diff options
author | André Fabian Silva Delgado <emulatorman@lavabit.com> | 2013-05-15 17:23:28 -0300 |
---|---|---|
committer | André Fabian Silva Delgado <emulatorman@lavabit.com> | 2013-05-15 17:23:28 -0300 |
commit | d4b4da9013c3d5548d20797f7bb8f90a8dd7639b (patch) | |
tree | 3b958bcdd4b1c48abd0aa099eabd8b478392e57f /libre | |
parent | 24d84e2a65216ae46ec4b58eea938c5237c0ade5 (diff) | |
download | abslibre-d4b4da9013c3d5548d20797f7bb8f90a8dd7639b.tar.gz abslibre-d4b4da9013c3d5548d20797f7bb8f90a8dd7639b.tar.bz2 abslibre-d4b4da9013c3d5548d20797f7bb8f90a8dd7639b.zip |
mplayer-vaapi-libre-35107-7: Fix out of bound write access when parsing .srt
Diffstat (limited to 'libre')
-rw-r--r-- | libre/mplayer-vaapi-libre/PKGBUILD | 22 | ||||
-rw-r--r-- | libre/mplayer-vaapi-libre/subreader-fix-srt-parsing.patch | 60 |
2 files changed, 76 insertions, 6 deletions
diff --git a/libre/mplayer-vaapi-libre/PKGBUILD b/libre/mplayer-vaapi-libre/PKGBUILD index 3b0ef9080..93958ca69 100644 --- a/libre/mplayer-vaapi-libre/PKGBUILD +++ b/libre/mplayer-vaapi-libre/PKGBUILD @@ -1,4 +1,4 @@ -# $Id$ +# $Id: PKGBUILD 90856 2013-05-14 23:55:05Z foutrelis $ # Maintainer: Evangelos Foutras <evangelos@foutrelis.com> # Contributor: Ionut Biru <ibiru@archlinux.org> # Contributor: Hugo Doria <hugo@archlinux.org> @@ -8,8 +8,8 @@ pkgname=mplayer-vaapi-libre pkgver=35107 -pkgrel=5 -pkgdesc="A movie player, compiled with vaapi (without unfree faac support)" +pkgrel=7 +pkgdesc="A movie player, compiled with vaapi, without nonfree faac support" arch=('i686' 'x86_64' 'mips64el') url="http://gitorious.org/vaapi/mplayer" license=('GPL') @@ -26,19 +26,29 @@ replaces=('mplayer-vaapi') backup=('etc/mplayer/codecs.conf' 'etc/mplayer/input.conf') source=(http://pkgbuild.com/~foutrelis/mplayer-vaapi-$pkgver.tar.xz cdio-includes.patch - tweak-desktop-file.patch) + tweak-desktop-file.patch + subreader-fix-srt-parsing.patch) options=('!buildflags' '!emptydirs') install=mplayer-vaapi.install sha256sums=('a6c645625cc2cd6ca48764db302c926049f831e757857ece351b37b674e05e56' '72e6c654f9733953ad2466d0ea1a52f23e753791d8232d90f13293eb1b358720' - '5a09fb462729a4e573568f9e8c1f57dbe7f69c0b68cfa4f6d70b3e52c450d93b') + '5a09fb462729a4e573568f9e8c1f57dbe7f69c0b68cfa4f6d70b3e52c450d93b' + '69127a5576e4f1f62f688215bd2ec0e052ddcb36292c7a1766c146ff122cb092') -build() { + +prepare() { cd "$srcdir/mplayer-vaapi-$pkgver" patch -Np0 -i "$srcdir/cdio-includes.patch" patch -d etc -Np0 -i "$srcdir/tweak-desktop-file.patch" + # http://bugzilla.mplayerhq.hu/show_bug.cgi?id=2139 + patch -Np1 -i "$srcdir/subreader-fix-srt-parsing.patch" +} + +build() { + cd "$srcdir/mplayer-vaapi-$pkgver" + ./configure \ --prefix=/usr \ --enable-runtime-cpudetection \ diff --git a/libre/mplayer-vaapi-libre/subreader-fix-srt-parsing.patch b/libre/mplayer-vaapi-libre/subreader-fix-srt-parsing.patch new file mode 100644 index 000000000..84f2de4d9 --- /dev/null +++ b/libre/mplayer-vaapi-libre/subreader-fix-srt-parsing.patch @@ -0,0 +1,60 @@ +From d98e61ea438db66323734ad1b6bea66411a3c97b Mon Sep 17 00:00:00 2001 +From: wm4 <wm4@nowhere> +Date: Tue, 30 Apr 2013 00:09:31 +0200 +Subject: [PATCH] subreader: fix out of bound write access when parsing .srt + +This broke .srt subtitles on gcc-4.8. The breakage was relatively +subtle: it set all hour components to 0, while everything else was +parsed successfully. + +But the problem is really that sscanf wrote 1 byte past the sep +variable (or more, for invalid/specially prepared input). The %[..] +format specifier is unbounded. Fix that by letting sscanf drop the +parsed contents with "*", and also make it skip only one input +character by adding "1" (=> "%*1[..."). + +The out of bound write could easily lead to security issues. + +Also, this change makes .srt subtitle parsing slightly more strict. +Strictly speaking this is an unrelated change, but do it anyway. It's +more correct. +--- + sub/subreader.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + + (foutrelis: adjusted variable names in first hunk to apply to mplayer) + +diff --git a/sub/subreader.c b/sub/subreader.c +index 23da4c7..0f1b6c9 100644 +--- a/sub/subreader.c ++++ b/sub/subreader.c +@@ -386,14 +386,14 @@ static subtitle *sub_ass_read_line_subviewer(stream_t *st, subtitle *current, + int h1, m1, s1, ms1, h2, m2, s2, ms2, j = 0; + + while (!current->text[0]) { +- char line[LINE_LEN + 1], full_line[LINE_LEN + 1], sep; ++ char line[LINE_LEN + 1], full_line[LINE_LEN + 1]; + int i; + + /* Parse SubRip header */ + if (!stream_read_line(st, line, LINE_LEN, utf16)) + return NULL; +- if (sscanf(line, "%d:%d:%d%[,.:]%d --> %d:%d:%d%[,.:]%d", +- &h1, &m1, &s1, &sep, &ms1, &h2, &m2, &s2, &sep, &ms2) < 10) ++ if (sscanf(line, "%d:%d:%d%*1[,.:]%d --> %d:%d:%d%*1[,.:]%d", ++ &h1, &m1, &s1, &ms1, &h2, &m2, &s2, &ms2) < 8) + continue; + + current->start = a1 * 360000 + a2 * 6000 + a3 * 100 + a4 / 10; +@@ -450,7 +450,7 @@ static subtitle *sub_read_line_subviewer(stream_t *st,subtitle *current, + return sub_ass_read_line_subviewer(st, current, args); + while (!current->text[0]) { + if (!stream_read_line (st, line, LINE_LEN, utf16)) return NULL; +- if ((len=sscanf (line, "%d:%d:%d%[,.:]%d --> %d:%d:%d%[,.:]%d",&a1,&a2,&a3,(char *)&i,&a4,&b1,&b2,&b3,(char *)&i,&b4)) < 10) ++ if ((len=sscanf (line, "%d:%d:%d%*1[,.:]%d --> %d:%d:%d%*1[,.:]%d",&a1,&a2,&a3,&a4,&b1,&b2,&b3,&b4)) < 8) + continue; + current->start = a1*360000+a2*6000+a3*100+a4/10; + current->end = b1*360000+b2*6000+b3*100+b4/10; +-- +1.8.1.6 + |