Control: tags -1 + patch pending Dear maintainer,
Johannes Brandstätter prepared an NMU for libmpeg3 (versioned as 1.5.4-5.1) and I've uploaded it to DELAYED/2. Please feel free to tell me if I should delay it longer. Regards. -- Sebastian Ramacher
diff -u libmpeg3-1.5.4/debian/changelog libmpeg3-1.5.4/debian/changelog
--- libmpeg3-1.5.4/debian/changelog
+++ libmpeg3-1.5.4/debian/changelog
@@ -1,3 +1,10 @@
+libmpeg3 (1.5.4-5.1) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * Fix stack overflow in read_toc. (Closes: #729275)
+
+ -- Johannes Brandstätter <jbran...@2ds.eu> Sat, 26 Apr 2014 21:13:35 +0200
+
libmpeg3 (1.5.4-5) unstable; urgency=low
* Fixed syntax in Makefile for compatibility with new make. Thanks, Daniel
only in patch2:
unchanged:
--- libmpeg3-1.5.4.orig/libmpeg3.c
+++ libmpeg3-1.5.4/libmpeg3.c
@@ -277,7 +277,7 @@
// Titles
while(buffer[position] == TITLE_PATH)
{
- char string[MPEG3_STRLEN];
+ char string[MPEG3_STRLEN+1];
int string_len = 0;
mpeg3_title_t *title;
FILE *test_fd;
@@ -289,7 +289,18 @@
strcpy(string, RENDERFARM_FS_PREFIX);
string_len = vfs_len;
}
- while(buffer[position] != 0) string[string_len++] = buffer[position++];
+ while(buffer[position] != 0)
+ {
+ if (string_len < MPEG3_STRLEN)
+ {
+ string[string_len++] = buffer[position++];
+ }
+ else
+ {
+ fprintf(stderr, "read_toc: invalid string len\n");
+ return 1;
+ }
+ }
string[string_len++] = 0;
position++;
signature.asc
Description: Digital signature
