From b9153ed9546ab00eb78c30899a62d3e868a7a778 Mon Sep 17 00:00:00 2001
From: Peter Korsgaard <peter@korsgaard.com>
Date: Mon, 3 Jul 2017 17:01:40 +0200
Subject: vlc: add upstream security patches fixing CVE-2017-10699

avcodec 2.2.x, as used in VideoLAN VLC media player 2.2.7-x before
2017-06-29, allows out-of-bounds heap memory write due to calling memcpy()
with a wrong size, leading to a denial of service (application crash) or
possibly code execution.

https://trac.videolan.org/vlc/ticket/18467

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
 ...r-check-visible-size-when-creating-buffer.patch | 33 ++++++++++++++++++++++
 1 file changed, 33 insertions(+)
 create mode 100644 package/vlc/0014-decoder-check-visible-size-when-creating-buffer.patch

(limited to 'package/vlc/0014-decoder-check-visible-size-when-creating-buffer.patch')

diff --git a/package/vlc/0014-decoder-check-visible-size-when-creating-buffer.patch b/package/vlc/0014-decoder-check-visible-size-when-creating-buffer.patch
new file mode 100644
index 0000000000..a16dcf0e97
--- /dev/null
+++ b/package/vlc/0014-decoder-check-visible-size-when-creating-buffer.patch
@@ -0,0 +1,33 @@
+From a38a85db58c569cc592d9380cc07096757ef3d49 Mon Sep 17 00:00:00 2001
+From: Francois Cartegnie <fcvlcdev@free.fr>
+Date: Thu, 29 Jun 2017 11:09:02 +0200
+Subject: [PATCH] decoder: check visible size when creating buffer
+
+early reject invalid visible size
+mishandled by filters.
+
+refs #18467
+
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
+---
+ src/input/decoder.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/src/input/decoder.c b/src/input/decoder.c
+index 2c0823f..a216165 100644
+--- a/src/input/decoder.c
++++ b/src/input/decoder.c
+@@ -2060,7 +2060,9 @@ static picture_t *vout_new_buffer( decoder_t *p_dec )
+         vout_thread_t *p_vout;
+ 
+         if( !p_dec->fmt_out.video.i_width ||
+-            !p_dec->fmt_out.video.i_height )
++            !p_dec->fmt_out.video.i_height ||
++            p_dec->fmt_out.video.i_width < p_dec->fmt_out.video.i_visible_width ||
++            p_dec->fmt_out.video.i_height < p_dec->fmt_out.video.i_visible_height )
+         {
+             /* Can't create a new vout without display size */
+             return NULL;
+-- 
+2.1.4
+
-- 
cgit v1.2.3