tags 507165 patch thanks attached is what i believe is a patch for this problem against the version in unstable. i haven't tested this yet, but it looks very straightforward... review appreciated in any event.
i'm rolling this along with the patch for the CVE-2008-5234 into an
upcoming nmu.
sean
--
--- old/src/demuxers/demux_qt.c 2008-12-26 20:20:39.000000000 +0100
+++ good/src/demuxers/demux_qt.c 2008-12-26 20:26:32.000000000 +0100
@@ -947,10 +947,18 @@
/* allocate space for each of the properties unions */
trak->stsd_atoms_count = _X_BE_32(&trak_atom[i + 8]);
- trak->stsd_atoms = calloc(trak->stsd_atoms_count, sizeof(properties_t));
- if (!trak->stsd_atoms) {
- last_error = QT_NO_MEMORY;
+ /* add sanity check on user-supplied data */
+ if(trak->stsd_atoms_count <= 0) {
+ last_error = QT_NOT_A_VALID_FILE;
+ trak->stsd_atoms_count = 0;
+ trak->stsd_atoms = NULL;
goto free_trak;
+ } else {
+ trak->stsd_atoms = calloc(trak->stsd_atoms_count, sizeof(properties_t));
+ if (!trak->stsd_atoms) {
+ last_error = QT_NO_MEMORY;
+ goto free_trak;
+ }
}
atom_pos = i + 0x10;
signature.asc
Description: Digital signature
