[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Freeze exception for xine-lib 1.1.14-3



Hi Darren,
* Darren Salt <linux@youmustbejoking.demon.co.uk> [2008-08-23 23:16]:
> I demand that Marc 'HE' Brockschmidt may or may not have written...
> 
> > Darren Salt <linux@youmustbejoking.demon.co.uk> writes:
> >> I demand that Marc 'HE' Brockschmidt may or may not have written...
> >>> Darren Salt <linux@youmustbejoking.demon.co.uk> writes:
> >>> [xine fixes]
> >>>> Uploaded and ready for unblocking...
> >>> Unblocked. Will need its 10 days, though.
> >> I'm going to have to do another upload: some patches which I've been
> >> sitting on (waiting for testing & review) have escaped into public view...
> 
> > All fine. Have new patches popped up in the meantime?
> 
> ... actually, ignore my other message about this, at least wrt the build fix:
> that's specific to 1.1.15.
> 
> Anyway. I've uploaded 1.1.14-3 to unstable; it has just the security patches
> which you've already seen, so I'm requesting an unblock...
[...] 
--- xine-lib-1.1.14.orig/src/demuxers/demux_mng.c
+++ xine-lib-1.1.14/src/demuxers/demux_mng.c
@@ -116,7 +116,9 @@
   this->bih.biHeight = height;
   this->left_edge = (this->bih.biWidth - width) / 2;

-  this->image = malloc(this->bih.biWidth * height * 3);
+  this->image = malloc((mng_size_t)this->bih.biWidth * (mng_size_t)height * 3);

Just changing types from signed to unsigned types is not preventing you from
getting an integer overflow.

Kind regards
Nico
-- 
Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.

Attachment: pgpapp5dlajAV.pgp
Description: PGP signature


Reply to: