svn commit: r463910 - in branches/2018Q1/multimedia/libvpx: . files

Jan Beich jbeich at FreeBSD.org
Thu Mar 8 18:34:28 UTC 2018 

Author: jbeich
Date: Thu Mar  8 18:34:26 2018
New Revision: 463910
URL: https://svnweb.freebsd.org/changeset/ports/463910

Log:
  multimedia/libvpx: backport vpx_image fix (direct commit)
  
  Reported by:	Debian
  Obtained from:	upstream (libvpx 1.7.0)
  Approved by:	ports-secteam blanket

Added:
  branches/2018Q1/multimedia/libvpx/files/patch-CVE-2017-13194   (contents, props changed)
Modified:
  branches/2018Q1/multimedia/libvpx/Makefile

Modified: branches/2018Q1/multimedia/libvpx/Makefile
==============================================================================
--- branches/2018Q1/multimedia/libvpx/Makefile	Thu Mar  8 17:21:23 2018	(r463909)
+++ branches/2018Q1/multimedia/libvpx/Makefile	Thu Mar  8 18:34:26 2018	(r463910)
@@ -4,7 +4,7 @@
 PORTNAME=	libvpx
 DISTVERSIONPREFIX=	v
 DISTVERSION=	1.6.1
-PORTREVISION=	4
+PORTREVISION=	5
 CATEGORIES=	multimedia
 
 PATCH_SITES=	https://github.com/${GH_ACCOUNT}/${GH_PROJECT}/commit/

Added: branches/2018Q1/multimedia/libvpx/files/patch-CVE-2017-13194
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ branches/2018Q1/multimedia/libvpx/files/patch-CVE-2017-13194	Thu Mar  8 18:34:26 2018	(r463910)
@@ -0,0 +1,43 @@
+https://chromium.googlesource.com/webm/libvpx/+/5a40c8fde11b%5E!/
+https://chromium.googlesource.com/webm/libvpx/+/33c598990bc7%5E!/
+
+--- vpx/src/vpx_image.c.orig	2017-01-12 20:27:27 UTC
++++ vpx/src/vpx_image.c
+@@ -88,11 +88,10 @@ static vpx_image_t *img_alloc_helper(vpx_image_t *img,
+     default: ycs = 0; break;
+   }
+ 
+-  /* Calculate storage sizes given the chroma subsampling */
+-  align = (1 << xcs) - 1;
+-  w = (d_w + align) & ~align;
+-  align = (1 << ycs) - 1;
+-  h = (d_h + align) & ~align;
++  /* Calculate storage sizes. If the buffer was allocated externally, the width
++   * and height shouldn't be adjusted. */
++  w = d_w;
++  h = d_h;
+   s = (fmt & VPX_IMG_FMT_PLANAR) ? w : bps * w / 8;
+   s = (s + stride_align - 1) & ~(stride_align - 1);
+   stride_in_bytes = (fmt & VPX_IMG_FMT_HIGHBITDEPTH) ? s * 2 : s;
+@@ -111,9 +110,18 @@ static vpx_image_t *img_alloc_helper(vpx_image_t *img,
+   img->img_data = img_data;
+ 
+   if (!img_data) {
+-    const uint64_t alloc_size = (fmt & VPX_IMG_FMT_PLANAR)
+-                                    ? (uint64_t)h * s * bps / 8
+-                                    : (uint64_t)h * s;
++    uint64_t alloc_size;
++    /* Calculate storage sizes given the chroma subsampling */
++    align = (1 << xcs) - 1;
++    w = (d_w + align) & ~align;
++    align = (1 << ycs) - 1;
++    h = (d_h + align) & ~align;
++
++    s = (fmt & VPX_IMG_FMT_PLANAR) ? w : bps * w / 8;
++    s = (s + stride_align - 1) & ~(stride_align - 1);
++    stride_in_bytes = (fmt & VPX_IMG_FMT_HIGHBITDEPTH) ? s * 2 : s;
++    alloc_size = (fmt & VPX_IMG_FMT_PLANAR) ? (uint64_t)h * s * bps / 8
++                                            : (uint64_t)h * s;
+ 
+     if (alloc_size != (size_t)alloc_size) goto fail;
+

More information about the svn-ports-branches mailing list