[gentoo-commits] gentoo-x86 commit in media-libs/gst-plugins-base/files: gst-plugins-base-0.10.22-CVE-2009-0586.patch - gentoo-commits

From:	"Olivier Crete (tester)" <tester@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] gentoo-x86 commit in media-libs/gst-plugins-base/files: gst-plugins-base-0.10.22-CVE-2009-0586.patch
Date:	Mon, 30 Mar 2009 04:38:16
Message-Id:	`E1Lo9GI-0002D0-Eo@stork.gentoo.org`

1

tester      09/03/30 04:38:14

2

3

  Added:                gst-plugins-base-0.10.22-CVE-2009-0586.patch

4

  Log:

5

  Version bump, also fix CVE-2009-0586 (bug #261594)

6

  (Portage version: 2.1.6.7/cvs/Linux i686)

7

8

Revision  Changes    Path

9

1.1                  media-libs/gst-plugins-base/files/gst-plugins-base-0.10.22-CVE-2009-0586.patch

10

11

file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/media-libs/gst-plugins-base/files/gst-plugins-base-0.10.22-CVE-2009-0586.patch?rev=1.1&view=markup

12

plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/media-libs/gst-plugins-base/files/gst-plugins-base-0.10.22-CVE-2009-0586.patch?rev=1.1&content-type=text/plain

13

14

Index: gst-plugins-base-0.10.22-CVE-2009-0586.patch

15

===================================================================

16

From 566583e87147f774e7fc4c78b5f7e61d427e40a9 Mon Sep 17 00:00:00 2001

17

From: Jan Schmidt <thaytan@××××××××.net>

18

Date: Tue, 24 Feb 2009 15:58:42 +0000

19

Subject: vorbistag: Protect memory allocation calculation from overflow.

20

21

Patch by: Tomas Hoger <thoger@××××××.com> Fixes CVE-2009-0586

22

---

23

diff --git a/gst-libs/gst/tag/gstvorbistag.c b/gst-libs/gst/tag/gstvorbistag.c

24

index 0999368..9401e61 100644

25

--- a/gst-libs/gst/tag/gstvorbistag.c

26

+++ b/gst-libs/gst/tag/gstvorbistag.c

27

@@ -305,30 +305,32 @@ gst_vorbis_tag_add (GstTagList * list, const gchar * tag, const gchar * value)

28

}

29

30

 static void

31

-gst_vorbis_tag_add_coverart (GstTagList * tags, const gchar * img_data_base64,

32

+gst_vorbis_tag_add_coverart (GstTagList * tags, gchar * img_data_base64,

33

     gint base64_len)

34

{

35

   GstBuffer *img;

36

-  guchar *img_data;

37

   gsize img_len;

38

+  guchar *out;

39

   guint save = 0;

40

   gint state = 0;

41

42

   if (base64_len < 2)

43

     goto not_enough_data;

44

45

-  img_data = g_try_malloc0 (base64_len * 3 / 4);

46

-

47

-  if (img_data == NULL)

48

-    goto alloc_failed;

49

-

50

-  img_len = g_base64_decode_step (img_data_base64, base64_len, img_data,

51

-      &state, &save);

52

+  /* img_data_base64 points to a temporary copy of the base64 encoded data, so

53

+   * it's safe to do inpace decoding here

54

+   * TODO: glib 2.20 and later provides g_base64_decode_inplace, so change this

55

+   * to use glib's API instead once it's in wider use:

56

+   *  http://bugzilla.gnome.org/show_bug.cgi?id=564728

57

+   *  http://svn.gnome.org/viewvc/glib?view=revision&revision=7807 */

58

+  out = (guchar *) img_data_base64;

59

+  img_len = g_base64_decode_step (img_data_base64, base64_len,

60

+      out, &state, &save);

61

62

   if (img_len == 0)

63

     goto decode_failed;

64

65

-  img = gst_tag_image_data_to_image_buffer (img_data, img_len,

66

+  img = gst_tag_image_data_to_image_buffer (out, img_len,

67

       GST_TAG_IMAGE_TYPE_NONE);

68

69

   if (img == NULL)

70

@@ -338,7 +340,6 @@ gst_vorbis_tag_add_coverart (GstTagList * tags, const gchar * img_data_base64,

71

       GST_TAG_PREVIEW_IMAGE, img, NULL);

72

73

   gst_buffer_unref (img);

74

-  g_free (img_data);

75

   return;

76

77

 /* ERRORS */

78

@@ -347,21 +348,14 @@ not_enough_data:

79

     GST_WARNING ("COVERART tag with too little base64-encoded data");

80

     return;

81

}

82

-alloc_failed:

83

-  {

84

-    GST_WARNING ("Couldn't allocate enough memory to decode COVERART tag");

85

-    return;

86

-  }

87

 decode_failed:

88

{

89

-    GST_WARNING ("Couldn't decode bas64 image data from COVERART tag");

90

-    g_free (img_data);

91

+    GST_WARNING ("Couldn't decode base64 image data from COVERART tag");

92

     return;

93

}

94

 convert_failed:

95

{

96

     GST_WARNING ("Couldn't extract image or image type from COVERART tag");

