svn commit: r392320 - in branches/2015Q3/multimedia/libav: . files

Mark Felder feld at FreeBSD.org
Thu Jul 16 20:31:46 UTC 2015 

Author: feld
Date: Thu Jul 16 20:31:44 2015
New Revision: 392320
URL: https://svnweb.freebsd.org/changeset/ports/392320

Log:
  MFH: r392316
  
  Add patch to resolve divide-by-zero CVE
  
  Security:	CVE-2015-5479
  Security:	a928960a-2bdc-11e5-86ff-14dae9d210b8
  Approved by:	ports-secteam (with hat)

Added:
  branches/2015Q3/multimedia/libav/files/patch-CVE-2015-5479
     - copied unchanged from r392316, head/multimedia/libav/files/patch-CVE-2015-5479
Modified:
  branches/2015Q3/multimedia/libav/Makefile
Directory Properties:
  branches/2015Q3/   (props changed)

Modified: branches/2015Q3/multimedia/libav/Makefile
==============================================================================
--- branches/2015Q3/multimedia/libav/Makefile	Thu Jul 16 20:30:21 2015	(r392319)
+++ branches/2015Q3/multimedia/libav/Makefile	Thu Jul 16 20:31:44 2015	(r392320)
@@ -2,7 +2,7 @@
 
 PORTNAME=	libav
 PORTVERSION=	11.3
-PORTREVISION=	1
+PORTREVISION=	3
 CATEGORIES=	multimedia audio ipv6 net
 MASTER_SITES=	http://libav.org/releases/
 

Copied: branches/2015Q3/multimedia/libav/files/patch-CVE-2015-5479 (from r392316, head/multimedia/libav/files/patch-CVE-2015-5479)
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ branches/2015Q3/multimedia/libav/files/patch-CVE-2015-5479	Thu Jul 16 20:31:44 2015	(r392320, copy of r392316, head/multimedia/libav/files/patch-CVE-2015-5479)
@@ -0,0 +1,51 @@
+From: Luca Barbato <lu_zero at gentoo.org>
+Date: Fri, 26 Jun 2015 13:57:16 +0000 (+0200)
+Subject: h263: Always check both dimensions
+X-Git-Url: https://git.libav.org/?p=libav.git;a=commitdiff_plain;h=0a49a62f998747cfa564d98d36a459fe70d3299b;hp=6f4cd33efb5a9ec75db1677d5f7846c60337129f
+
+h263: Always check both dimensions
+
+CC: libav-stable at libav.org
+Found-By: ago at gentoo.org
+---
+
+diff --git a/libavcodec/ituh263dec.c b/libavcodec/ituh263dec.c
+index b1da22f..b9189b2 100644
+--- libavcodec/ituh263dec.c.orig
++++ libavcodec/ituh263dec.c
+@@ -30,6 +30,7 @@
+ #include <limits.h>
+ 
+ #include "libavutil/attributes.h"
++#include "libavutil/imgutils.h"
+ #include "libavutil/internal.h"
+ #include "libavutil/mathematics.h"
+ #include "avcodec.h"
+@@ -868,7 +869,7 @@ end:
+ /* most is hardcoded. should extend to handle all h263 streams */
+ int ff_h263_decode_picture_header(MpegEncContext *s)
+ {
+-    int format, width, height, i;
++    int format, width, height, i, ret;
+     uint32_t startcode;
+ 
+     align_get_bits(&s->gb);
+@@ -919,8 +920,6 @@ int ff_h263_decode_picture_header(MpegEncContext *s)
+         /* H.263v1 */
+         width = ff_h263_format[format][0];
+         height = ff_h263_format[format][1];
+-        if (!width)
+-            return -1;
+ 
+         s->pict_type = AV_PICTURE_TYPE_I + get_bits1(&s->gb);
+ 
+@@ -1073,6 +1072,9 @@ int ff_h263_decode_picture_header(MpegEncContext *s)
+         s->qscale = get_bits(&s->gb, 5);
+     }
+ 
++    if ((ret = av_image_check_size(s->width, s->height, 0, s)) < 0)
++        return ret;
++
+     s->mb_width = (s->width  + 15) / 16;
+     s->mb_height = (s->height  + 15) / 16;
+     s->mb_num = s->mb_width * s->mb_height;

More information about the svn-ports-all mailing list