summaryrefslogtreecommitdiff
path: root/libre
diff options
context:
space:
mode:
authorAndré Fabian Silva Delgado <emulatorman@lavabit.com>2013-05-15 17:23:28 -0300
committerAndré Fabian Silva Delgado <emulatorman@lavabit.com>2013-05-15 17:23:28 -0300
commitd4b4da9013c3d5548d20797f7bb8f90a8dd7639b (patch)
tree3b958bcdd4b1c48abd0aa099eabd8b478392e57f /libre
parent24d84e2a65216ae46ec4b58eea938c5237c0ade5 (diff)
downloadabslibre-d4b4da9013c3d5548d20797f7bb8f90a8dd7639b.tar.gz
abslibre-d4b4da9013c3d5548d20797f7bb8f90a8dd7639b.tar.bz2
abslibre-d4b4da9013c3d5548d20797f7bb8f90a8dd7639b.zip
mplayer-vaapi-libre-35107-7: Fix out of bound write access when parsing .srt
Diffstat (limited to 'libre')
-rw-r--r--libre/mplayer-vaapi-libre/PKGBUILD22
-rw-r--r--libre/mplayer-vaapi-libre/subreader-fix-srt-parsing.patch60
2 files changed, 76 insertions, 6 deletions
diff --git a/libre/mplayer-vaapi-libre/PKGBUILD b/libre/mplayer-vaapi-libre/PKGBUILD
index 3b0ef9080..93958ca69 100644
--- a/libre/mplayer-vaapi-libre/PKGBUILD
+++ b/libre/mplayer-vaapi-libre/PKGBUILD
@@ -1,4 +1,4 @@
-# $Id$
+# $Id: PKGBUILD 90856 2013-05-14 23:55:05Z foutrelis $
# Maintainer: Evangelos Foutras <evangelos@foutrelis.com>
# Contributor: Ionut Biru <ibiru@archlinux.org>
# Contributor: Hugo Doria <hugo@archlinux.org>
@@ -8,8 +8,8 @@
pkgname=mplayer-vaapi-libre
pkgver=35107
-pkgrel=5
-pkgdesc="A movie player, compiled with vaapi (without unfree faac support)"
+pkgrel=7
+pkgdesc="A movie player, compiled with vaapi, without nonfree faac support"
arch=('i686' 'x86_64' 'mips64el')
url="http://gitorious.org/vaapi/mplayer"
license=('GPL')
@@ -26,19 +26,29 @@ replaces=('mplayer-vaapi')
backup=('etc/mplayer/codecs.conf' 'etc/mplayer/input.conf')
source=(http://pkgbuild.com/~foutrelis/mplayer-vaapi-$pkgver.tar.xz
cdio-includes.patch
- tweak-desktop-file.patch)
+ tweak-desktop-file.patch
+ subreader-fix-srt-parsing.patch)
options=('!buildflags' '!emptydirs')
install=mplayer-vaapi.install
sha256sums=('a6c645625cc2cd6ca48764db302c926049f831e757857ece351b37b674e05e56'
'72e6c654f9733953ad2466d0ea1a52f23e753791d8232d90f13293eb1b358720'
- '5a09fb462729a4e573568f9e8c1f57dbe7f69c0b68cfa4f6d70b3e52c450d93b')
+ '5a09fb462729a4e573568f9e8c1f57dbe7f69c0b68cfa4f6d70b3e52c450d93b'
+ '69127a5576e4f1f62f688215bd2ec0e052ddcb36292c7a1766c146ff122cb092')
-build() {
+
+prepare() {
cd "$srcdir/mplayer-vaapi-$pkgver"
patch -Np0 -i "$srcdir/cdio-includes.patch"
patch -d etc -Np0 -i "$srcdir/tweak-desktop-file.patch"
+ # http://bugzilla.mplayerhq.hu/show_bug.cgi?id=2139
+ patch -Np1 -i "$srcdir/subreader-fix-srt-parsing.patch"
+}
+
+build() {
+ cd "$srcdir/mplayer-vaapi-$pkgver"
+
./configure \
--prefix=/usr \
--enable-runtime-cpudetection \
diff --git a/libre/mplayer-vaapi-libre/subreader-fix-srt-parsing.patch b/libre/mplayer-vaapi-libre/subreader-fix-srt-parsing.patch
new file mode 100644
index 000000000..84f2de4d9
--- /dev/null
+++ b/libre/mplayer-vaapi-libre/subreader-fix-srt-parsing.patch
@@ -0,0 +1,60 @@
+From d98e61ea438db66323734ad1b6bea66411a3c97b Mon Sep 17 00:00:00 2001
+From: wm4 <wm4@nowhere>
+Date: Tue, 30 Apr 2013 00:09:31 +0200
+Subject: [PATCH] subreader: fix out of bound write access when parsing .srt
+
+This broke .srt subtitles on gcc-4.8. The breakage was relatively
+subtle: it set all hour components to 0, while everything else was
+parsed successfully.
