hi, forgot the patch. Cheers Nico -- Nico Golde - http://ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
diff -u mplayer-1.0~rc1/debian/changelog mplayer-1.0~rc1/debian/changelog
--- mplayer-1.0~rc1/debian/changelog
+++ mplayer-1.0~rc1/debian/changelog
@@ -1,3 +1,11 @@
+mplayer (1.0~rc1-16.1) unstable; urgency=high
+
+ * Non-maintainer upload by testing security team.
+ * Check wLongsPerEntry in aviheader.c before using it to prevent
+ possible NULL pointer dereference (CVE-2007-4938) (Closes: #443478).
+
+ -- Nico Golde <[EMAIL PROTECTED]> Tue, 25 Sep 2007 12:39:15 +0200
+
mplayer (1.0~rc1-16) unstable; urgency=low
* compile for --mcpu=ev5 on alpha; fixes "Illegal instruction on EV56",
only in patch2:
unchanged:
--- mplayer-1.0~rc1.orig/libmpdemux/aviheader.c
+++ mplayer-1.0~rc1/libmpdemux/aviheader.c
@@ -227,16 +227,18 @@
print_avisuperindex_chunk(s,MSGL_V);
- if( ((chunksize/4)/s->wLongsPerEntry) < s->nEntriesInUse){
- mp_msg (MSGT_HEADER, MSGL_WARN, "Broken super index chunk\n");
- s->nEntriesInUse = (chunksize/4)/s->wLongsPerEntry;
- }
-
// Check and fix this useless crap
if(s->wLongsPerEntry != sizeof (avisuperindex_entry)/4) {
mp_msg (MSGT_HEADER, MSGL_WARN, "Broken super index chunk size: %u\n",s->wLongsPerEntry);
s->wLongsPerEntry = sizeof(avisuperindex_entry)/4;
}
+
+
+ if( ((chunksize/4)/s->wLongsPerEntry) < s->nEntriesInUse){
+ mp_msg (MSGT_HEADER, MSGL_WARN, "Broken super index chunk\n");
+ s->nEntriesInUse = (chunksize/4)/s->wLongsPerEntry;
+ }
+
s->aIndex = calloc(s->nEntriesInUse, sizeof (avisuperindex_entry));
s->stdidx = calloc(s->nEntriesInUse, sizeof (avistdindex_chunk));
pgpkStsWB0ZD1.pgp
Description: PGP signature
