commit 0d8e7d84d7c91b69bfe17f0e234d5131e9bf210f Author: leigh123linux <leigh123linux(a)googlemail.com&gt; Date: Sat May 27 09:35:15 2017 +0100 Add patch to fix potential heap buffer overflow fix_heap_buffer_overflow.patch | 42 ++++++++++++++++++++++++++++++++++++++++++ vlc.spec | 10 +++++++++- 2 files changed, 51 insertions(+), 1 deletion(-) --- diff --git a/fix_heap_buffer_overflow.patch b/fix_heap_buffer_overflow.patch new file mode 100644 index 0000000..b5b7d24 --- /dev/null +++ b/fix_heap_buffer_overflow.patch @@ -0,0 +1,42 @@ +--- a/modules/demux/subtitle.c ++++ b/modules/demux/subtitle.c +@@ -1690,7 +1690,8 @@ + if( !s ) + return VLC_EGENERIC; + +- psz_orig = malloc( strlen( s ) + 1 ); ++ size_t line_length = strlen( s ); ++ psz_orig = malloc( line_length + 1 ); + if( !psz_orig ) + return VLC_ENOMEM; + psz_text = psz_orig; +@@ -1730,6 +1731,8 @@ + { + case 'S': + shift = isalpha( (unsigned char)psz_text[2] ) ? 6 : 2 ; ++ if ( shift > line_length ) ++ continue; + + if( sscanf( &psz_text[shift], "%d", &h ) ) + { +@@ -1767,6 +1770,8 @@ + + case 'T': + shift = isalpha( (unsigned char)psz_text[2] ) ? 8 : 2 ; ++ if ( shift > line_length ) ++ continue; + + sscanf( &psz_text[shift], "%d", &p_sys->jss.i_time_resolution ); + break; +@@ -1884,8 +1889,8 @@ + if( (*(psz_text + 1 ) ) == '~' || (*(psz_text + 1 ) ) == '{' || + (*(psz_text + 1 ) ) == '\\' ) + psz_text++; +- else if( *(psz_text + 1 ) == '\r' || *(psz_text + 1 ) == '\n' || +- *(psz_text + 1 ) == '\0' ) ++ else if( ( *(psz_text + 1 ) == '\r' || *(psz_text + 1 ) == '\n' ) && ++ *(psz_text + 1 ) != '\0' ) + { + psz_text++; + } + diff --git a/vlc.spec b/vlc.spec index ef15d0a..cd57e59 100644 --- a/vlc.spec +++ b/vlc.spec @@ -33,7 +33,7 @@ Summary: The cross-platform open-source multimedia framework, player and server Name: vlc Version: 3.0.0 -Release: 0.16%{?dist} +Release: 0.17%{?dist} License: GPLv2+ Group: Applications/Multimedia URL: http://www.videolan.org @@ -43,6 +43,10 @@ Source0: http://nightlies.videolan.org/build/source/vlc-%{version}%{?vlc_rc}.tar Patch0: disable_hidpi_scaling.patch Patch1: 0001-Fix-lirc-activation-after-detection.patch Patch2: 0001-Revert-qt-add-Wayland-run-time-detection.patch +# Fix potential heap buffer overflow +# https://git.videolan.org/?p=vlc.git;a=commit;h=611398fc8d32f3fe4331f60b22... +# https://git.videolan.org/?p=vlc.git;a=commit;h=f2b1f9e3538fc30ecc22b90bcb... +Patch3: fix_heap_buffer_overflow.patch BuildRequires: desktop-file-utils BuildRequires: libappstream-glib @@ -243,6 +247,7 @@ VLC media player extras modules. %patch0 -p1 %patch1 -p1 %patch2 -p1 +%patch3 -p1 %{?_with_bootstrap: rm aclocal.m4 m4/lib*.m4 m4/lt*.m4 || : ./bootstrap @@ -520,6 +525,9 @@ fi || : %changelog +* Sat May 27 2017 Leigh Scott <leigh123linux(a)googlemail.com&gt; - 3.0.0-0.17 +- Add patch to fix potential heap buffer overflow + * Tue Jan 31 2017 Nicolas Chauvet <kwizart(a)gmail.com&gt; - 3.0.0-0.16 - Add daala support