Sophie

Sophie

distrib > Mageia > 1 > i586 > by-pkgid > 6988c923d007989602f730672aaeea1e > files > 10

avidemux-2.5.4-5.2.mga1.src.rpm

Description: fix denial of service and possible code execution via
 malformed file containing VP5 or VP6 streams
Origin: upstream, http://git.videolan.org/?p=ffmpeg.git;a=commit;h=2a6eb06254df79e96b3d791b6b89b2534ced3119
Origin: upstream, http://git.videolan.org/?p=ffmpeg.git;a=commit;h=bb4b0ad83b13c3af57675e80163f3f333adef96f
Origin: upstream, http://git.videolan.org/?p=ffmpeg.git;a=commit;h=e0966eb140b3569b3d6b5b5008961944ef229c06

Index: ffmpeg-0.6/libavcodec/vp5.c
===================================================================
--- ffmpeg-0.6.orig/libavcodec/vp5.c	2011-12-21 10:43:47.228450427 -0500
+++ ffmpeg-0.6/libavcodec/vp5.c	2011-12-21 10:44:54.204452524 -0500
@@ -182,7 +182,8 @@
         model1 = model->coeff_dccv[pt];
         model2 = model->coeff_dcct[pt][ctx];
 
-        for (coeff_idx=0; coeff_idx<64; ) {
+        coeff_idx = 0;
+        for (;;) {
             if (vp56_rac_get_prob(c, model2[0])) {
                 if (vp56_rac_get_prob(c, model2[2])) {
                     if (vp56_rac_get_prob(c, model2[3])) {
@@ -219,8 +220,11 @@
                 ct = 0;
                 s->coeff_ctx[vp56_b6to4[b]][coeff_idx] = 0;
             }
+            coeff_idx++;
+            if (coeff_idx >= 64)
+                break;
 
-            cg = vp5_coeff_groups[++coeff_idx];
+            cg = vp5_coeff_groups[coeff_idx];
             ctx = s->coeff_ctx[vp56_b6to4[b]][coeff_idx];
             model1 = model->coeff_ract[pt][ct][cg];
             model2 = cg > 2 ? model1 : model->coeff_acct[pt][ct][cg][ctx];
Index: ffmpeg-0.6/libavcodec/vp6.c
===================================================================
--- ffmpeg-0.6.orig/libavcodec/vp6.c	2011-12-21 10:43:43.612450314 -0500
+++ ffmpeg-0.6/libavcodec/vp6.c	2011-12-21 10:44:56.680452604 -0500
@@ -366,7 +366,7 @@
         if (b > 3) pt = 1;
         vlc_coeff = &s->dccv_vlc[pt];
 
-        for (coeff_idx=0; coeff_idx<64; ) {
+        for (coeff_idx = 0;;) {
             int run = 1;
             if (coeff_idx<2 && s->nb_null[coeff_idx][pt]) {
                 s->nb_null[coeff_idx][pt]--;
@@ -403,6 +403,8 @@
                 }
             }
             coeff_idx+=run;
+            if (coeff_idx >= 64)
+                break;
             cg = FFMIN(vp6_coeff_groups[coeff_idx], 3);
             vlc_coeff = &s->ract_vlc[pt][ct][cg];
         }
@@ -430,7 +432,8 @@
         model1 = model->coeff_dccv[pt];
         model2 = model->coeff_dcct[pt][ctx];
 
-        for (coeff_idx=0; coeff_idx<64; ) {
+        coeff_idx = 0;
+        for (;;) {
             if ((coeff_idx>1 && ct==0) || vp56_rac_get_prob(c, model2[0])) {
                 /* parse a coeff */
                 if (vp56_rac_get_prob(c, model2[2])) {
@@ -471,8 +474,10 @@
                             run += vp56_rac_get_prob(c, model3[i+8]) << i;
                 }
             }
-
-            cg = vp6_coeff_groups[coeff_idx+=run];
+            coeff_idx += run;
+            if (coeff_idx >= 64)
+                break;
+            cg = vp6_coeff_groups[coeff_idx];
             model1 = model2 = model->coeff_ract[pt][ct][cg];
         }

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional