diff options
| author | Mark H Weaver <mhw@netris.org> | 2015-12-17 12:07:13 -0500 |
|---|---|---|
| committer | Mark H Weaver <mhw@netris.org> | 2015-12-17 14:12:06 -0500 |
| commit | 3faf214a0b58c10e9838fcbf59f139172fe4a871 (patch) | |
| tree | 5530a388f5930964a02bb26ae010abb6140de845 /gnu/packages/patches/icecat-CVE-2015-7213-pt1.patch | |
| parent | cbbe1a1c2c7ca86e348656ae3b7197d53c2527f2 (diff) | |
| download | guix-3faf214a0b58c10e9838fcbf59f139172fe4a871.tar.gz | |
gnu: icecat: Add fixes for several security flaws.
* gnu/packages/patches/icecat-CVE-2015-7201-pt1.patch, gnu/packages/patches/icecat-CVE-2015-7201-pt2.patch, gnu/packages/patches/icecat-CVE-2015-7201-pt3.patch, gnu/packages/patches/icecat-CVE-2015-7205.patch, gnu/packages/patches/icecat-CVE-2015-7210.patch, gnu/packages/patches/icecat-CVE-2015-7212.patch, gnu/packages/patches/icecat-CVE-2015-7213-pt1.patch, gnu/packages/patches/icecat-CVE-2015-7213-pt2.patch, gnu/packages/patches/icecat-CVE-2015-7214.patch, gnu/packages/patches/icecat-CVE-2015-7222-pt1.patch, gnu/packages/patches/icecat-CVE-2015-7222-pt2.patch, gnu/packages/patches/icecat-CVE-2015-7222-pt3.patch: New files. * gnu-system.am (dist_patch_DATA): Add them. * gnu/packages/gnuzilla.scm (icecat)[source]: Add patches.
Diffstat (limited to 'gnu/packages/patches/icecat-CVE-2015-7213-pt1.patch')
| -rw-r--r-- | gnu/packages/patches/icecat-CVE-2015-7213-pt1.patch | 32 |
1 files changed, 32 insertions, 0 deletions
diff --git a/gnu/packages/patches/icecat-CVE-2015-7213-pt1.patch b/gnu/packages/patches/icecat-CVE-2015-7213-pt1.patch new file mode 100644 index 0000000000..854c91b8aa --- /dev/null +++ b/gnu/packages/patches/icecat-CVE-2015-7213-pt1.patch @@ -0,0 +1,32 @@ +From 3f31bf9e243fb3de26e36d6be0bb0153f51c5b2a Mon Sep 17 00:00:00 2001 +From: Jean-Yves Avenard <jyavenard@mozilla.com> +Date: Wed, 9 Dec 2015 09:54:58 +0100 +Subject: [PATCH] Bug 1206211 - P1. Ensure operation can't overflow. + r=kentuckyfriedtakahe, a=sylvestre + +--- + .../frameworks/av/media/libstagefright/MPEG4Extractor.cpp | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/media/libstagefright/frameworks/av/media/libstagefright/MPEG4Extractor.cpp b/media/libstagefright/frameworks/av/media/libstagefright/MPEG4Extractor.cpp +index 22163fa..318152a 100644 +--- a/media/libstagefright/frameworks/av/media/libstagefright/MPEG4Extractor.cpp ++++ b/media/libstagefright/frameworks/av/media/libstagefright/MPEG4Extractor.cpp +@@ -508,10 +508,13 @@ status_t MPEG4Extractor::readMetaData() { + CHECK_NE(err, (status_t)NO_INIT); + + // copy pssh data into file metadata +- int psshsize = 0; ++ uint64_t psshsize = 0; + for (size_t i = 0; i < mPssh.size(); i++) { + psshsize += 20 + mPssh[i].datalen; + } ++ if (psshsize > kMAX_ALLOCATION) { ++ return ERROR_MALFORMED; ++ } + if (psshsize) { + char *buf = (char*)malloc(psshsize); + char *ptr = buf; +-- +2.6.3 + |