add patch from upstream to fix possible memory allocation problems in the SWF demuxer, fixes SA51464 originally (wrongly) rteported against vlc bump PKGREVdiff -r1.96 -r1.97 pkgsrc/multimedia/ffmpeg/Makefile
(drochner)
@@ -1,17 +1,19 @@ | @@ -1,17 +1,19 @@ | |||
1 | # $NetBSD: Makefile,v 1.96 2012/12/19 11:59:35 jperkin Exp $ | 1 | # $NetBSD: Makefile,v 1.97 2012/12/19 14:58:33 drochner Exp $ | |
2 | 2 | |||
3 | PKGNAME= ffmpeg-20121209.${DISTVERSION} | 3 | PKGNAME= ffmpeg-20121209.${DISTVERSION} | |
4 | 4 | |||
5 | PKGREVISION= 1 | |||
6 | ||||
5 | MAINTAINER= pkgsrc-users@NetBSD.org | 7 | MAINTAINER= pkgsrc-users@NetBSD.org | |
6 | HOMEPAGE= http://ffmpeg.mplayerhq.hu/ | 8 | HOMEPAGE= http://ffmpeg.mplayerhq.hu/ | |
7 | COMMENT= Decoding, encoding and streaming software | 9 | COMMENT= Decoding, encoding and streaming software | |
8 | 10 | |||
9 | CONFIGURE_ARGS+= --enable-avfilter | 11 | CONFIGURE_ARGS+= --enable-avfilter | |
10 | #CONFIGURE_ARGS+= --enable-avfilter-lavf | 12 | #CONFIGURE_ARGS+= --enable-avfilter-lavf | |
11 | CONFIGURE_ARGS+= --enable-postproc | 13 | CONFIGURE_ARGS+= --enable-postproc | |
12 | 14 | |||
13 | INSTALLATION_DIRS= lib share/examples/ffmpeg share/doc/ffmpeg | 15 | INSTALLATION_DIRS= lib share/examples/ffmpeg share/doc/ffmpeg | |
14 | 16 | |||
15 | CONF_FILES+= ${PREFIX}/share/examples/ffmpeg/ffserver.conf \ | 17 | CONF_FILES+= ${PREFIX}/share/examples/ffmpeg/ffserver.conf \ | |
16 | ${PKG_SYSCONFDIR}/ffserver.conf | 18 | ${PKG_SYSCONFDIR}/ffserver.conf | |
17 | 19 |
@@ -1,9 +1,10 @@ | @@ -1,9 +1,10 @@ | |||
1 | $NetBSD: distinfo,v 1.61 2012/12/16 13:43:10 wiz Exp $ | 1 | $NetBSD: distinfo,v 1.62 2012/12/19 14:58:33 drochner Exp $ | |
2 | 2 | |||
3 | SHA1 (ffmpeg-1.0.1.tar.bz2) = 007465d01dcd4cae973285f89f5c6c500602a3ec | 3 | SHA1 (ffmpeg-1.0.1.tar.bz2) = 007465d01dcd4cae973285f89f5c6c500602a3ec | |
4 | RMD160 (ffmpeg-1.0.1.tar.bz2) = 363ba32002ed79def6d0f160975b751d15818c1e | 4 | RMD160 (ffmpeg-1.0.1.tar.bz2) = 363ba32002ed79def6d0f160975b751d15818c1e | |
5 | Size (ffmpeg-1.0.1.tar.bz2) = 6446587 bytes | 5 | Size (ffmpeg-1.0.1.tar.bz2) = 6446587 bytes | |
6 | SHA1 (patch-SA51464) = ffafc874ef3313c1228d0bba1bae7f327bec7b9c | |||
6 | SHA1 (patch-aa) = 43f68708e26723ec2e523578090d13bc79014066 | 7 | SHA1 (patch-aa) = 43f68708e26723ec2e523578090d13bc79014066 | |
7 | SHA1 (patch-ac) = 1c1c4f086328216f5d0cd9339171efa22065259a | 8 | SHA1 (patch-ac) = 1c1c4f086328216f5d0cd9339171efa22065259a | |
