meta/recipes-multimedia/gstreamer/gst-ffmpeg-0.10.13/0001-smackerdec-Check-that-the-last-indexes-are-within-th.patch


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32

gst-ffmpeg: smackerdec: Check that the last indexes are within the
 table.

Fixes CVE-2011-3944

Upstream-Status: Backport 

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
---
 libavcodec/smacker.c |    5 +++++
 1 files changed, 5 insertions(+), 0 deletions(-)

diff --git a/libavcodec/smacker.c b/libavcodec/smacker.c
index 30f99b4..2a8bae8 100644
--- a/gst-libs/ext/libav/libavcodec/smacker.c
+++ b/gst-libs/ext/libav/libavcodec/smacker.c
@@ -259,6 +259,11 @@ static int smacker_decode_header_tree(SmackVContext *smk, GetBitContext *gb, int
     if(ctx.last[0] == -1) ctx.last[0] = huff.current++;
     if(ctx.last[1] == -1) ctx.last[1] = huff.current++;
     if(ctx.last[2] == -1) ctx.last[2] = huff.current++;
+    if(huff.current > huff.length){
+        ctx.last[0] = ctx.last[1] = ctx.last[2] = 1;
+        av_log(smk->avctx, AV_LOG_ERROR, "bigtree damaged\n");
+        return -1;
+    }
 
     *recodes = huff.values;
 
-- 
1.7.5.4