vlc: add upstream security patches fixing CVE-2017-10699

avcodec 2.2.x, as used in VideoLAN VLC media player 2.2.7-x before
2017-06-29, allows out-of-bounds heap memory write due to calling memcpy()
with a wrong size, leading to a denial of service (application crash) or
possibly code execution.

https://trac.videolan.org/vlc/ticket/18467

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

1 files changed, 33 insertions, 0 deletions

diff --git a/package/vlc/0013-codec-avcodec-check-avcodec-visible-sizes.patch b/package/vlc/0013-codec-avcodec-check-avcodec-visible-sizes.patch
new file mode 100644
index 0000000000..41a5e25d38
--- /dev/null
+++ b/package/vlc/0013-codec-avcodec-check-avcodec-visible-sizes.patch
@@ -0,0 +1,33 @@
+From 6cc73bcad19da2cd2e95671173f2e0d203a57e9b Mon Sep 17 00:00:00 2001
+From: Francois Cartegnie <fcvlcdev@free.fr>
+Date: Thu, 29 Jun 2017 09:45:20 +0200
+Subject: [PATCH] codec: avcodec: check avcodec visible sizes
+
+refs #18467
+
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
+---
+ modules/codec/avcodec/video.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/modules/codec/avcodec/video.c b/modules/codec/avcodec/video.c
+index 1bcad21..ce52544 100644
+--- a/modules/codec/avcodec/video.c
++++ b/modules/codec/avcodec/video.c
+@@ -137,9 +137,11 @@ static inline picture_t *ffmpeg_NewPictBuf( decoder_t *p_dec,
+     }
+ 
+ 
+-    if( width == 0 || height == 0 || width > 8192 || height > 8192 )
++    if( width == 0 || height == 0 || width > 8192 || height > 8192 ||
++        width < p_context->width || height < p_context->height )
+     {
+-        msg_Err( p_dec, "Invalid frame size %dx%d.", width, height );
++        msg_Err( p_dec, "Invalid frame size %dx%d. vsz %dx%d",
++                 width, height, p_context->width, p_context->height );
+         return NULL; /* invalid display size */
+     }
+     p_dec->fmt_out.video.i_width = width;
+-- 
+2.1.4
+