- Fix heap overflow in DMO loader. (CVE-2007-1246)
From xine SVN
Index: Makefile
===================================================================
RCS file: /cvs/ports/multimedia/xine-lib/Makefile,v
retrieving revision 1.10
diff -u -p -r1.10 Makefile
--- Makefile 2 Jan 2007 19:42:59 -0000 1.10
+++ Makefile 13 Apr 2007 16:21:37 -0000
@@ -4,7 +4,7 @@ COMMENT= "multimedia decoding library"
V= 1.1.2
DISTNAME= xine-lib-${V}
-PKGNAME= ${DISTNAME}p4
+PKGNAME= ${DISTNAME}p5
EXTRACT_SUFX= .tar.bz2
CATEGORIES= multimedia
SHARED_LIBS= xine 14.1
Index: patches/patch-src_libw32dll_dmo_DMO_VideoDecoder_c
===================================================================
RCS file: patches/patch-src_libw32dll_dmo_DMO_VideoDecoder_c
diff -N patches/patch-src_libw32dll_dmo_DMO_VideoDecoder_c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-src_libw32dll_dmo_DMO_VideoDecoder_c 13 Apr 2007 16:21:33
-0000
@@ -0,0 +1,11 @@
+$OpenBSD$
+--- src/libw32dll/dmo/DMO_VideoDecoder.c.orig Fri Apr 13 12:18:41 2007
++++ src/libw32dll/dmo/DMO_VideoDecoder.c Fri Apr 13 12:21:08 2007
+@@ -118,6 +118,7 @@ DMO_VideoDecoder * DMO_VideoDecoder_Open(char* dllname
+
+ this->iv.m_bh = (BITMAPINFOHEADER*)malloc(bihs);
+ memcpy(this->iv.m_bh, format, bihs);
++ this->iv.m_bh->biSize = bihs;
+
+ this->iv.m_State = STOP;
+ //this->iv.m_pFrame = 0;
