Control: tags -1 + patch pending Dear maintainer,
Johannes Brandstätter prepared an NMU for libmpeg3 (versioned as 1.5.4-5.1) and I've uploaded it to DELAYED/2. Please feel free to tell me if I should delay it longer. Regards. -- Sebastian Ramacher
diff -u libmpeg3-1.5.4/debian/changelog libmpeg3-1.5.4/debian/changelog --- libmpeg3-1.5.4/debian/changelog +++ libmpeg3-1.5.4/debian/changelog @@ -1,3 +1,10 @@ +libmpeg3 (1.5.4-5.1) unstable; urgency=medium + + * Non-maintainer upload. + * Fix stack overflow in read_toc. (Closes: #729275) + + -- Johannes Brandstätter <jbran...@2ds.eu> Sat, 26 Apr 2014 21:13:35 +0200 + libmpeg3 (1.5.4-5) unstable; urgency=low * Fixed syntax in Makefile for compatibility with new make. Thanks, Daniel only in patch2: unchanged: --- libmpeg3-1.5.4.orig/libmpeg3.c +++ libmpeg3-1.5.4/libmpeg3.c @@ -277,7 +277,7 @@ // Titles while(buffer[position] == TITLE_PATH) { - char string[MPEG3_STRLEN]; + char string[MPEG3_STRLEN+1]; int string_len = 0; mpeg3_title_t *title; FILE *test_fd; @@ -289,7 +289,18 @@ strcpy(string, RENDERFARM_FS_PREFIX); string_len = vfs_len; } - while(buffer[position] != 0) string[string_len++] = buffer[position++]; + while(buffer[position] != 0) + { + if (string_len < MPEG3_STRLEN) + { + string[string_len++] = buffer[position++]; + } + else + { + fprintf(stderr, "read_toc: invalid string len\n"); + return 1; + } + } string[string_len++] = 0; position++;
signature.asc
Description: Digital signature