97

-    g_free (img_data);

98

     return;

99

}

100

}

101

@@ -457,6 +451,7 @@ error:

102

   return NULL;

103

 #undef ADVANCE

104

}

105

+

106

 typedef struct

107

{

108

   guint count;

109

--

110

cgit v0.8.2

1	tester 09/03/30 04:38:14
2
3	Added: gst-plugins-base-0.10.22-CVE-2009-0586.patch
4	Log:
5	Version bump, also fix CVE-2009-0586 (bug #261594)
6	(Portage version: 2.1.6.7/cvs/Linux i686)
7
8	Revision Changes Path
9	1.1 media-libs/gst-plugins-base/files/gst-plugins-base-0.10.22-CVE-2009-0586.patch
10
11	file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/media-libs/gst-plugins-base/files/gst-plugins-base-0.10.22-CVE-2009-0586.patch?rev=1.1&view=markup
12	plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/media-libs/gst-plugins-base/files/gst-plugins-base-0.10.22-CVE-2009-0586.patch?rev=1.1&content-type=text/plain
13
14	Index: gst-plugins-base-0.10.22-CVE-2009-0586.patch
15	===================================================================
16	From 566583e87147f774e7fc4c78b5f7e61d427e40a9 Mon Sep 17 00:00:00 2001
17	From: Jan Schmidt <thaytan@××××××××.net>
18	Date: Tue, 24 Feb 2009 15:58:42 +0000
19	Subject: vorbistag: Protect memory allocation calculation from overflow.
20
21	Patch by: Tomas Hoger <thoger@××××××.com> Fixes CVE-2009-0586
22	---
23	diff --git a/gst-libs/gst/tag/gstvorbistag.c b/gst-libs/gst/tag/gstvorbistag.c
24	index 0999368..9401e61 100644
25	--- a/gst-libs/gst/tag/gstvorbistag.c
26	+++ b/gst-libs/gst/tag/gstvorbistag.c
27	@@ -305,30 +305,32 @@ gst_vorbis_tag_add (GstTagList * list, const gchar * tag, const gchar * value)
28	}
29
30	static void
31	-gst_vorbis_tag_add_coverart (GstTagList * tags, const gchar * img_data_base64,
32	+gst_vorbis_tag_add_coverart (GstTagList * tags, gchar * img_data_base64,
33	gint base64_len)
34	{
35	GstBuffer *img;
36	- guchar *img_data;
37	gsize img_len;
38	+ guchar *out;
39	guint save = 0;
40	gint state = 0;
41
42	if (base64_len < 2)
43	goto not_enough_data;
44
45	- img_data = g_try_malloc0 (base64_len * 3 / 4);
46	-
47	- if (img_data == NULL)
48	- goto alloc_failed;
49	-
50	- img_len = g_base64_decode_step (img_data_base64, base64_len, img_data,
51	- &state, &save);
52	+ /* img_data_base64 points to a temporary copy of the base64 encoded data, so
53	+ * it's safe to do inpace decoding here
54	+ * TODO: glib 2.20 and later provides g_base64_decode_inplace, so change this
55	+ * to use glib's API instead once it's in wider use:
56	+ * http://bugzilla.gnome.org/show_bug.cgi?id=564728
57	+ * http://svn.gnome.org/viewvc/glib?view=revision&revision=7807 */
58	+ out = (guchar *) img_data_base64;
59	+ img_len = g_base64_decode_step (img_data_base64, base64_len,
60	+ out, &state, &save);
61
62	if (img_len == 0)
63	goto decode_failed;
64
65	- img = gst_tag_image_data_to_image_buffer (img_data, img_len,
66	+ img = gst_tag_image_data_to_image_buffer (out, img_len,
67	GST_TAG_IMAGE_TYPE_NONE);
68
69	if (img == NULL)
70	@@ -338,7 +340,6 @@ gst_vorbis_tag_add_coverart (GstTagList * tags, const gchar * img_data_base64,
71	GST_TAG_PREVIEW_IMAGE, img, NULL);
72
73	gst_buffer_unref (img);
74	- g_free (img_data);
75	return;
76
77	/* ERRORS */
78	@@ -347,21 +348,14 @@ not_enough_data:
79	GST_WARNING ("COVERART tag with too little base64-encoded data");
80	return;
81	}
82	-alloc_failed:
83	- {
84	- GST_WARNING ("Couldn't allocate enough memory to decode COVERART tag");
85	- return;
86	- }
87	decode_failed:
88	{
89	- GST_WARNING ("Couldn't decode bas64 image data from COVERART tag");
90	- g_free (img_data);
91	+ GST_WARNING ("Couldn't decode base64 image data from COVERART tag");
92	return;
93	}
94	convert_failed:
95	{
96	GST_WARNING ("Couldn't extract image or image type from COVERART tag");
97	- g_free (img_data);
98	return;
99	}
100	}
101	@@ -457,6 +451,7 @@ error:
102	return NULL;
103	#undef ADVANCE
104	}
105	+
106	typedef struct
107	{
108	guint count;
109	--
110	cgit v0.8.2

Gentoo Archives: gentoo-commits