From 637a8a9e9bf20fd8e01304bba6617277db026c89 Mon Sep 17 00:00:00 2001 From: Kevin Mihelich Date: Wed, 9 Mar 2011 01:40:49 -0500 Subject: [PATCH] updated extra/libvpx --- extra/libvpx/CVE-2010-4203.patch | 69 -------------------------------- extra/libvpx/PKGBUILD | 17 ++++---- 2 files changed, 9 insertions(+), 77 deletions(-) delete mode 100644 extra/libvpx/CVE-2010-4203.patch diff --git a/extra/libvpx/CVE-2010-4203.patch b/extra/libvpx/CVE-2010-4203.patch deleted file mode 100644 index 41210bb09..000000000 --- a/extra/libvpx/CVE-2010-4203.patch +++ /dev/null @@ -1,69 +0,0 @@ -From: John Koleszar -Date: Thu, 4 Nov 2010 20:59:26 +0000 (-0400) -Subject: fix integer promotion bug in partition size check -X-Git-Url: https://review.webmproject.org/gitweb?p=libvpx.git;a=commitdiff_plain;h=9fb80f7170ec48e23c3c7b477149eeb37081c699;hp=09bcc1f710ea65dc158639479288fb1908ff0c53 - -fix integer promotion bug in partition size check - -The check '(user_data_end - partition < partition_size)' must be -evaluated as a signed comparison, but because partition_size was -unsigned, the LHS was promoted to unsigned, causing an incorrect -result on 32-bit. Instead, check the upper and lower bounds of -the segment separately. - -Change-Id: I6266aba7fd7de084268712a3d2a81424ead7aa06 ---- - -diff --git a/vp8/decoder/decodframe.c b/vp8/decoder/decodframe.c -index 2d81d61..f5e49a1 100644 ---- a/vp8/decoder/decodframe.c -+++ b/vp8/decoder/decodframe.c -@@ -462,7 +462,8 @@ static void setup_token_decoder(VP8D_COMP *pbi, - partition_size = user_data_end - partition; - } - -- if (user_data_end - partition < partition_size) -+ if (partition + partition_size > user_data_end -+ || partition + partition_size < partition) - vpx_internal_error(&pc->error, VPX_CODEC_CORRUPT_FRAME, - "Truncated packet or corrupt partition " - "%d length", i + 1); -@@ -580,7 +581,8 @@ int vp8_decode_frame(VP8D_COMP *pbi) - (data[0] | (data[1] << 8) | (data[2] << 16)) >> 5; - data += 3; - -- if (data_end - data < first_partition_length_in_bytes) -+ if (data + first_partition_length_in_bytes > data_end -+ || data + first_partition_length_in_bytes < data) - vpx_internal_error(&pc->error, VPX_CODEC_CORRUPT_FRAME, - "Truncated packet or corrupt partition 0 length"); - vp8_setup_version(pc); -diff --git a/vp8/vp8_dx_iface.c b/vp8/vp8_dx_iface.c -index e7e5356..f0adf5b 100644 ---- a/vp8/vp8_dx_iface.c -+++ b/vp8/vp8_dx_iface.c -@@ -253,8 +253,11 @@ static vpx_codec_err_t vp8_peek_si(const uint8_t *data, - unsigned int data_sz, - vpx_codec_stream_info_t *si) - { -- - vpx_codec_err_t res = VPX_CODEC_OK; -+ -+ if(data + data_sz <= data) -+ res = VPX_CODEC_INVALID_PARAM; -+ else - { - /* Parse uncompresssed part of key frame header. - * 3 bytes:- including version, frame type and an offset -@@ -331,7 +334,10 @@ static vpx_codec_err_t vp8_decode(vpx_codec_alg_priv_t *ctx, - - ctx->img_avail = 0; - -- /* Determine the stream parameters */ -+ /* Determine the stream parameters. Note that we rely on peek_si to -+ * validate that we have a buffer that does not wrap around the top -+ * of the heap. -+ */ - if (!ctx->si.h) - res = ctx->base.iface->dec.peek_si(data, data_sz, &ctx->si); - diff --git a/extra/libvpx/PKGBUILD b/extra/libvpx/PKGBUILD index 2b7b2fc23..e5847dcc3 100644 --- a/extra/libvpx/PKGBUILD +++ b/extra/libvpx/PKGBUILD @@ -1,4 +1,4 @@ -# $Id: PKGBUILD 100998 2010-11-27 10:13:02Z ibiru $ +# $Id: PKGBUILD 113425 2011-03-08 16:40:27Z ibiru $ # Maintainer: Ionut Biru # PlugApps: Kevin Mihelich @@ -7,22 +7,19 @@ plugrel=1 pkgname=libvpx -pkgver=0.9.5 -pkgrel=2 +pkgver=0.9.6 +pkgrel=1 pkgdesc="The VP8 Codec SDK" arch=('i686' 'x86_64') url="http://www.webmproject.org/" license=('BSD') depends=('glibc') makedepends=('yasm') -source=(http://webm.googlecode.com/files/${pkgname}-v${pkgver}.tar.bz2 - CVE-2010-4203.patch) -sha1sums=('223965ff16737251afb3377c0800d1f8b5f84379' - '4a6399bbf604ab397f53ad42c087fda588eb4ddf') +source=(http://webm.googlecode.com/files/${pkgname}-v${pkgver}.tar.bz2) +sha1sums=('a3522bd2b73d52381ba767ded1cbf4760e9cc6f8') build() { cd "${srcdir}/${pkgname}-v${pkgver}" - patch -Np1 -i "${srcdir}/CVE-2010-4203.patch" ./configure --enable-vp8 \ --enable-runtime-cpu-detect \ --enable-postproc \ @@ -30,6 +27,10 @@ build() { --disable-install-docs \ --disable-install-srcs make +} + +package() { + cd "${srcdir}/${pkgname}-v${pkgver}" make DIST_DIR="$pkgdir/usr" install install -D -m 0644 LICENSE "$pkgdir/usr/share/licenses/${pkgname}/LICENSE" }