+
+But the problem is really that sscanf wrote 1 byte past the sep
+variable (or more, for invalid/specially prepared input). The %[..]
+format specifier is unbounded. Fix that by letting sscanf drop the
+parsed contents with "*", and also make it skip only one input
+character by adding "1" (=> "%*1[...").
+
+The out of bound write could easily lead to security issues.
+
+Also, this change makes .srt subtitle parsing slightly more strict.
+Strictly speaking this is an unrelated change, but do it anyway. It's
+more correct.
+---
+ sub/subreader.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+ (foutrelis: adjusted variable names in first hunk to apply to mplayer)
+
+diff --git a/sub/subreader.c b/sub/subreader.c
+index 23da4c7..0f1b6c9 100644
+--- a/sub/subreader.c
++++ b/sub/subreader.c
+@@ -386,14 +386,14 @@ static subtitle *sub_ass_read_line_subviewer(stream_t *st, subtitle *current,
+ int h1, m1, s1, ms1, h2, m2, s2, ms2, j = 0;
+
+ while (!current->text[0]) {
+- char line[LINE_LEN + 1], full_line[LINE_LEN + 1], sep;
++ char line[LINE_LEN + 1], full_line[LINE_LEN + 1];
+ int i;
+
+ /* Parse SubRip header */
+ if (!stream_read_line(st, line, LINE_LEN, utf16))
+ return NULL;
+- if (sscanf(line, "%d:%d:%d%[,.:]%d --> %d:%d:%d%[,.:]%d",
+- &h1, &m1, &s1, &sep, &ms1, &h2, &m2, &s2, &sep, &ms2) < 10)
++ if (sscanf(line, "%d:%d:%d%*1[,.:]%d --> %d:%d:%d%*1[,.:]%d",
++ &h1, &m1, &s1, &ms1, &h2, &m2, &s2, &ms2) < 8)
+ continue;
+
+ current->start = a1 * 360000 + a2 * 6000 + a3 * 100 + a4 / 10;
+@@ -450,7 +450,7 @@ static subtitle *sub_read_line_subviewer(stream_t *st,subtitle *current,
+ return sub_ass_read_line_subviewer(st, current, args);
+ while (!current->text[0]) {
+ if (!stream_read_line (st, line, LINE_LEN, utf16)) return NULL;
+- if ((len=sscanf (line, "%d:%d:%d%[,.:]%d --> %d:%d:%d%[,.:]%d",&a1,&a2,&a3,(char *)&i,&a4,&b1,&b2,&b3,(char *)&i,&b4)) < 10)
++ if ((len=sscanf (line, "%d:%d:%d%*1[,.:]%d --> %d:%d:%d%*1[,.:]%d",&a1,&a2,&a3,&a4,&b1,&b2,&b3,&b4)) < 8)
+ continue;
+ current->start = a1*360000+a2*6000+a3*100+a4/10;
+ current->end = b1*360000+b2*6000+b3*100+b4/10;
+--
+1.8.1.6
+