprised that one simple sanity check fixes a whole bunch of files.
-
-So it could be, that the problems are still there, but better hidden since the
-critical code isn't executed anymore with the sample files I got.
-
-If someone encounters more crashes, feel free to report them.
-
-Burkhard
-
---- a/include/lqt_funcprotos.h
-+++ b/include/lqt_funcprotos.h
-@@ -1345,9 +1345,9 @@ int quicktime_write_int32_le(quicktime_t
- int quicktime_write_char32(quicktime_t *file, char *string);
- float quicktime_read_fixed16(quicktime_t *file);
- int quicktime_write_fixed16(quicktime_t *file, float number);
--unsigned long quicktime_read_uint32(quicktime_t *file);
--long quicktime_read_int32(quicktime_t *file);
--long quicktime_read_int32_le(quicktime_t *file);
-+uint32_t quicktime_read_uint32(quicktime_t *file);
-+int32_t quicktime_read_int32(quicktime_t *file);
-+int32_t quicktime_read_int32_le(quicktime_t *file);
- int64_t quicktime_read_int64(quicktime_t *file);
- int64_t quicktime_read_int64_le(quicktime_t *file);
- long quicktime_read_int24(quicktime_t *file);
---- a/src/atom.c
-+++ b/src/atom.c
-@@ -131,6 +131,9 @@ int quicktime_atom_read_header(quicktime
- atom->size = read_size64(header);
- atom->end = atom->start + atom->size;
- }
-+/* Avoid broken files */
-+ if(atom->end > file->total_length)
-+ result = 1;
- }
-
-
---- a/src/lqt_quicktime.c
-+++ b/src/lqt_quicktime.c
-@@ -1788,8 +1788,8 @@ int quicktime_read_info(quicktime_t *fil
- quicktime_set_position(file, start_position);
- free(temp);
-
-- quicktime_read_moov(file, &file->moov, &leaf_atom);
-- got_header = 1;
-+ if(!quicktime_read_moov(file, &file->moov, &leaf_atom))
-+ got_header = 1;
- }
- else
- quicktime_atom_skip(file, &leaf_atom);
---- a/src/moov.c
-+++ b/src/moov.c
-@@ -218,7 +218,8 @@ int quicktime_read_moov(quicktime_t *fil
- if(quicktime_atom_is(&leaf_atom, "trak"))
- {
- quicktime_trak_t *trak = quicktime_add_trak(file);
-- quicktime_read_trak(file, trak, &leaf_atom);
-+ if(quicktime_read_trak(file, trak, &leaf_atom))
-+ return 1;
- }
- else
- if(quicktime_atom_is(&leaf_atom, "udta"))
---- a/src/trak.c
-+++ b/src/trak.c
-@@ -269,6 +269,14 @@ int quicktime_read_trak(quicktime_t *fil
- else quicktime_atom_skip(file, &leaf_atom);
- } while(quicktime_position(file) < trak_atom->end);
-
-+ /* Do some sanity checks to prevent later crashes */
-+ if(trak->mdia.minf.is_video || trak->mdia.minf.is_video)
-+ {
-+ if(!trak->mdia.minf.stbl.stsc.table ||
-+ !trak->mdia.minf.stbl.stco.table)
-+ return 1;
-+ }
-+
- #if 1
- if(trak->mdia.minf.is_video &&
- quicktime_match_32(trak->mdia.minf.stbl.stsd.table[0].format, "drac"))
---- a/src/util.c
-+++ b/src/util.c
-@@ -647,10 +647,10 @@ int quicktime_write_fixed16(quicktime_t
- return quicktime_write_data(file, data, 2);
- }
-
--unsigned long quicktime_read_uint32(quicktime_t *file)
-+uint32_t quicktime_read_uint32(quicktime_t *file)
- {
-- unsigned long result;
-- unsigned long a, b, c, d;
-+ uint32_t result;
-+ uint32_t a, b, c, d;
- uint8_t data[4];
-
- quicktime_read_data(file, data, 4);
-@@ -663,10 +663,10 @@ unsigned long quicktime_read_uint32(quic
- return result;
- }
-
--long quicktime_read_int32(quicktime_t *file)
-+int32_t quicktime_read_int32(quicktime_t *file)
- {
-- unsigned long result;
-- unsigned long a, b, c, d;
-+ uint32_t result;
-+ uint32_t a, b, c, d;
- uint8_t data[4];
-
- quicktime_read_data(file, data, 4);
-@@ -676,13 +676,13 @@ long quicktime_read_int32(quicktime_t *f
- d = data[3];
-
- result = (a << 24) | (b << 16) | (c << 8) | d;
-- return (long)result;
-+ return (int32_t)result;
- }
-
--long quicktime_read_int32_le(quicktime_t *file)
-+int32_t quicktime_read_int32_le(quicktime_t *file)
- {
-- unsigned long result;
-- unsigned long a, b, c, d;
-+ uint32_t result;
-+ uint32_t a, b, c, d;
- uint8_t data[4];
-
- quicktime_read_data(file, data, 4);
-@@ -692,7 +692,7 @@ long quicktime_read_int32_le(quicktime_t
- d = data[3];
-
- result = (d << 24) | (c << 16) | (b << 8) | a;
-- return (long)result;
-+ return (int32_t)result;
- }
-
- int64_t quicktime_read_int64(quicktime_t *file)
generated by cgit v1.2.2 (git 2.25.0) at 2024-05-01 14:35:54 +0000