8 | SHA1 (patch-ap) = 0ea32afb145b55f0186fb14b1b07568d7442ddf3 | 9 | SHA1 (patch-ap) = 0ea32afb145b55f0186fb14b1b07568d7442ddf3 | |
9 | SHA1 (patch-configure) = 7b89801bffb8d5e41c1c7f6bb5c69ed0cd1c1de4 | 10 | SHA1 (patch-configure) = 7b89801bffb8d5e41c1c7f6bb5c69ed0cd1c1de4 |
$NetBSD: patch-SA51464,v 1.1 2012/12/19 14:58:33 drochner Exp $
see https://trac.videolan.org/vlc/ticket/7860
--- libavformat/swfdec.c.orig 2012-12-03 21:17:35.000000000 +0000
+++ libavformat/swfdec.c
@@ -153,6 +153,10 @@ static int swf_read_packet(AVFormatConte
tag = get_swf_tag(pb, &len);
if (tag < 0)
return tag;
+ if (len < 0) {
+ av_log(s, AV_LOG_ERROR, "invalid tag length: %d\n", len);
+ return AVERROR_INVALIDDATA;
+ }
if (tag == TAG_VIDEOSTREAM) {
int ch_id = avio_rl16(pb);
len -= 2;
@@ -208,7 +212,10 @@ static int swf_read_packet(AVFormatConte
st = s->streams[i];
if (st->codec->codec_type == AVMEDIA_TYPE_VIDEO && st->id == ch_id) {
frame = avio_rl16(pb);
- if ((res = av_get_packet(pb, pkt, len-2)) < 0)
+ len -= 2;
+ if (len <= 0)
+ goto skip;
+ if ((res = av_get_packet(pb, pkt, len)) < 0)
return res;
pkt->pos = pos;
pkt->pts = frame;
@@ -220,17 +227,22 @@ static int swf_read_packet(AVFormatConte
for (i = 0; i < s->nb_streams; i++) {
st = s->streams[i];
if (st->codec->codec_type == AVMEDIA_TYPE_AUDIO && st->id == -1) {
- if (st->codec->codec_id == AV_CODEC_ID_MP3) {
- avio_skip(pb, 4);
- if ((res = av_get_packet(pb, pkt, len-4)) < 0)
- return res;
- } else { // ADPCM, PCM
- if ((res = av_get_packet(pb, pkt, len)) < 0)
- return res;
- }
- pkt->pos = pos;
- pkt->stream_index = st->index;
- return pkt->size;
+ if (st->codec->codec_id == AV_CODEC_ID_MP3) {
+ avio_skip(pb, 4);
+ len -= 4;
+ if (len <= 0)
+ goto skip;
+ if ((res = av_get_packet(pb, pkt, len)) < 0)
+ return res;
+ } else { // ADPCM, PCM
+ if (len <= 0)
+ goto skip;
+ if ((res = av_get_packet(pb, pkt, len)) < 0)
+ return res;
+ }
+ pkt->pos = pos;
+ pkt->stream_index = st->index;
+ return pkt->size;
}
}
} else if (tag == TAG_JPEG2) {
@@ -250,7 +262,10 @@ static int swf_read_packet(AVFormatConte
st = vst;
}
avio_rl16(pb); /* BITMAP_ID */
- if ((res = av_new_packet(pkt, len-2)) < 0)
+ len -= 2;
+ if (len < 4)
+ goto skip;
+ if ((res = av_new_packet(pkt, len)) < 0)
return res;
avio_read(pb, pkt->data, 4);
if (AV_RB32(pkt->data) == 0xffd8ffd9 ||
@@ -267,6 +282,9 @@ static int swf_read_packet(AVFormatConte
return pkt->size;
}
skip:
+ if(len<0)
+ av_log(s, AV_LOG_WARNING, "Cliping len %d\n", len);
+ len = FFMAX(0, len);
avio_skip(pb, len);
}
}