archlinuxarm/PKGBUILDs
1
0
Fork 0
mirror of https://github.com/archlinuxarm/PKGBUILDs.git synced 2024-11-08 22:45:43 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Added extra/libvpx

Browse source
This commit is contained in:
Kevin Mihelich 2011-01-23 14:01:50 -05:00
parent aa6717500b
commit 6a0ab31d47
2 changed files with 104 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

69
extra/libvpx/CVE-2010-4203.patch Normal file
View file

@ -0,0 +1,69 @@
From: John Koleszar <jkoleszar@google.com>
Date: Thu, 4 Nov 2010 20:59:26 +0000 (-0400)
Subject: fix integer promotion bug in partition size check
X-Git-Url: https://review.webmproject.org/gitweb?p=libvpx.git;a=commitdiff_plain;h=9fb80f7170ec48e23c3c7b477149eeb37081c699;hp=09bcc1f710ea65dc158639479288fb1908ff0c53
fix integer promotion bug in partition size check
The check '(user_data_end - partition < partition_size)' must be
evaluated as a signed comparison, but because partition_size was
unsigned, the LHS was promoted to unsigned, causing an incorrect
result on 32-bit. Instead, check the upper and lower bounds of
the segment separately.
Change-Id: I6266aba7fd7de084268712a3d2a81424ead7aa06
---
diff --git a/vp8/decoder/decodframe.c b/vp8/decoder/decodframe.c
index 2d81d61..f5e49a1 100644
--- a/vp8/decoder/decodframe.c
+++ b/vp8/decoder/decodframe.c
@@ -462,7 +462,8 @@ static void setup_token_decoder(VP8D_COMP *pbi,
partition_size = user_data_end - partition;
}
- if (user_data_end - partition < partition_size)
+ if (partition + partition_size > user_data_end
+ || partition + partition_size < partition)
vpx_internal_error(&pc->error, VPX_CODEC_CORRUPT_FRAME,
"Truncated packet or corrupt partition "
"%d length", i + 1);
@@ -580,7 +581,8 @@ int vp8_decode_frame(VP8D_COMP *pbi)
(data[0] | (data[1] << 8) | (data[2] << 16)) >> 5;
data += 3;
- if (data_end - data < first_partition_length_in_bytes)
+ if (data + first_partition_length_in_bytes > data_end
+ || data + first_partition_length_in_bytes < data)
vpx_internal_error(&pc->error, VPX_CODEC_CORRUPT_FRAME,
"Truncated packet or corrupt partition 0 length");
vp8_setup_version(pc);
diff --git a/vp8/vp8_dx_iface.c b/vp8/vp8_dx_iface.c
index e7e5356..f0adf5b 100644
--- a/vp8/vp8_dx_iface.c
+++ b/vp8/vp8_dx_iface.c
@@ -253,8 +253,11 @@ static vpx_codec_err_t vp8_peek_si(const uint8_t *data,
unsigned int data_sz,
vpx_codec_stream_info_t *si)
{
-
vpx_codec_err_t res = VPX_CODEC_OK;
+
+ if(data + data_sz <= data)
+ res = VPX_CODEC_INVALID_PARAM;
+ else
{
/* Parse uncompresssed part of key frame header.
* 3 bytes:- including version, frame type and an offset
@@ -331,7 +334,10 @@ static vpx_codec_err_t vp8_decode(vpx_codec_alg_priv_t *ctx,
ctx->img_avail = 0;
- /* Determine the stream parameters */
+ /* Determine the stream parameters. Note that we rely on peek_si to
+ * validate that we have a buffer that does not wrap around the top
+ * of the heap.
+ */
if (!ctx->si.h)
res = ctx->base.iface->dec.peek_si(data, data_sz, &ctx->si);

35
extra/libvpx/PKGBUILD Normal file
View file

@ -0,0 +1,35 @@
# $Id: PKGBUILD 100998 2010-11-27 10:13:02Z ibiru $
# Maintainer: Ionut Biru <ibiru@archlinux.org>
# PlugApps: Kevin Mihelich <kevin@plugapps.com>
# - configure option --enable-shared isn't supported for us
plugrel=1
pkgname=libvpx
pkgver=0.9.5
pkgrel=2
pkgdesc="The VP8 Codec SDK"
arch=('i686' 'x86_64')
url="http://www.webmproject.org/"
license=('BSD')
depends=('glibc')
makedepends=('yasm')
source=(http://webm.googlecode.com/files/${pkgname}-v${pkgver}.tar.bz2
CVE-2010-4203.patch)
sha1sums=('223965ff16737251afb3377c0800d1f8b5f84379'
'4a6399bbf604ab397f53ad42c087fda588eb4ddf')
build() {
cd "${srcdir}/${pkgname}-v${pkgver}"
patch -Np1 -i "${srcdir}/CVE-2010-4203.patch"
./configure --enable-vp8 \
--enable-runtime-cpu-detect \
--enable-postproc \
--enable-pic \
--disable-install-docs \
--disable-install-srcs
make
make DIST_DIR="$pkgdir/usr" install
install -D -m 0644 LICENSE "$pkgdir/usr/share/licenses/${pkgname}/LICENSE"
}