1 files changed, 35 insertions, 0 deletions
diff --git a/meta-multimedia/recipes-multimedia/gstreamer-0.10/gst-ffmpeg-0.10.13/gst-ffmpeg-fix-CVE-2014-8546.patch b/meta-multimedia/recipes-multimedia/gstreamer-0.10/gst-ffmpeg-0.10.13/gst-ffmpeg-fix-CVE-2014-8546.patch
new file mode 100644
index 000000000..d55d9ebe6
--- /dev/null
+++ b/meta-multimedia/recipes-multimedia/gstreamer-0.10/gst-ffmpeg-0.10.13/gst-ffmpeg-fix-CVE-2014-8546.patch
@@ -0,0 +1,35 @@
+From e7e5114c506957f40aafd794e06de1a7e341e9d5 Mon Sep 17 00:00:00 2001
+From: Michael Niedermayer <michaelni@gmx.at>
+Date: Fri, 3 Oct 2014 19:33:01 +0200
+Subject: [PATCH] avcodec/cinepak: fix integer underflow
+(Upstream commit e7e5114c506957f40aafd794e06de1a7e341e9d5)
+Fixes out of array access
+Fixes: asan_heap-oob_4da0ba_6_asan_heap-oob_4da0ba_241_cvid_crash.avi
+Upstream-status: Backport
+Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
+Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
+Signed-off-by: Yue Tao <yue.tao@windriver.com>
+---
+ libavcodec/cinepak.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+diff --git a/libavcodec/cinepak.c b/libavcodec/cinepak.c
+index 4746289..f651c48 100644
+--- a/gst-libs/ext/libav/libavcodec/cinepak.c
+++ b/gst-libs/ext/libav/libavcodec/cinepak.c
+@@ -125,7 +125,7 @@ static int cinepak_decode_vectors (CinepakContext *s, cvid_strip *strip,
+     const uint8_t   *eod = (data + size);
+     uint32_t         flag, mask;
+     cvid_codebook   *codebook;
+-    unsigned int     x, y;
+    int             x, y;
+     uint32_t         iy[4];
+     uint32_t         iu[2];
+     uint32_t         iv[2];
+-- 
+1.7.9.5

diff --git a/meta-multimedia/recipes-multimedia/gstreamer-0.10/gst-ffmpeg-0.10.13/gst-ffmpeg-fix-CVE-2014-8546.patch b/meta-multimedia/recipes-multimedia/gstreamer-0.10/gst-ffmpeg-0.10.13/gst-ffmpeg-fix-CVE-2014-8546.patch new file mode 100644 index 000000000..d55d9ebe6 --- /dev/null +++ b/meta-multimedia/recipes-multimedia/gstreamer-0.10/gst-ffmpeg-0.10.13/gst-ffmpeg-fix-CVE-2014-8546.patch
@@ -0,0 +1,35 @@
	1	From e7e5114c506957f40aafd794e06de1a7e341e9d5 Mon Sep 17 00:00:00 2001
	2	From: Michael Niedermayer <michaelni@gmx.at>
	3	Date: Fri, 3 Oct 2014 19:33:01 +0200
	4	Subject: [PATCH] avcodec/cinepak: fix integer underflow
	5
	6	(Upstream commit e7e5114c506957f40aafd794e06de1a7e341e9d5)
	7
	8	Fixes out of array access
	9	Fixes: asan_heap-oob_4da0ba_6_asan_heap-oob_4da0ba_241_cvid_crash.avi
	10
	11	Upstream-status: Backport
	12
	13	Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
	14	Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
	15	Signed-off-by: Yue Tao <yue.tao@windriver.com>
	16	---
	17	libavcodec/cinepak.c \| 2 +-
	18	1 file changed, 1 insertion(+), 1 deletion(-)
	19
	20	diff --git a/libavcodec/cinepak.c b/libavcodec/cinepak.c
	21	index 4746289..f651c48 100644
	22	--- a/gst-libs/ext/libav/libavcodec/cinepak.c
	23	+++ b/gst-libs/ext/libav/libavcodec/cinepak.c
	24	@@ -125,7 +125,7 @@ static int cinepak_decode_vectors (CinepakContext s, cvid_strip strip,
	25	const uint8_t *eod = (data + size);
	26	uint32_t flag, mask;
	27	cvid_codebook *codebook;
	28	- unsigned int x, y;
	29	+ int x, y;
	30	uint32_t iy[4];
	31	uint32_t iu[2];
	32	uint32_t iv[2];
	33	--
	34	1.7.9.5
	35