Hi Darren, * Darren Salt <linux@youmustbejoking.demon.co.uk> [2008-08-23 23:16]: > I demand that Marc 'HE' Brockschmidt may or may not have written... > > > Darren Salt <linux@youmustbejoking.demon.co.uk> writes: > >> I demand that Marc 'HE' Brockschmidt may or may not have written... > >>> Darren Salt <linux@youmustbejoking.demon.co.uk> writes: > >>> [xine fixes] > >>>> Uploaded and ready for unblocking... > >>> Unblocked. Will need its 10 days, though. > >> I'm going to have to do another upload: some patches which I've been > >> sitting on (waiting for testing & review) have escaped into public view... > > > All fine. Have new patches popped up in the meantime? > > ... actually, ignore my other message about this, at least wrt the build fix: > that's specific to 1.1.15. > > Anyway. I've uploaded 1.1.14-3 to unstable; it has just the security patches > which you've already seen, so I'm requesting an unblock... [...] --- xine-lib-1.1.14.orig/src/demuxers/demux_mng.c +++ xine-lib-1.1.14/src/demuxers/demux_mng.c @@ -116,7 +116,9 @@ this->bih.biHeight = height; this->left_edge = (this->bih.biWidth - width) / 2; - this->image = malloc(this->bih.biWidth * height * 3); + this->image = malloc((mng_size_t)this->bih.biWidth * (mng_size_t)height * 3); Just changing types from signed to unsigned types is not preventing you from getting an integer overflow. Kind regards Nico -- Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
Attachment:
pgpSWOd8Puha8.pgp
Description: PGP signature